Job Summary
We are seeking a highly motivated and experienced Cloud Security Hands-On Engineer to join SCB. The Cloud Security Hands-on Engineer will be responsible for designing, developing, implementing, and maintaining information systems. This will include developing a deep understanding of our cloud architecture, identifying and mitigating potential security threats and vulnerabilities, and collaborating with other teams to ensure our security measures are effective.
· 8+ years of Information Security or engineering experience.
· 2+ years of direct experience in at least one Public Cloud (AWS or Azure).
· Work closely with Product Security, Engineering, Operations, and Corporate Security to define security strategy and execute on it. Implementing automation to enable developers to easily consume security services.
· Improve the accessibility of security through automation, continuous integration pipelines, and other means. Designing a secure application-release automation process to make security an integral part of the CI/CD pipelines.
· Enforce standard methodologies, processes and tools and ensure compliance to enterprise architecture, global information security policies and engineering strategy.
· Validate adherence to AWS and Azure governance standards for policy definitions, role-based access controls, ARM Templates, resource groups and Azure Blueprints.
· Identify security tools and lead operationalization of solutions from POC to Production, e.g. API Threat Protection, Container Security, etc. Streamline POC
Key Responsibilities
Processes.
· Work with SRE and Engineering to implement a chaos-testing methodology and toolkit. Integrating security tools issue tracking with Jira.
· Implement automation to investigation and response workflows for Automated Incident Response.
· Interview, hire, and create on-boarding plans for new or transferred employees.
· Encourage others to seek opportunities for different and innovative approaches to addressing problems; facilitate the implementation and acceptance of change.
· Produce and streamline audit evidence.
· Stay current on threats, vulnerabilities, and controls.
· Familiarity with SecOps processes i.e., detection, monitoring, alerting and threat intelligence.
· Hands-On Proficiency in scripting and coding using Bash, Python, IaC (Terraform, Cloud formation, Azure ARM).
· Participate in the entire lifecycle of software development, including requirements analysis, design, development, testing, deployment, and maintenance. (Tools like Junit, Postman, Burp, Terratest, Sentinel, Misconfig test, OPA,etc.,)
· Hands on experience in infrastructure provisioning, configuration of provisioned infrastructure. deployment of application and Plugins such as TFLint, Checkov, Docker Linter, docker-vulnerability-extension, Security Scan, Contrast Security, etc.,
· Extensive knowledge in analyzing the contents and the build process of a container image in order to detect security issues, vulnerabilities or potential risks. Open-source tools such as Dagda, Clair, Trivy, Anchore, etc., can be leveraged for container image analysis.
· Familiar with Open-source tools such as Jenkins, etc., can be leveraged to build the CI/CD pipelines, and DefectDojo and OWASP Glue can help in tying the checks together and visualizing the check results in a single dashboard.
· Hands-On experience in Open-source tools such as truffleHog, git-secrets, GitGuardian and similar can be utilized to detect such vulnerable management of secrets.
· Expert knowledge with integrating crucial security tasks into CI/CD pipelines.
· Strong knowledge of software development methodologies and the software development lifecycle.
· Strong knowledge of container security and secrets management.
· Working experience with configuration management.
· Experience with Azure technologies in general, such as Service Fabric, Application Service Environment, Azure Kubernetes Service, Azure DevOps, Azure Monitor, Azure Sentinel, Azure Defender Suite, Azure SQL, Cosmos, Azure APIM, Azure AD, Azure OMS/Application Insights, Global Traffic Manager, etc.
· Experience with AWS technologies, such as CodePipeline, CodeBuild, CodeDeploy, CodeStar, Guardrails, Amazon ECS, AWS Lambda, etc.
Our Ideal Candidate
· 8+ years of Information Security or engineering experience.
· 2+ years of direct experience in at least one Public Cloud (AWS or Azure).
· Experience with scripting and orchestration including Terraform
· Experience with Python, Go, Java, or Ruby
· Experience working with DevOps tools, for ex. Bitbucket, Jenkins and Artifactory
· Experience in DevSecOps pipeline security tools, for ex. OPA, Sentinel
· Experience with Public Cloud platforms, for ex. AWS, Azure or GCP
· Experience in API layer like security, custom analytics, throttling, caching, logging, monetization, request and response modifications etc.
· Experience with Container platforms, for ex. Kubernetes, OpenShift, EKS, AKS or GKE
· Experience in Security automation using Cloud services, like AWS Lambda or Step Function
· Experience creating Splunk use cases (SIEM) and Splunk query language
· Cloud or Container Certifications like CKA, AWS SA, AZ-500, TF Associate
· Cyber Security Certification like CISSP, CCSP, CCSK
· Good understanding of software development methodologies, such as Agile and running Scrum
· Critical thinking and problem-solving skills
· Communication skills and Decision-making
Role Specific Technical Competencies
· Public Cloud Engineering and Architecture
· API Frameworks
· IAM (RBAC, ABAC) and Secrets Management
· Threat Modeling Framework STRIDE, MITRE
· Azure / AWS Public Cloud Threat Modeling (Manual / Automation)
· Python, Go Lang, Java / .NET
· Infrastructure as Code
· PowerShell, Azure CLI
· DevSecOps Capabilities (SAST, DAST, SCA, CodeSign)
About Standard Chartered
We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.
Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.
Together we:
· Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
· Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
· Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term
What we offer
In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.
· Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
· Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
· Flexible working options based around home and office locations, with flexible working patterns.
· Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
· A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
· Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.
Recruitment Assessments
Some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.
Visit our careers website www.sc.com/careers
