Head of Application Security Team

DSK Bank is part of OTP Group – one of the leading banking groups in Central and Eastern Europe.

Our amazing company is following an ambitious journey, which requires bright and motivated people to build its successful future. This position is a fantastic opportunity for a professional to create value and develop within one of the largest banks in Bulgaria.

The specific position, which we are looking for is: Head of Application Security Team

General duties:

• Team Leadership & Strategy
• Lead, mentor, and develop a team of three AppSec specialists, including white hat hackers and DevSecOps engineers.
• Set goals, manage performance, and foster a culture of continuous learning and innovation.
• Recruit, train, and retain top security talent.

Application Security Governance

• Establish and maintain the Secure Software Development Lifecycle (SSDLC).
• Define security requirements, policies, coding standards, and AppSec governance processes.
• Provide architectural guidance and conduct threat modeling for high-risk projects.

DevSecOps & CI/CD Security

• Integrate SAST, DAST, SCA, API testing, and container/IaC scanning into CI/CD pipelines.
• Work with DevOps teams to design secure build and deployment pipelines.
• Implement shift-left security and ensure automated quality gates are applied consistently.

Vulnerability Management

• Own the end-to-end vulnerability management process across applications and APIs.
• Triage, classify, and track remediation of security findings in line with regulatory SLAs.
• Produce metrics and dashboards for leadership, including KPIs and risk insights.

Penetration Testing & Ethical Hacking

• Oversee internal and external penetration testing initiatives (white-box, black-box, gray-box).
• Coordinate red-team exercises and collaborate with ethical hackers to simulate real-world attacks.
• Prioritize and manage remediation efforts with application owners.

Security Assessments & Compliance

• Conduct security reviews, code audits, and risk assessments for new and existing systems.
• Ensure compliance with DORA, NIS2, ISO 27001, PCI DSS, GDPR, and banking security standards.
• Support audit activities, provide documentation, and implement corrective actions.

Training, Awareness & Innovation

• Deliver secure coding training to developers and stakeholders.
• Stay current with emerging threats, technologies, and industry practices.
• Partner with external vendors and regulators to strengthen the bank’s security posture.

Requirements:

Technical Skills

• Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Secure Software Lifecycle Professional (CSSLP), Offensive Security Certified Professional (OSCP), or Certified Cloud Security Professional (CCSP) are highly desirable.
• Fluency in English and Bulgarian, with excellent written and verbal communication skills to facilitate cross-functional collaboration and reporting.
• Expertise in SAST, DAST, SCA, API testing, fuzzing, mobile application security testing.
• In-depth knowledge of OWASP Top 10, ASVS, API Security Top 10 and secure coding guidelines.
• Experience with CI/CD pipelines (GitLab, Jenkins, Azure DevOps, GitHub Actions).
• Understanding of container platforms (Docker, Kubernetes) and cloud-native security.
• Strong understanding of application threat modeling and secure architecture principles.
• Experience with vulnerability scanners, penetration testing tools (e.g., Burp Suite, Metasploit, Nessus), and code analysis platforms.
• Proficiency in programming languages such as Java, Python, or .NET for code reviews and security scripting.

Regulatory & Governance Skills

• Strong knowledge of DORA (ICT risk, testing, change management), ISO 27001, NIS2, GDPR, and PCI DSS.
• Ability to translate regulatory requirements into technical secure development controls.
• Experience preparing for and responding to audits and inspections.
• Skilled in risk assessment methodologies and developing compliance roadmaps.

Leadership & Organizational Skills

• Strong ability to lead technical specialists and drive cross-department collaboration.
• Excellent prioritization, delegation, and project coordination skills.
• Experience building AppSec roadmaps and maturity improvement plans.
• Strong analytical and problem-solving abilities, with a focus on risk-based decision-making.
• Exceptional communication skills for presenting complex security concepts to non-technical stakeholders, including executive reports and training sessions.

DSK Bank offers:

• Excellent opportunities for professional and career development in one of Bulgaria’s leading banks
• Food vouchers in the amount of up to 102.26 EUR per month
• 20+5 paid holiday leave
• Additional Health Insurance
• Annual bonus scheme depending on the achieved results
• Favorable conditions for housing and mortgage lending, as well as for bank products and services
• Preferential conditions for Multisport / CoolFit card
• Discounts in various companies
• Professional trainings for specific knowledge and skills
• Refer a Friend Bonus

If this position sounds like the right fit for you, we’d love to receive your application. All applications will be treated with strict confidentiality. Only shortlisted candidates will be contacted.