Кариери

General duties

• Participate in ensuring application security throughout the full lifecycle of applications — from requirements and design to deployment and maintenance;
• Perform security reviews and assessments of internally developed and implemented applications;
• Analyse source code and identify weaknesses, vulnerabilities, and security-related risks;
• Participate in defining and implementing secure software development requirements;
• Support development teams in adopting secure coding practices;
• Perform or coordinate static and dynamic code analysis, security testing, and application security assessments;
• Participate in penetration testing of applications before release into the production environment;
• Identify, document, classify, and track vulnerabilities through to remediation;
• Prepare remediation recommendations and advise development teams on secure implementation approaches;
• Work closely with Development, Architecture, Infrastructure, DevOps, and Information Security teams to improve the overall security posture of applications;
• Participate in the assessment of architectural solutions, integrations, API communications, authentication mechanisms, and access management controls;
• Support the implementation and continuous improvement of application security processes, standards, and tools;
• Prepare expert opinions, analyses, reports, and documentation related to application security. 

Requirements

• University degree in Information Technology, Cybersecurity, Computer Science, Software Engineering, or another relevant field;
• Minimum 3 years of professional experience in application security, secure software development, code review, penetration testing, or a similar role;
• Hands-on experience in application security analysis and code security assessment;
• Good understanding of application vulnerabilities, code security, and risks related to software development;
• Experience working with development teams and/or participating in secure software development processes;
• Ability to analyse and assess risks related to architecture, code, dependencies, and integrations;
• Very good analytical, communication, and organisational skills;
• Ability to work in a dynamic environment with multiple parallel tasks and tight deadlines;
• Very good command of English, both written and spoken.

Required Technical Knowledge:

The candidate should have practical technical knowledge enabling them to assess the security of applications, code, and the related infrastructure environment, including:

• Good understanding of programming and code logic;
• Knowledge of different programming languages and technologies used in application development;
• Practical knowledge of code review and code testing;
• Knowledge of web applications, APIs, authentication, session management, cryptography, access management, and data protection;
• Knowledge of application penetration testing;
• Good understanding of common application vulnerabilities and methods for identifying and mitigating them;
• Basic to good knowledge of operating systems, servers, databases, networks, and infrastructure dependencies;
• Knowledge of security systems and tools used for testing, analysing, and protecting applications.

Practical Experience That Will Be Highly Valued:

• Code review and secure code assessment;
• Static Application Security Testing (SAST);
• Dynamic Application Security Testing (DAST);
• Software Composition Analysis (SCA);
• Penetration testing of web, mobile, or backend applications;
• Threat modeling and architectural security review;
• DevSecOps practices and integration of security checks into the development lifecycle;
• Experience with development environments, CI/CD processes, and automation tools;
• Security assessment of APIs and system integrations.

Knowledge of Standards and Best Practices:

For this role, strong knowledge of the following will be considered an advantage:

• OWASP Top 10;
• OWASP ASVS;
• OWASP SAMM;
• principles of Secure SDLC;
• secure coding best practices;
• applicable requirements and standards related to software security and data protection;
• best practices and frameworks in the area of application security and secure development.

The Following Will Be Considered an Advantage:

• Experience in a bank or another highly regulated environment;
• Experience with security testing tools and platforms;
• Experience working on internally developed enterprise applications;
• Experience with web, mobile, cloud, and API-based applications;
• Experience in coordinating and/or performing penetration tests;
• Knowledge of DevSecOps and integrating security controls into the development lifecycle;
• Professional certifications in application security, penetration testing, or secure development;
• Practical experience with different programming languages, frameworks, and architectural models.

Personal Profile:

• Strong analytical thinking and technical curiosity;
• High level of responsibility, precision, and attention to detail;
• Ability to identify risks and propose practical, actionable solutions;
• Ability to communicate effectively with developers, architects, DevOps, and security teams;
• Proactive mindset and results orientation;
• Ability to work confidently in an environment with high expectations and rapidly changing priorities. 

DSK Bank offers

• Excellent opportunities for professional and career development in one of Bulgaria’s leading banks
• Food vouchers in the amount of up to 102.26 EUR per month
• 20+5 paid holiday leave
• Additional Health Insurance
• Annual bonus scheme depending on the achieved results
• Favorable conditions for housing and mortgage lending, as well as for bank products and services
• Preferential conditions for Multisport / CoolFit card
• Discounts in various companies
• Professional trainings for specific knowledge and skills
• Refer a Friend Bonus

• A key expert role with real impact on application security across the organisation;
• Work on meaningful technology and cybersecurity topics with high added value;
• Opportunity for professional growth in the areas of application security, secure development, and penetration testing;
• Work in an environment with high standards, complex systems, and real challenges.

If this position sounds like the right fit for you, we’d love to receive your application. All applications will be treated with strict confidentiality. Only shortlisted candidates will be contacted.

Documents for application

CV