About The Team
We are the bank's security engineering team - our mission is simple - we make sure that we build and leverage secure systems and operate them at production scale in a secure way. Our engineering teams move fast and are constantly innovating, and our security engineers need to ensure we provide the right tools and processes to help them move at high velocity.
We are a builder function, we build tools and processes that bring to life the banks security standards and policies. We use security metrics to make continuous improvements to security controls and culture. We strive for automation and love Jira tickets. What is not measured, can not be improved.
Get to know the Role:
- We are seeking security engineers who are excited about shaping the future of information security by building security tools to identify and eradicate vulnerabilities across all stages of the software development lifecycle.
- Our team covers line one control ownership of multiple domains, including cloud, DevSecOps, privileged access management, runtime, containers, kubernetes, cryptography, SaaS security and automated response.
- You will work on a public cloud security program with an aim of real-time vulnerability identification and automatic remediation.
- You will work with public cloud, terraform, commercial cloud posture security management tools, open-source kubernetes admission controllers (Kyverno) and build tools that automate our security posture.
The day-to-day activities:
- Design and implement cutting edge preventative and detective controls
- Shift security left in the engineering life-cycle by implementing commercial, security tools and scanners.
- Collaborate with experienced security engineers and engineering squad leads to research and build solutions geared towards identifying security issues at scale
- Evaluate/extend/contribute to existing open-source security tools and integrate them into pipelines.
- Constantly evaluate our progress and work on solutions to raise our security bar at scale. You understand that security is a continuous, ever evolving process.
- Design and implement cutting edge security tools and scanners, including static application security testing (SAST) and dynamic application security testing (DAST).
- Design and implement an automated security scanning solution for cloud infrastructure as code, experience using Sentinel policies for Terraform is preferred.
The must-haves:
- An understanding of public cloud security and cloud native security services is a plus
- An understanding of common global and industry standard control frameworks (CIS, NIST800-53, PCI-DSS)
- Should have relevant experience of 1 to 4 years
- Experience with scripting/programming security automation. While you do not need to be a full time programmer, we do strive for automation and are required to glue a lot of our processes together. Go, Python, etc.
- Experience with container platforms and frameworks is preferred (AWS EKS, Docker, Kubernetes, Admission Controllers, Kyverno).