Application Security and Vulnerability Management Manager

About:

Yapı Kredi Technology is a technology company that produces innovative, high quality, and high value-added products and solutions in the finance sector. With more than 2,000 employees, it aims to create products that will shape the sector for Yapı Kredi Bank and to be the undisputed leader in the field of technology by using modern architectural systems and cloud technologies. It also contributes to the development of new and exemplary products for the sector by using natural language processing, machine learning, artificial intelligence, and data mining technologies with its R&D team.

Who We Are:

At Yapı Kredi Technology, we research with passion, wonder as we learn, and implement innovations that shape the future together. We take responsibility from the first day with our expert colleagues and work with all our strength for pioneering applications. We make quick decisions and take action. We quickly adapt to innovations and changes.

What Do We Offer:

📌 Opportunity to work in hybrid model

💻Opportunity to work in Koç Group Community Companies' offices

🌴Chance to discover the natural wonders and amenities offered at Koç Toplululuğu Spor Kulübü (KTSK)

🚀Career development opportunities in a structured technology career path

💫 Opportunity to benefit from BizClub and KoçAilem privileges exclusive to Yapı Kredi Technology employees

🤝Company-contributed individual retirement insurance

🎂 Birthday off day

In this leadership role, you will be responsible for leading both Application Security and Vulnerability Management teams at Yapı Kredi Technology. Your responsibility will be to define and manage the strategy for all technical security processes, from proactively securing the corporate infrastructure (on-premise, cloud, container) to ensuring that applications (web, mobile, API) are developed in accordance with Secure Software Development Lifecycle (Secure SDLC) principles.

• Manage the Application Security (AppSec) Program: Define the Secure SDLC strategy; contribute Threat Modeling and design review processes.
• Direct DevSecOps Strategy: Manage the integration of security tools (SAST, DAST, SCA, IAST) into CI/CD pipelines and lead the automation of security testing.
• Manage the Vulnerability Management Program: Strategically manage the corporate vulnerability management program covering the Bank's hybrid (on-premise, cloud, container) infrastructure, overseeing scanning, analysis, risk prioritization, and remediation processes.
• Lead Offensive Security Operations: Determine the scope and strategy for all internal and external penetration testing operations (web, mobile, API, network). Plan and manage Red Team and Purple Team exercises as needed.
• Technical Leadership and Mentorship: Mentor the technical and professional development of the team, which consists of both application security and infrastructure security experts; set performance goals and support their career paths.
• Risk and Reporting: Analyze technical vulnerabilities by translating them into business risk , negotiate remediation plans with relevant teams (DevOps, Software Development, Infrastructure), and provide strategic reports to senior management.
• Technology and Automation Roadmap: Ensure the effective management of security tools in your areas of responsibility (Vulnerability Management, SAST/DAST/SCA/IAST tools, etc.) and drive automation opportunities (using Python, PowerShell, etc.).
• Security for AI: Integrate robust security controls into the AI development lifecycle to ensure data integrity, model resilience, and regulatory compliance.
• AI for Security: Leverage AI and machine learning to enhance security automation and vulnerability management processes.

Qualifications:

• Bachelor’s degree in Computer Engineering, Electronics Engineering, Communication Engineering, Mathematics or relevant fields is a must.
• Master’s degree in cyber security or in a relevant field is a plus.
• 9+ years of total experience in cyber security; with at least 3+ years of experience in leading or managing a technical cyber security team (AppSec, PenTest, Vulnerability Management, etc.).
• Deep technical knowledge in both of the following areas :

Application Security (AppSec): Expertise in Secure SDLC, DevSecOps, Threat Modeling, OWASP Top 10, and application penetration testing (web, mobile, API).

Vulnerability Management: Expertise in vulnerability management programs (Nessus, Tenable, Qualys, etc.), network architectures, and infrastructure penetration testing.

• Proficiency in the security dynamics of Cloud (Azure preferred) and Container (Kubernetes, Openshift, Tanzu) architectures and the vulnerability management processes for these environments.
• Experience with CI/CD processes (Jenkins, GitLab CI, etc.) and the integration of security tools (SAST, DAST, SCA, IAST) into these pipelines.
• Possession of a managerial security certification such as CISSP or CISM (Strongly preferred).
• Possession of one or more technical and offensive security certifications such as OSCP, OSWE, GPEN, GWAPT, GCSA (Strongly preferred).
• Knowledge of scripting languages (Python, PowerShell, etc.) at a level sufficient to lead security automation processes.
• Excellent time management and organizational skills.
• Advanced reporting and communication skills, with the ability to present complex technical findings clearly to senior management and business units.
• Strong negotiation skills, strategic thinking, and the ability to manage inter-team collaboration at the highest level.
• Excellent command of written and spoken English .

Candidate Selection Process:

Our recruitment process for all positions typically encompasses technical interviews, c- level interview, competency evaluations, and personality tests. We will extend our offer to candidates who have successfully completed a positive evaluation process.

If you would like to get to know more about Yapı Kredi Technology, you can follow us! 🚀

https://www.ykteknoloji.com.tr

https://medium.com/yapi-kredi-teknoloji

6698 sayılı Kişisel Verilerin Korunması Kanunu kapsamında kişisel verilerinizin işlenmesinden doğan haklarınıza ve bu konudaki detaylı bilgiye https://kariyerim.yapikredi.com.tr/Account/StaticKvkk adresinde yer alan aydınlatma metnimizden ulaşabilirsiniz.