Santander Digital Services
Application Security Lead - SDS
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Santander Digital Services
Santander Digital Services is a division within the Santander Group dedicated to enhancing financial services through technology and innovation. With a team of over 8,000 professionals, including data analysts, developers, and cybersecurity experts, the company collaborates with various business units to create technology-driven solutions that improve service quality and customer experience. The division plays a key role in Santander's technological transformation, utilizing a tech stack of more than 300 technologies and partnering with over 70 organizations globally. It operates in over 32 languages and employs a diverse workforce from more than 40 nationalities. Santander Digital Services focuses on building and maintaining digital banking platforms, including the cloud-based core banking platform called Gravity, which allows for rapid functionality updates and supports millions of transactions annually. The company serves a wide customer base, primarily Santander's retail and commercial banking clients in Europe and the Americas. Its digital solutions aim to simplify banking and enhance customer interactions, while also supporting global initiatives in education, employability, and entrepreneurship.
Security at Santander Digital Services
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“Stated AppSec Mission: Information not publicly available. Developer Enablement vs. Gatekeeping: Information not publicly available. Risk Philosophy: Our cyber defence approach is based on a model consisting of various towers or defensive walls: Protect, Detect, Respond and Fraud Prevention. At Santander, we take the online security of both our customers and society in general very seriously. We are committed to maintaining effective security through state-of-the-art security infrastructure, always seeking a balance between the robustness of our systems and the best customer experience across all our channels. Stated Pain Points or Goals (Verbatim): Cyber threats are constantly increasing, so we also need to make sure we are always up to date. Gaps & Contradictions: Specific AppSec mission, developer enablement approach, and detailed AppSec-specific risk philosophy are not explicitly stated. The available information focuses on general cybersecurity for the broader Santander entity.”
Security Team
Org Structure & Reporting Line: Santander Digital Services is the team of technology and operations at Santander. We are the Santander global Technology and Operations (T&O) team. Key Public-Facing Leaders: Hazel Diez Castaño, Global Chief Information Security Officer, Cybersecurity and Fraud Prevention, Banco Santander. Key Quote: Hazel is the global Chief Information Security Officer (CISO) of Santander since June 2023, responsible for managing the cybersecurity teams and services throughout the Group. Team Size Estimate (as_of:): ~9,200 people (for Santander global Technology and Operations (T&O) team). Active AppSec Job Postings (as_of:): Count: 0 (No specific "Application Security"or "AppSec"roles found for Santander Digital Services). Common Skill/Tool Patterns: Experience in Oauth 2. using the right grant types lilke authoirzation code, client credentilas, jwt bearer and token exchange flows. Experience on different type of auth server products like PingFederate, ForgeRock or Okta or SailPoint. Knowledge directory services systems (Entra ID, Active Directory, LDAPs…). 1+ year of direct experience with Cloud Security Posture Management (CSPM) tools and cloud platform hardening. Hands-on experience with Cloud Security Posture Management (CSPM) tools such as Sysdig, Wiz, or equivalent. Gaps & Contradictions: No specific AppSec team leaders were identified. The team size for AppSec specifically is not publicly available. No job postings explicitly for "Application Security Engineer"or similar roles were found for Santander Digital Services, though general IT Security roles exist.
Key Initiatives
Security Champions Program: Status: No Evidence Found. 'Shift Left' in Practice: Information not publicly available. Vulnerability Management Process: Intake: Our cyber defence approach is based on a model consisting of various towers or defensive walls: Protect, Detect, Respond and Fraud Prevention. Triage/Remediation: The Respond tower investigates and responds to cyber attacks in order to limit their impact. Secure SDLC Artifacts: When software is developed with security and robustness in mind from the start, it reduces the risk of vulnerabilities and downstream failures. Recent Initiatives (Last 6 Months): We collaborate with top universities and organise bootcamps and Capture the Flag (CTF) challenges to share knowledge. We invest in ultra-specialised companies to form strategic partnerships and drive innovation in this field. Gaps & Contradictions: Specific details on AppSec-focused security champions programs, concrete "shift-left"practices, and detailed vulnerability management processes (e.g., SLAs, MTTR, ticket ownership) are not publicly available for Santander Digital Services. The initiatives mentioned are more general cybersecurity training and partnerships.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.