Security Specialist

About us:

The Digital & Data department of Íslandsbanki is a collaborative group of software development professionals who work together following best practices and processes to deliver high-quality software solutions and capabilities.

• We believe in agile methodologies and cross-team synergy in product ideation and delivery
• We reach our development goals by encouraging team autonomy, employing a modern technology stack and automated processes, deployment pipelines, testing, and quality gates

As a Security Specialist, you will take ownership of security assessments, risk management, and process implementation in compliance with key regulations, including DORA, PSD2, and ISO27001. You will work closely with cross-functional teams to embed security practices in the development lifecycle, ensure an effective response to security incidents, and drive continuous improvement across the bank's cybersecurity strategy.

Responsibilities:

• Security Testing: Perform static (SAST), dynamic (DAST), interactive (IAST), and mobile application security testing (Android and iOS). Work with teams to implement fixes and improve security posture.
• Secure Code Review: Review code for security flaws and ensure alignment with coding standards and best practices. Integrate security into the software development lifecycle.
• Security Training: Lead security training initiatives for developers, QA teams, and other stakeholders to foster a culture of security awareness.
• Vulnerability Identification and Remediation: Regularly assess IT systems for security vulnerabilities. Collaborate with development teams to remediate identified risks through secure coding practices, dynamic testing, and other mitigation techniques.
• Compliance Management: Ensure that security processes align with regulatory frameworks (DORA, PSD2, ISO27001) and conduct regular audits and assessments to maintain compliance.
• Threat Modelling: Analyse applications and systems to identify potential threats and attack vectors. Develop and maintain threat models to prioritize security efforts.
• Incident Response: Participate in incident response activities by investigating, containing, and mitigating security breaches, working closely with response teams.
• Cross-Team Collaboration: Support cross-organizational efforts to develop security standards and processes. Work with stakeholders to promote secure development practices across the organization.
• Process Improvement: Continuously refine security assessment and risk management processes to improve efficiency and effectiveness.
• Stakeholder Communication: Build positive working relationships with stakeholders and leadership, providing clear insights and guidance on security matters.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent experience.
• 4+ years of experience in cybersecurity, application security, or a related field.
• Proven experience working with cross-functional or cross-team security projects.
• Familiarity with regulatory standards and frameworks such as DORA, PSD2, and ISO27001.
• Strong analytical and problem-solving skills, with the ability to think creatively and drive security improvements in a dynamic environment.
• Ability to collaborate effectively with technical and non-technical teams, with strong communication and influencing skills.
• Relevant application security certifications are highly desirable.
• Experience with cloud computing, networking, cloud application design, and development processes.
• Proficiency in program management and the ability to handle multiple projects simultaneously.
• Understanding of modern AppSec, DevSecOps and SecOps practices.
• Self-motivated and able to work independently with limited supervision.

What do we offer?

Self-development:

• Upskilling trainings
• Up to 10% of your week dedicated to self-development
• Conference and education budget – you name events
• Icelandic language courses during working hours

Physical wellbeing:

• Multisport card
• Healthcare plan
• Life insurance policy
• Restaurant pre-paid card
• On-site restaurant and fully equipped kitchen including healthy snacks and breakfasts/coffee/refreshments

Work arrangement:

• A competitive salary 23k-28k net on B2B contract
• 25 days 100% paid time off (B2B)
• Premium hardware (PC, screens, headphones)
• Company phone
• Flexible work schedule, emphasis on work-life balance
• (Almost) Remote work model. We ask you to participate in 2-3-day all team workshops/on site work in the office that happen in general every 3 months.
• Modern office in the center of Warsaw in CIC, offering yoga, game and wellness rooms, rooftop terrace, children's playroom, events and networking
• Occasional business travel to Iceland with some extra days on-site to visit the island
• Social events and team building activities

Recruitment Process:

We want to make sure our recruitment process is clear and transparent, so here's what you can expect:

1. Initial Call (30 minutes)
   This first conversation is an opportunity for us to introduce the company and the role, and for you to share more about yourself. It's a chance for us to get to know each other better in a relaxed, informal setting.
2. Technical Interview with the Hiring Manager
   If we move forward, you'll meet with the hiring manager. This stage involves a deeper dive into the technical aspects of the role, as well as the specific tasks and challenges you'll be working on. You'll also learn more about the team structure and dynamics.
3. Technical Test (if applicable)
   In some cases, we may include a short test to assess specific knowledge or skills related to the role.
4. Team Interview
   Next, you'll have the opportunity to meet some of your potential team members. This step focuses on culture fit and collaboration within the team.
5. Final Interview with the Polish Team Manager
   In the last step, you'll have a conversation with the manager of the Polish team. This is usually the final discussion before moving forward with an offer, which we hope to extend soon after

• We're excited to guide you through this process and are looking forward to potentially welcoming you to our team