Job Summary
We are seeking a highly skilled and experienced Senior Cybersecurity Engineer to lead a comprehensive range of Red Team, Blue Team, and Purple Team activities within our bank's security operations. The ideal candidate will possess advanced knowledge in penetration testing methodologies across various domains including network, application, cloud, and Active Directory environments. Additionally, the candidate should be proficient in scripting and programming languages to automate penetration testing processes within CI/CD pipelines. Exposure to SecOps, MLOps, and MLSecOps, along with the ability to assess AI-based threats, attacks, and vulnerabilities is also essential for this role.
Key Responsibilities:
• Conduct penetration testing and intelligence gathering using OSINT resources.
• Analyze vulnerabilities and identify attack vectors, including social engineering tactics.
• Perform red team, blue team, and purple team activities, collaborating to enhance security effectiveness.
• Monitor security events, investigate incidents, and develop security playbooks.
• Evaluate security controls, develop metrics, and provide guidance on improvement efforts.
• Prepare detailed reports customized to engagement scopes, outlining vulnerabilities and recommendations.
• Ensure reports are thorough, accurate, and actionable, providing insights for stakeholders.
• Collaborate with teams to implement remediation measures based on identified vulnerabilities
Key Responsibilities
Tools and Technologies:
• Experience with scripting and orchestration including Terraform
• Experience with Python, Go, Java, or Ruby
• Experience working with DevOps tools, for ex. Bitbucket, Jenkins and Artifactory
• Experience in DevSecOps pipeline security tools, for ex. OPA, Sentinel
• Experience with Public Cloud platforms, for ex. AWS, Azure or GCP
• Experience in API layer like security, custom analytics, throttling, caching, logging, monetization, request and response modifications etc.
• Experience with Container platforms, for ex. Kubernetes, OpenShift, EKS, AKS or GKE
• Experience in Security automation using Cloud services, like AWS Lambda or Step Function
• Experience creating Splunk use cases (SIEM) and Splunk query language
• Good understanding of software development methodologies, such as Agile and running Scrum
• Critical thinking and problem-solving skills
• Communication skills and Decision-making
Skills and Experience
Strategy
· Awareness and understanding of the TTO’25 business strategy and model appropriate to the role. Support and the enablement of the Central Monitoring & Observability strategy, goals and objectives by developing prioritized features aligned to the Catalyst and Tech Simplification programmes.
Business
· The Monitoring & Observability Platform team is a global team ensuring the design, development, delivery & support of the bank’s central monitoring and observability services for all TTO teams (technology domains).
· The ideal candidate will possess a deep understanding of in one or more of the platform technologies (Elastic Observability, Grafana Observability or ITRS Geneos) and its other required capabilities, such as Kafka messaging, database management, enabling the design, development, implementation, and management of the central solution, integrating advanced technological tools and techniques, and overseeing large-scale enterprise-level implementations.
Processes
· As an Observability Engineer, you will play a crucial role in ensuring the stability, reliability, and performance of our applications and platform, thereby enabling our organization to deliver exceptional services to our internal stakeholders by adhering to the Enterprise SDLC (eSDLC) framework and guidelines.
People & Talent
· Actively engaging in stakeholders’ conversations, providing timely, clear and actionable feedback to deliver solution within timeline.
Our Ideal Candidate
· Bachelor's or Master’s degree in Computer Science, Information Security, or related field.
· 10+ years of experience in penetration testing, red/blue/purple teaming, or related roles.
· Certifications: CEH, CompTIA PenTest+, OSCP, GPEN, CCPT, CMWAPT, etc.
· Cloud or Container Certifications like CKA, AWS SA, AZ-500, TF Associate
· Cyber Security Certification like CISSP, CCSP, CCSK, CEH, CompTIA PenTest+, OSCP, GPEN, CCPT, CMWAPT
· Proficiency in scripting languages (Python, Ruby, Perl) and shell scripting.
· Hands-on experience on Malware Analysis and Reverse Engineering
· Strong understanding of CI/CD pipelines, SecOps, MLOps, and MLSecOps methodologies.
· Excellent communication, report writing, and presentation skills.
· Exposure to banking or financial services industry is advantageous.
· Candidate should be aware of the following tool list: Metasploit, Nmap, Burp Suite, Wireshark, John the Ripper, Hydra, Cobalt Strike, Bloodhound, Empire, Nessus, Qualys, Splunk, ELK Stack (Elasticsearch, Logstash, Kibana), Sysinternals Suite, Snort, Suricata, Zeek (formerly known as Bro), Security Onion and SecOps monitoring KQL/JQL queries.
· Continuous learning mindset with dedication to staying updated on cybersecurity trends.
· Strong analytical and critical thinking skills are essential for high-pressure situations.
· Added advantage if have exposure to Bug Bounty, and any CVEs in name.
· If you possess the required skills and are passionate about pushing the boundaries of cybersecurity, we encourage you to apply for this exciting opportunity. Join us in safeguarding our organization against evolving cyber threats and driving innovation in security operations.
Role Specific Technical Competencies
· Public Cloud Engineering and Architecture
· API Frameworks
· IAM (RBAC, ABAC) and Secrets Management
· Threat Modeling (Manual / Automation) with Framework STRIDE, MITRE
· Penetration Testing (Cloud, Container, On-premise)
· Azure / AWS Public Cloud
· Python, Go Lang, Java / .NET
· Red, Blue & Purple Teaming
· PowerShell, Azure CLI
· DevSecOps Capabilities (SAST, DAST, SCA, CodeSign)
About Standard Chartered
We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.
Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.
Together we:
· Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
· Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
· Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term
What we offer
In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.
· Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
· Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
· Flexible working options based around home and office locations, with flexible working patterns.
· Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
· A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
· Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.
Recruitment Assessments
Some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.
Visit our careers website www.sc.com/careers