Кариери

Всеки търси служители, ние търсим хора

CEO Office - Head Office Sofia

Sofia, valid to 31.01.2026

Lead, mentor, and develop a team of three AppSec specialists, including white hat hackers and DevSecOps engineers.
Set goals, manage performance, and foster a culture of continuous learning and innovation.
Recruit, train, and retain top security talent.

Establish and maintain the Secure Software Development Lifecycle (SSDLC).
Define security requirements, policies, coding standards, and AppSec governance processes.
Provide architectural guidance and conduct threat modeling for high-risk projects.

Integrate SAST, DAST, SCA, API testing, and container/IaC scanning into CI/CD pipelines.
Work with DevOps teams to design secure build and deployment pipelines.
Implement shift-left security and ensure automated quality gates are applied consistently.

Own the end-to-end vulnerability management process across applications and APIs.
Triage, classify, and track remediation of security findings in line with regulatory SLAs.
Produce metrics and dashboards for leadership, including KPIs and risk insights.

Oversee internal and external penetration testing initiatives (white-box, black-box, gray-box).
Coordinate red-team exercises and collaborate with ethical hackers to simulate real-world attacks.
Prioritize and manage remediation efforts with application owners.

Conduct security reviews, code audits, and risk assessments for new and existing systems.
Ensure compliance with DORA, NIS2, ISO 27001, PCI DSS, GDPR, and banking security standards.
Support audit activities, provide documentation, and implement corrective actions.

Deliver secure coding training to developers and stakeholders.
Stay current with emerging threats, technologies, and industry practices.
Partner with external vendors and regulators to strengthen the bank’s security posture.

Bachelor’s or Master’s in Information Security, Computer Science, or related field.
Certifications such as CISSP, CISM, GIAC (e.g., GCIH), CCSP, or cloud certifications are strong advantages.

5+ years in infrastructure or endpoint security, system administration, or related technical roles.
2+ years of team leadership or technical lead experience.
Experience in regulated environments—ideally financial services.

Strong knowledge of Windows/Linux security, network device hardening, virtualization platforms, and cloud security (Azure/AWS).
Experience with EDR/XDR, anti-malware, DLP, encryption, MDM, NAC, IDS/IPS, firewalls, and vulnerability scanning tools.
Familiarity with CIS Benchmarks, NIST standards, secure baseline development, and automation (PowerShell/Python).
Experience with SIEM tools (Splunk, ELK, Microsoft Sentinel).

Understanding of DORA, NIS2, ISO 27001, GDPR, PCI DSS, CER, and related frameworks.
Experience supporting regulatory audits and translating controls into technical requirements.

Strong leadership and people management abilities.
Excellent communication in Bulgarian and solid English (spoken and written).
Strong analytical, organizational, and problem-solving skills, especially during incidents.
Ability to work collaboratively across teams and clearly explain complex technical issues.

Excellent opportunities for professional and career development in one of Bulgaria’s leading banks
Food vouchers in the amount of up to 200 BGN per month
20+5 paid holiday leave
Additional Health Insurance
Annual bonus scheme depending on the achieved results
Favorable conditions for housing and mortgage lending, as well as for bank products and services
Preferential conditions for Multisport / CoolFit card
Discounts in various companies
Professional trainings for specific knowledge and skills
Refer a Friend Bonus