Job Summary

We are seeking a highly motivated and experienced Cloud Security Hands-On Engineer to join SCB. The Cloud Security Hands-on Engineer will be responsible for designing, implementing, and maintaining our cloud-based security infrastructure. This will include developing a deep understanding of our cloud architecture, identifying and mitigating potential security threats and vulnerabilities, and collaborating with other teams to ensure our security measures are effective.

At least six years’ experience with:

• 5+ years of Information Security or engineering experience.
• 2+ years of direct experience in at least one Public Cloud (AWS or Azure).
• Work closely with Product Security, Engineering, Operations, and Corporate Security to define security strategy and execute on it. Implementing automation to enable developers to easily consume security services.
• Improve the accessibility of security through automation, continuous integration pipelines, and other means. Designing a secure application-release automation process to make security an integral part of the CI/CD pipelines.
• Enforce standard methodologies, processes and tools and ensure compliance to enterprise architecture, global information security policies and engineering strategy.
• Validate adherence to AWS and Azure governance standards for policy definitions, role-based access controls, ARM Templates, resource groups and Azure Blueprints.
• Identify security tools and lead operationalization of solutions from POC to Production, e.g. API Threat Protection, Container Security, etc. Streamline POC processes.
• Work with SRE and Engineering to implement a chaos-testing methodology and toolkit. Integrating security tools issue tracking with Jira.
• Implement automation to investigation and response workflows for Automated Incident Response.
• Interview, hire, and create on-boarding plans for new or transferred employees.
• Encourage others to seek opportunities for different and innovative approaches to addressing problems; facilitate the implementation and acceptance of change.
• Produce and streamline audit evidence.

Key Responsibilities

Strategy
Towards delivering and living out our TTO Strategy 25 by 
•    Establish Strong Digital Foundations · 
•    Accelerate Transformation · 
•    Drive Process Excellence

Business
•    Contribute to the strategic goals of the organisation through the application of technology. 
•    Solve problems through the application of technical knowledge and skill, determining when and how technology can solve business problems. 
•    Scope and create technical solutions that contribute to the business’s strategic goals

Processes
•    Identify new areas of focus and activity for both internal and external technology communities 
•    Develop and roll out best practice in Technology domain of expertise or their specialism. 
•    Rescue, remediate or provide expertise on initiatives with significant technology challenge

People & Talent
•    Be a role model and build the appropriate culture and values. 
•    Set appropriate tone and expectations from their team and work in collaboration with risk and control partners.  
•    Ensure the provision of ongoing training and development of people and ensure that holders of all critical functions are suitably skilled and qualified for their roles ensuring that they have effective supervision in place to mitigate any risks. 
•    Employ, engage and retain high quality people. 
•    Work with internal business teams, cross-functional engineering teams, and external vendors. · 
•    Effective conflict resolver and strong leadership skills to deliver on commitments and knowing when to say No to stakeholder

Risk Management
•    Make recommendations (and/or implement) to relevant stakeholders on possible risk management responses to identified risks and/or findings of concerns from investigations. 
•    Manage escalations on PEP / Sensitive issues requiring additional assessment and/or controls
 

Key Responsibilities

Governance
•    Take personal responsibility for understanding the risk and compliance requirements of the role. 
•    Understand and comply with, in letter and spirit, all applicable laws, and regulations, including those governing anti-money laundering, terrorist financing, and sanctions; the Group’s policies and procedures; and the Group Code of Conduct. 
•    Effectively and collaboratively identify, escalate, mitigate and resolve risk and compliance matters. 
•    Embed the Group’s values and code of conduct to ensure that adherence with the highest standards of ethics, and compliance with relevant policies, processes, and regulations among employee’s form part of the culture

Regulatory & Business Conduct

•    Display exemplary conduct and live by the Group’s Values and Code of Conduct. 
•    Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
•    Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
•    Lead the team to achieve the outcomes set out in the Bank’s Conduct Principles: [Fair Outcomes for Clients; Effective Financial Markets; Financial Crime Compliance; The Right Environment.] 

Key stakeholders

• it’s all responsibilities associated with the management of stakeholders e.g. Application Development Community, DevOps Engineering, Security Architecture, Security Engineering, Control Owners….

Other Responsibilities

• Embed Here for good and Group’s brand and values in team. Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures; Multiple functions (double hats).

Skills and Experience

• Python, Go Lang, Java / .NET
• DevSecOps Capabilities (SAST, DAST, SCA, CodeSign)
• Azure / AWS Public Cloud
• Infrastructure as Code
• PowerShell, Azure CLI
   

Qualification

Certifications

• Certified Professional Python / Java Application Programmer. / Developer

Languages

• React or Angular, and back-end frameworks, such as Node.js, Express.js and Django
• MySQL, MongoDB, or PostgreSQL
• Hands-On Proficiency in scripting and coding using Bash, Python, IaC (Terraform, Cloud formation, Azure ARM)

Qualifications

Education

• Bachelor's degree in Computer Science, Software Engineering, or a related field
• Overall 5+ Years of experience in information technology out of which 2+ years of experience in Deveops and cloud technologies

Training

• Work closely with Product Security, Engineering, Operations, and Corporate Security to define security strategy and execute on it. Implementing automation to enable developers to easily consume security services.
•  Improve the accessibility of security through automation, continuous integration pipelines, and other means. Designing a secure application-release automation process to make security an integral part of the CI/CD pipelines.
• Enforce standard methodologies, processes and tools and ensure compliance to enterprise architecture, global information security policies and engineering strategy.
•  Validate adherence to AWS and Azure governance standards for policy definitions, role-based access controls, ARM Templates, resource groups and Azure Blueprints.
•  Identify security tools and lead operationalization of solutions from POC to Production, e.g. API Threat Protection, Container Security, etc. Streamline POC processes.
• Work with SRE and Engineering to implement a chaos-testing methodology and toolkit. Integrating security tools issue tracking with Jira.
•  Implement automation to investigation and response workflows for Automated Incident Response.
• Interview, hire, and create on-boarding plans for new or transferred employees.
• Encourage others to seek opportunities for different and innovative approaches to addressing problems; facilitate the implementation and acceptance of change.
•  Produce and streamline audit evidence.
•  Stay current on threats, vulnerabilities, and controls.
• Familiarity with SecOps processes i.e., detection, monitoring, alerting and threat intelligence

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.