Secure Development Engineer
- REQ\-10114744
- 08/06/2026
- Information Security Management
- Amsterdam, Netherlands
- €5\.485,70 \- €8\.828,03
- ING Bank
Department: CISO/ASM (Attack Surface Management)/Center of Expertise – Offensive Security/Secure Development \& Engineering Expert Team
Position: TBD
Grades: to be graded
Background
ING Global CISO mission is to keep the bank secure and to safeguard customer trust by predicting, preventing, identifying and responding to threats and make sure a quick recovery from cyber\-related incidents. We enable our ING colleagues by providing usable and secure services and ensure that security is part of our DNA.
NG, like its competitors, is operating in an increasingly complex environment. Digitisation is a top priority as customer preferences are changing towards mobile and digital. ING is moving from traditional ways of delivering to a platform bank. The rise of disruptive technologies such as AI, combined with an expanding threat landscape, introduces new and more sophisticated cyber risks. In parallel, regulations like the Digital Operational Resilience Act (DORA) are raising the bar for operational resilience and security across the financial sector.
Generic summary of role
The ING Global CISO’s Attack Surface Management (ASM) tribe will focus on reducing both the external and well as the internal attack surface of the entire ING organisation, by (automated) hardening of our assets against cyber threats with preventive controls and proactively identifying and remediating vulnerabilities. One of area belonging to the ASM tribe is the Center of Expertise (CoE) Offensive Security including Penetration Testing and Security Development \& Engineering Expert Team. Security Development \& Engineering Expert Team is globally responsible for the following activities:
- Providing specific analysis of security issues, confirming hypotheses, testing and certifying new technologies.
- Continuous monitoring of development environment, quality of tools, configurations etc. basing on results of security processes embedded into Security Development Lifecycle (SAST, DAST, IAST, SCA, VS, penetration testing and red teaming) and dedicated analysis on the most common vulnerabilities identified in code
- Providing training and awareness on secure coding practices for developers and security champions
- Providing consulting and expert knowledge on specific software issues and vulnerabilities, low quality of code, use of libraries and frameworks, specific security settings of application servers.
Secure Development Engineer reports directly to the Expert Lead Secure Development \& Engineering
Roles and responsibilities
The secure development engineer is responsible for:
- Providing analysis and monitoring of development environment, quality of tools supporting secure development and design, secure configurations etc. basing on results of security processes embedded into Security Development Lifecycle (Secure Design Reviews, SAST, SCA, Secrets, DAST, VS, penetration testing and red teaming) and dedicated analysis on the most common vulnerabilities identified in code
- Continuously supporting Global Security Champion Guild having a focus on secure development and engineering to ensure security is embedded by default into each IT or business product at all stages of their lifecycle (Exper Team Secure Development and Engineering)
- Delivering of security assessments of IT products, infrastructure, applications or 3rd party services as a mechanism to assess the effectiveness of cybercrime resilience controls in place to protect people, process and technology aspects of ING IT systems
- Providing technical expertise, analytical skills, documentation and coordination support to an expert team or to CoE’s service consumers
- Guiding towards best practices, industry standards and solutions to assure proper security design of IT\-Products, expected quality of code and security capabilities delivered out by CoE Offensive Security to assure security is embedded by default
- Providing training and awareness on secure coding practices for developers and security champions
- Maturing and further improving of the Security Champions capabilities and the Global Security Champions Guid
- Providing consulting and expert knowledge on specific software issues and vulnerabilities, low quality of code, use of libraries and frameworks, specific security settings of application servers.
- Providing accurate technical solutions for identified security issues and design flaws.
We hire smart people like you for your potential. Our biggest expectation is that you’ll stay curious. Keep learning. Take on responsibility. In return, we’ll back you to develop into an even more awesome version of yourself.
- Bachelor or Masters in information technology, cybersecurity or a related field
- Prior or current experience working as a Penetration Tester, Red Team or Cybersecurity consultant, Security Champion or developer with a focus on secure coding and system design (minimum 5 years)
- Hands on experience with testing devices, infrastructure or cloud, networks and applications (including testing web applications and APIs, mobile applications is a plus) and/or knowledge of secure coding aspects in at least one leading programming language (e.g. Java, C\#, NodeJS, C/C\+\+/Objective\-C, Python, GoLANG, SQL etc.)
- Experience with secure design reviews and threat modelling methodologies (e.g. STRIDE)
- Familiarity with AI\-driven systems, including Large Language Models (LLMs) and agentic applications, and understanding of their associated security risks and mitigation strategies
- Certificates like Offensive Certifications like OSCP, OSWP, OSWA, OSWE, Burp Suite Certified Practitioner, eWPT, SANS Offensive Operations Certificates like GIAC Certified Penetration Tester (GPEN) / Certified Expert Penetration Tester (CEPT) is a plus
- Strong knowledge of current security technologies and emerging trends in the area of cybersecurity
- Passionate about the field of Cybercrime resilience, secure coding practices, secure design and advanced security testing techniques
- Seamless ability to communicate technical issues in a technical and business language
- Ability to support yourself and other team members in development
- Ability to act autonomously, think out of the box and deliver actionable items
- Ability to establish lasting relations within the organization with engineering organization of ING
We want to make sure that it’s possible for you to strike the right balance between your career and your private life. Find out more about our employment conditions. (opens in new window)
The benefits of working with us at ING include:
- 25\-28 vacation days depending on contract
- Pension scheme
- 13th month salary
- 8% Holiday payment
- Hybrid working
- Personal growth and challenging work with endless possibilities
- An informal working environment with innovative colleagues
Curious about how ING empowers people and businesses to move forward?
Discover what we do and what we can offer you (opens in new window).
Questions?
Please visit our Frequently Asked Questions (opens in new window) section to find some answers on questions you might have.
Contact the recruiter attached to the advertisement. Want to apply directly? Please upload your CV and motivation letter .
Questions? Just ask
Elias Noya
ING’s vision is to unlock our people’s full potential through our inclusive culture where everyone has the opportunity to develop and have impact for our customers and society. To achieve this vision, our policies support diversity, equity, and inclusion. As an equal opportunity employer, we do not tolerate discrimination of any kind with regard to age, gender, gender identity, cultural background, experience, religion, race, ethnicity, disability, family responsibilities, sexual orientation, social origin, or any other status protected by applicable law. If you require any assistance or if we can accommodate you in any way when participating in our application and/or interview process, please email the recruiting contact listed for the relevant position. We will be happy to work with you to ensure a fair and accessible process. Read more about our commitment to diversity, inclusion and belonging here.
Deze vacature komt van indeed. Originele vacature bekijken ↗