We have an opportunity for a Security Engineer (Vulnerability Management) who will join the global IT Security Operations team of a top tier fintech (international payments and foreign exchange).

The company has embarked on an ambitious and fundamental renewal of its global architecture and security. This will involve changes to evolve existing security services as well as the build of new security services to fit the new cloud native approach.

The company is setting up a brand new technical shared services center in Bucharest to run IT security, infrastructure, application support and platform management for the group's technical ecosystem, adding to the already existing hubs in the US and UK. 

You'll join the starting team in Romania that is tasked to define and run operational flows, knowledge transfer, documentation and technical activities.

Primary responsibilities for this role will be to review major software applications in the company's portfolio, identify potential vulnerabilities and work with the development teams to mitigate risks and improve the security posture.

While Vulnerability Management will be a key focus of the role in the first 4-6 months, it will grow to integrate more strategic and complex security matters, based on the individual interest and the company'sdirection.

Your main responsibilities will revolve around the following:

• Design and embed secure coding principles into the development lifecycle, including Software Threat modelling and Attack Surface Analysis, as well as Secure coding      standards and testing;

• Deploy and costumize a new code scanning tool (Snyk);

• Perform regular vulnerability scanning across the entire portfolio of global applications (mostly built on Microsoft technologies - mix of new and older code);

• Work with development teams to integrate vulnerability and other security work in their work routines, making sure security is embedded by design in any development approach;

• Work closely with IT teams to promote and advocate the importance of effective security processes and policies into IT activities;

• Contribute to the continuous improvement activities of the Security Operations and InfoSec teams by identifying areas for security improvement;

• Assist in the implementation of remedial actions and new systems as appropriate;

• Meet the company's security auditors to discuss processes, routines and deliverables, owning audit findings and working with the rest of the organization for their resolution;

• Contribute knowledge and experience into ongoing programs of work within the IT teams.

This role is for you if you are:

• An autonomous security engineer, with a focus on Vulnerability management tools and practices;

• Experienced working with complex IT environments, across multiple project structures with geographically distributed teams;

• Familiar with one or more of the common SDLC frameworks - NIST, OWASP, OpenSSF, etc.

Why you should consider this role?

• The work is hybrid, with 1-2 days per week from the office (located 5 min to Piata Victoriei metro station).

• Attractive salary package (extra benefits, 13th salary, etc).