Application Security implementation Expert

ProCredit Bank Bulgaria is part of the international ProCredit group, which is headquartered in Frankfurt, Germany. We are a flexible and innovative bank. We are pioneers in the modern and pragmatic banking solutions, personally tested by us, that have positive impact for our customers. We are constantly optimizing our processes, improving the customer experience every day. We stand out with convenient and fast digital banking, clear and transparent conditions, high quality of service. For us, the topic of environmental protection, social responsibility and people’s education is not a trend, but a permanent attitude. We believe that people are the engine of change and the instigator of innovation.

ProCredit Bank is looking to hire an employee for the position of an Application Security implementation Expert.

Responsibilities:

• Microsoft Products Security Coding Knowledge to configure policies for the Applicable APIs
• Implement, improve, maintain and operate DAST
• Conduct security assessments of internal and third-party applications, including code reviews, penetration testing, and threat modeling
• Integrate security practices into the DevOps / CI-CD pipeline (DevSecOps)
• Collaborate with developers to ensure secure coding practices and assist in remediating identified vulnerabilities
• Monitor applications for new and emerging threats, and respond to security incidents
• Support compliance with internal policies, GDPR, ISO 27001, and regulatory frameworks (e.g., EBA, PSD2, NIS2)
• Participate in the design and implementation of security standards and controls related to application development and integration
• Deliver training and awareness sessions to developers and other stakeholders on secure development practices
• Support vendor assessments and evaluate third-party software for security risks

Requirements:

• Bachelor’s or Master’s degree in Information Security, Computer Science, or related field.
• 4+ years of experience in application or software security, preferably in a financial institution or regulated environment
• Strong knowledge of secure software development practices (OWASP Top 10, CWE/SANS Top 25)
• Experience with application security tools: SAST, DAST (e.g., Burp Suite, OWASP ZAP), and SCA tools
• Deep knowledge of programming languages (e.g., Java, C#, Python, JavaScript) and web/mobile app architectures
• Knowledge of container security and cloud security practices (Azure, AWS, or GCP).
• Understanding of SDLC, Agile, DevOps, and CI/CD environments
• Analytical mindset with strong problem-solving skills
• Excellent communication and collaboration skills

Certifications (a plus):

• CSSLP, OSCP, Microsoft Cybersecurity Architect Expert or other relevant security certifications

Our offer:

• Working in a dynamic international environment
• Professional growth in a motivated team
• Flexible working time (from 7:30-09:00 a.m. to 16:30-18.00 p.m.)
• Training opportunities
• Home office option
• Social benefits: 25 days annual paid leave, additional health insurance, Multisport card, transportation cost amount, additional amount for summer vacation and heating season, preferential conditions for products and services in the bank and preferential fees for education at Denis Diderot School – the private school of the bank

Only short-listed candidates (selected on submitted CV) will be invited to the upcoming stages of the selection process.

Your application will be treated with strict confidentiality and in compliance with the legal requirements for personal data protection.