Get discovered

Mambu's story
Open positions
Are you up for a challenge?

We are hiring

Job description

Mambu is the leading SaaS core banking engine. If you’re a customer of the largest digital bank in the EU, then you’ve probably interacted with our platform and didn't even know it. We are at the heart of what makes digital banks and lenders work - the system that processes banking transactions and updates accounts and other financial records from deposits to loans and credit balances. But we are different. We are not just cloud-native, lean and flexible - we are helping to revolutionise financial services globally. We are in a growth phase and we’ve only just begun.

To help us on our mission, we bring together people with the best skills and attitude. It doesn’t matter where you are from, what matters is the impact you have and your passion to make a difference.

To continue our success story we are looking for an Application Security Engineer to implement, enhance and manage security technologies, practices and training that support the mission to protect Mambu’s services and the information managed by its services from an application perspective You'll enable engineers autonomy on security concerns management and fix through education. Furthermore, you will strongly collaborate with Banking Engine Tribe engineers to evangelize by example: on detection, analysis, understanding, mitigation, and permanent fix of vulnerabilities. Governance over internal policies, contractual, legal and regulatory obligations.

What you'll be working on:

  • Assure trusted Mambu deliverables through internal activities

  • - Collaborate to secure software design and implementation practices definition
    - Define threat models, perform risk analysis and mitigation workshops with stakeholders of new capabilities or - product changes that may impact security (pre-implementation)
    - Support teams that develop new capabilities in assessing their security maturity (security readiness check) through workshops
    - Implement tooling to detect security vulnerabilities (during implementation) and integrate them seamlessly in the SDLC together with the Release team & enhance and manage them continuously
    - Implement, enhance and manage remediation processes for various scanning types (OSA, SAST, IAST, production identified vulnerability issues - during & post implementation)
    - Clarify and prioritize the security scope captured in contractual agreements or regulatory obligations to rapidly be market relevant and trusted, not perfect.
    - Document application security controls and explain them in internal and external security audits
    - Review changes inside the product organization (e.g. structure, processes) with an impact to software security

  • Assure trusted Mambu deliverables through engagement with external experts

  • - Advice on external penetration test to ensure pentesters have a running system, know what to focus their test on and support them during the testUnderstand and triage reported vulnerabilities from different sources to respective teams
    - Advice on vulnerability rating for reported vulnerabilities from different sources to respective teams
    - Support teams by consulting on ways to fix vulnerabilities including their root cause

  • Engineers trained on security matters

  • - Design and deliver training for security engineering awareness & adoption
    - Design, maintain and deliver security practices to assure engineers can assess and fix vulnerabilities independently, understand attack vectors and possible vulnerabilities, can detect, mitigate, permanently correct and prevent security issues on all stages of the SLDC.
    - Design and deliver training for security tooling 
    - Evangelize security practices
    - Coordinate table-top exercises for security incidents
    - Pair analysis for vulnerability confirmation & mitigation paths
    - Pair programming for security aspects of new features, vulnerability mitigation or permanent fix
    - Enable teams’ autonomy on security assurance in alignment with product security team’s agreements & practices
    - Implement, enhance, manage metrics and dashboards demonstrating security posture and event activity

    You need to have:

  • Knowledge of information security principles (ie. Confidentiality, Integrity, Availability) and their application in SaaS solutions (ie. cloud computing, web applications, networking). 
  • Knowledge of secure coding practices. 
  • Experience in conducting information security risk assessments for distributed, complex systems. 
  • Experience working in research and development environment
  • Automation comes first. Constantly working on increasing security and adjusting practice and processes to support continuous flow and business delivery.
  • Hands on background in software engineering
  • Curiosity and desire to find the truth comes first in every interaction. Not afraid to make mistakes and not to be always right. Asks more questions than provides statements
  • Driven by taking things apart
  • Suggests and implements changes based on “connecting the dots” on things that come up repeatedly. Find creative elegant solutions for issues in close collaboration with the teams without introducing security as a blocker
  • The ability to thrive in fast-paced environments. Maintains stable performance and can-do attitude when under pressure or stress. Prepares team with “fire drill exercises” to do the right thing when there is “fire”
  • Does not cut corners with regards to ethics. Earns trust and maintains confidence. Does what is right. Speak plainly and truthfully
  • Compensation and benefits:

  • Competitive salary;
  • Flexible working hours;
  • Pre-paid parking ticket at Palas / Monthly bus pass;
  • Monthly digital meal tickets;
  • Easter and Christmas gift tickets;
  • Private Health Insurance;
  • 21 days of holiday;
  • Summer schedule (4-days/week);
  • Therapeutic massage;
  • Sports package;
  • Eye glasses vouchers;
  • Fruits, coffee, tea, sweets, popcorn machine and many others;
  • Standup Desk in a very modern office and access to the best logistics;
  • Professional career growth by providing access to training and conferences.
  • Why Mambu?

  • Mambu has over 250+ live deployments, helping to revolutionise financial services in more than 46 countries globally, and we're just getting started;
  • We understand nothing ensures our customers' success more than a happy team, so Mambu is built on a culture of trust and a sense of ownership in everything we do;
  • Mambu proactively takes the initiative to improve the industry for the better;
  • Mambu is using top tool for development activities;
  • Because you want more, you want to know how your lines of code impact the world.
  • Why Mambu?

    About us

    Mambuvians come from over 30 countries across six continents. Over the years we have become increasingly diverse in perspectives and ideas. To us, diversity is a company-wide value, and a strategy to boost productivity and to leave a positive, global impact on our industry. From Europe to Asia, and the Americas - Mambuvians are experts at collaborating globally.

    We are a no nonsense company that loves a good challenge and is fostering a culture of a great work-life balance. Our perks range from a 4-day-working-week in summer, to extraordinary team getaways.

    Building on collaboration and trust, we created a true ownership culture, which is integral to our success. We help and empower each other to make decisions that can have a lasting impact on our business, and influence thousands of customers and millions of their end users world-wide. Are you up for it?

    Why us?