General duties:
Team Leadership & Strategy
Lead, mentor, and develop a team of three AppSec specialists, including white hat hackers and DevSecOps engineers.
Set goals, manage performance, and foster a culture of continuous learning and innovation.
Recruit, train, and retain top security talent.
Application Security Governance
Establish and maintain the Secure Software Development Lifecycle (SSDLC).
Define security requirements, policies, coding standards, and AppSec governance processes.
Provide architectural guidance and conduct threat modeling for high-risk projects.
DevSecOps & CI/CD Security
Integrate SAST, DAST, SCA, API testing, and container/IaC scanning into CI/CD pipelines.
Work with DevOps teams to design secure build and deployment pipelines.
Implement shift-left security and ensure automated quality gates are applied consistently.
Vulnerability Management
Own the end-to-end vulnerability management process across applications and APIs.
Triage, classify, and track remediation of security findings in line with regulatory SLAs.
Produce metrics and dashboards for leadership, including KPIs and risk insights.
Penetration Testing & Ethical Hacking
Oversee internal and external penetration testing initiatives (white-box, black-box, gray-box).
Coordinate red-team exercises and collaborate with ethical hackers to simulate real-world attacks.
Prioritize and manage remediation efforts with application owners.
Security Assessments & Compliance
Conduct security reviews, code audits, and risk assessments for new and existing systems.
Ensure compliance with DORA, NIS2, ISO 27001, PCI DSS, GDPR, and banking security standards.
Support audit activities, provide documentation, and implement corrective actions.
Training, Awareness & Innovation
Deliver secure coding training to developers and stakeholders.
Stay current with emerging threats, technologies, and industry practices.
Partner with external vendors and regulators to strengthen the bank’s security posture.
Requirements:
Education & Certifications
Bachelor’s or Master’s in Information Security, Computer Science, or related field.
Certifications such as CISSP, CISM, GIAC (e.g., GCIH), CCSP, or cloud certifications are strong advantages.
Professional Experience
5+ years in infrastructure or endpoint security, system administration, or related technical roles.
2+ years of team leadership or technical lead experience.
Experience in regulated environments—ideally financial services.
Technical Expertise
Strong knowledge of Windows/Linux security, network device hardening, virtualization platforms, and cloud security (Azure/AWS).
Experience with EDR/XDR, anti-malware, DLP, encryption, MDM, NAC, IDS/IPS, firewalls, and vulnerability scanning tools.
Familiarity with CIS Benchmarks, NIST standards, secure baseline development, and automation (PowerShell/Python).
Experience with SIEM tools (Splunk, ELK, Microsoft Sentinel).
Regulatory Knowledge
Understanding of DORA, NIS2, ISO 27001, GDPR, PCI DSS, CER, and related frameworks.
Experience supporting regulatory audits and translating controls into technical requirements.
Soft Skills
Strong leadership and people management abilities.
Excellent communication in Bulgarian and solid English (spoken and written).
Strong analytical, organizational, and problem-solving skills, especially during incidents.
Ability to work collaboratively across teams and clearly explain complex technical issues.
DSK Bank offers:
Excellent opportunities for professional and career development in one of Bulgaria’s leading banks
Food vouchers in the amount of up to 200 BGN per month
20+5 paid holiday leave
Additional Health Insurance
Annual bonus scheme depending on the achieved results
Favorable conditions for housing and mortgage lending, as well as for bank products and services
Preferential conditions for Multisport / CoolFit card
Discounts in various companies
Professional trainings for specific knowledge and skills
Refer a Friend Bonus
Documents for application:
CV
Team Leadership & Strategy
Lead, mentor, and develop a team of three AppSec specialists, including white hat hackers and DevSecOps engineers.
Set goals, manage performance, and foster a culture of continuous learning and innovation.
Recruit, train, and retain top security talent.
Application Security Governance
Establish and maintain the Secure Software Development Lifecycle (SSDLC).
Define security requirements, policies, coding standards, and AppSec governance processes.
Provide architectural guidance and conduct threat modeling for high-risk projects.
DevSecOps & CI/CD Security
Integrate SAST, DAST, SCA, API testing, and container/IaC scanning into CI/CD pipelines.
Work with DevOps teams to design secure build and deployment pipelines.
Implement shift-left security and ensure automated quality gates are applied consistently.
Vulnerability Management
Own the end-to-end vulnerability management process across applications and APIs.
Triage, classify, and track remediation of security findings in line with regulatory SLAs.
Produce metrics and dashboards for leadership, including KPIs and risk insights.
Penetration Testing & Ethical Hacking
Oversee internal and external penetration testing initiatives (white-box, black-box, gray-box).
Coordinate red-team exercises and collaborate with ethical hackers to simulate real-world attacks.
Prioritize and manage remediation efforts with application owners.
Security Assessments & Compliance
Conduct security reviews, code audits, and risk assessments for new and existing systems.
Ensure compliance with DORA, NIS2, ISO 27001, PCI DSS, GDPR, and banking security standards.
Support audit activities, provide documentation, and implement corrective actions.
Training, Awareness & Innovation
Deliver secure coding training to developers and stakeholders.
Stay current with emerging threats, technologies, and industry practices.
Partner with external vendors and regulators to strengthen the bank’s security posture.
Requirements:
Education & Certifications
Bachelor’s or Master’s in Information Security, Computer Science, or related field.
Certifications such as CISSP, CISM, GIAC (e.g., GCIH), CCSP, or cloud certifications are strong advantages.
Professional Experience
5+ years in infrastructure or endpoint security, system administration, or related technical roles.
2+ years of team leadership or technical lead experience.
Experience in regulated environments—ideally financial services.
Technical Expertise
Strong knowledge of Windows/Linux security, network device hardening, virtualization platforms, and cloud security (Azure/AWS).
Experience with EDR/XDR, anti-malware, DLP, encryption, MDM, NAC, IDS/IPS, firewalls, and vulnerability scanning tools.
Familiarity with CIS Benchmarks, NIST standards, secure baseline development, and automation (PowerShell/Python).
Experience with SIEM tools (Splunk, ELK, Microsoft Sentinel).
Regulatory Knowledge
Understanding of DORA, NIS2, ISO 27001, GDPR, PCI DSS, CER, and related frameworks.
Experience supporting regulatory audits and translating controls into technical requirements.
Soft Skills
Strong leadership and people management abilities.
Excellent communication in Bulgarian and solid English (spoken and written).
Strong analytical, organizational, and problem-solving skills, especially during incidents.
Ability to work collaboratively across teams and clearly explain complex technical issues.
DSK Bank offers:
Excellent opportunities for professional and career development in one of Bulgaria’s leading banks
Food vouchers in the amount of up to 200 BGN per month
20+5 paid holiday leave
Additional Health Insurance
Annual bonus scheme depending on the achieved results
Favorable conditions for housing and mortgage lending, as well as for bank products and services
Preferential conditions for Multisport / CoolFit card
Discounts in various companies
Professional trainings for specific knowledge and skills
Refer a Friend Bonus
Documents for application:
CV
ПодобниОбяви
