Sr. Security Engineer

We are proud to announce that, our bank received a gold award 🥇 for EVP (Employee Value Proposition), and a silver award 🥈for the Best Advance in Interviewing Strategy from the Brandon Hall Awards.

Also, our bank received two silver awards 🥈 for Recruiting or Talent Acquisition Team of the Year, and Achievement in Diversity and Inclusion categories from the Stevie Awards. 🏆

What are you waiting for to get involved in our international award-winning process? 🎉

We’re looking for “Sr. Security Engineer” who will be working in Application Security & IT Security Risk Management team.

Responsibilities

• Lead the design, deployment, implementation and ongoing management of DevSecOps processes and security controls across the SDLC and CI/CD pipelines.
• Define, integrate, tune and operate SAST, DAST, SCA, API/Web/AI Security and related application security tools; build and improve use cases, dashboards, reporting and operational workflows.
• Ability to closely follow the latest developments in AI, API and container security, and to design and implement architectures in line with these advancements.
• Identify, assess, analyze, prioritize and track application and system security vulnerabilities and risks; drive remediation with development, DevOps, infrastructure and relevant stakeholders.
• Provide guidance to engineering teams on secure coding, secure architecture, OWASP Top 10, web, API & AI security, container/Kubernetes/cloud security and security-by-design practices.
• Evaluate new security products and capabilities through PoCs and demos, and recommend solutions aligned with business, technology and security needs.
• Support application security assessments, penetration testing activities and security automation initiatives when required.
• Collaborate with cross-functional teams to ensure application and system security, availability, integrity and continuous improvement of the overall security posture.
• Monitor alerts, perform reporting, support incident response processes, and create or maintain playbooks and operational procedures for relevant security systems.

Minimum Technical Skills and Qualifications

• Bachelor’s degree in Computer Science, Engineering or a related field.
• 5+ years of experience in Security Engineering, DevSecOps, Application Security or a related role; experience in regulated sectors is preferred.
• Strong understanding of SDLC, CI/CD, DevOps, secure coding best practices and secure architecture principles.
• Hands-on experience defining use cases and end-to-end implementing, integrating and operating SAST, DAST, SCA, API/Web/AI Security and related AppSec tools.
• Awareness of emerging technology and threat trends including AI-assisted development, AI security risks, cloud risks, quantum-related risks and modern social engineering threats such as deepfake and smishing.

Knowledge of web application, API & AI security concepts, OWASP Top 10, and vulnerability management and remediation processes.

• Experience with scripting or programming languages such as Python, PowerShell, Java, JavaScript or similar.
• Familiarity with container, Kubernetes and cloud security concepts and practices.
• Working knowledge of Microsoft tools, JIRA, Power BI, Excel and Excel Scripts is an advantage.
• Good command of English.

Preferred Qualifications

• Relevant security certifications such as CISSP or similar.
• Hands-on penetration testing experience.
• Experience in banking or insurance sector environments.
• Experience in security automation development, reporting and dashboarding.

Soft Skills / Other Requirements

• Ability to work effectively in an Agile environment and collaborate with multiple stakeholders.
• Detail-oriented, well-organized and capable of managing multiple priorities.
• Strong analytical thinking and problem-solving skills with the ability to identify, prioritize and resolve system-related issues.
• Strong communication skills and openness to learning new technologies and security approaches.
• Effective time and stress management skills.

We Offer?

Working in Fibabanka is not just about the opportunity to have a career in a fast-growing, “digital banking” and “happy place to work” certified company, but also a chance for each employee to develop themselves via various “learning & development” platforms, to have a sense of belonging due to its productive environment, supportive team members and equal treatment in the working environment. For more, please take a glance at the following listed ones:

😊 Remote work support payment

🩹Comprehensive private health insurance

🧁Digital Meal Voucher

😊 Individual Pension System (BES) Contribution by Fibabanka

🎉 Special Leave Rights for personal needs

💫 Fiba Holding Group Company discounts

☕️ Celebrations, parties and happy hours!

😎 Enjoyable club activities for various hobbies

🎁 Many other benefits!

As Fibabanka Anonim Şirketi ("Company" or "Fibabanka"), which has the title of data controller, we show the utmost sensitivity for the processing and protection of the personal data of our employee candidates in accordance with the Personal Data Protection Law No. 6698 ("KVKK") and its secondary regulations (together "KVK legislation"). With this Privacy Notice, we would like to inform you about the personal data processing activities carried out by our Company for you, our employee candidates.