What do we do?

As a pioneer for digital transformation GFT develops sustainable solutions across new technologies – from cloud engineering and artificial intelligence to blockchain/DLT. With its deep technological expertise, strong partnerships, and comprehensive market know-how GFT offers advice to the financial and insurance sectors, as well as in the manufacturing industry. Through the intelligent use of IT solutions GFT increases productivity and creates added value for clients. Companies gain easy and safe access to scalable IT-applications and innovative business models.

Who are we?

Having started in Germany in 1987, GFT Technologies has grown to become a trusted Software Engineering and Consulting specialist for the international financial industry, counting many of the world’s largest and best-known Banks as our clients. We are an organization that empowers you to not only explore but raise your potential and seek out opportunities that add value. At GFT, diversity, equality, and inclusion are at the core of who we are. Ensuring a diverse and inclusive working environment for all communities is one of the main pillars of our diversity strategy, based on our core values and culture. We have been certified for 2022/23 as a ‘Great place to work’ in the APAC region. So, if you want to have the opportunity to work with an outstanding and progressive organization this position could be right for you.

Role Responsibilities

• Manage and execute security assessments for agile projects & ensure project timelines are met.
• Identify opportunities to automate and standardize information security controls and for the supported groups
• Analyze source code to mitigate identified weaknesses and vulnerabilities within the system
• Scan and analyze applications with automated tools, and perform manual testing if necessary
• Collaborate with application teams to ensure that any identified security vulnerabilities are remediated in a timely manner.
• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behaviour, conduct and business practices, and escalating, managing and reporting control issues with transparency.
• Utilize Static & Dynamic Application Security Testing (SAST/DAST), Interactive Application Security Testing (IAST), and Component Vulnerability Management (CVM) tools such as Fortify, Snyk, BurpSuite, ZAP etc to uncover additional vulnerabilities 

Required Education & Experience 

Qualifications:

• At least 5-7 years of relevant experience in DevSecOps (worked with tools in the area of Static Analysis, Dynamic Analysis, Container Analysis, Third Party Library analysis/Software Composition Analysis…)
• Has experience in Pentesting in the area of infra/web/mobile/API
• Consistently demonstrates clear and concise written and verbal communication.
• Must have a strong understanding of Linux, Kubernetes, working knowledge of CI/CD process, Jira & Programming language Python for automation
• Has exposure in Vulnerability Management

Education:

• Bachelor’s degree/University degree or equivalent experience
• Master’s degree preferred

What can we offer you?

• Competitive salary
• 13th-month salary guarantee
• Performance bonus
• Professional English course for employees
• Premium health insurance
• Extensive annual leave