CSS- Solution Architect- VM Job Details

Requisition Number: 48162

Job Location: Bangalore, IND

Work Type: Office Working

Employment Type: Permanent

Posting Start Date: 31/01/2026

Posting End Date: 28/02/2026

Job Description:

Job Summary

• The Senior Solution Architect – Vulnerability Management is responsible for defining, designing, and governing the enterprise vulnerability management architecture across infrastructure, applications, cloud, container, and emerging technology landscapes.

• This role bridges security strategy, engineering execution, and business risk, ensuring vulnerabilities are continuously identified, prioritized, remediated, and reported in alignment with regulatory, risk, and resilience objectives.

• The role partners closely with Cyber Defense, Application Security, Cloud Security, IT Infrastructure, DevSecOps, and Risk teams to embed vulnerability management as a core security capability, not just a scanning function.

Strategy & Architecture

• Define the enterprise vulnerability management reference architecture covering:

• Infrastructure (on-prem, cloud, hybrid)

• Applications (SAST, DAST, SCA)

• Containers, Kubernetes, serverless

• Network, endpoint, databases, and middleware

• Establish capability roadmaps aligned with Zero Trust, Secure SDLC, and Continuous Controls Monitoring.

• Ensure alignment with enterprise security architecture, threat models, and risk frameworks.

Solution Design & Engineering Leadership

• Design scalable solutions for:

• Vulnerability discovery, validation, and de-duplication

• Risk-based prioritization (CVSS + threat intelligence + asset criticality)

• Remediation orchestration and automation

• Drive tool integrations with:

• CMDB / asset inventory

• CI/CD pipelines

• Ticketing and workflow systems

• Cloud-native services and APIs

• Define secure-by-design patterns for development and infrastructure teams.

DevSecOps & Automation

• Embed vulnerability scanning into CI/CD pipelines with shift-left and shift-right controls.

• Enable policy-as-code and automated guardrails.

• Reduce false positives and noise through contextual analysis and tuning.

• Promote remediation automation using SOAR, scripts, and infrastructure-as-code.

Governance, Risk & Compliance

• Define vulnerability management standards, policies, and architectural guardrails.

• Map vulnerability management controls to regulatory and audit requirements.

• Support risk acceptance, exception handling, and executive reporting.

• Partner with Risk and Audit teams to demonstrate control effectiveness.

Stakeholder Engagement & Advisory

• Act as a trusted security advisor to engineering, platform, and business teams.

• Translate technical vulnerabilities into business risk language for leadership.

• Influence architecture decisions without direct authority.

• Mentor security engineers and architects.

Key stakeholders

• Strong written and verbal communication skills.

• Ability to engage senior stakeholders and engineering teams.

• Experience influencing without authority in matrixed organizations.

• Comfortable presenting architecture and risk posture to leadership forums.

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group’s Values and Code of Conduct.

• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.

Skills and Experience

• Technical Expertise

• 10+ years in Cyber Security / Security Architecture, with deep focus on Vulnerability Management.

• Strong hands-on knowledge of:

• Infrastructure and application vulnerability scanning

• Secure SDLC and DevSecOps practices

• Cloud security (IaaS, PaaS, containers, Kubernetes)

• CVE, CVSS, CWE, OWASP Top 10

• Experience integrating vulnerability tools with:

• CI/CD pipelines

• CMDB, ticketing, and workflow platforms

• Cloud-native security services

Architectural & Design Skills

• Proven experience creating enterprise-scale security architectures.

• Ability to balance risk reduction, usability, scalability, and cost.

• Strong understanding of threat modelling and attack paths.

• Experience designing risk-based prioritization frameworks.

• SBOM

• AWS/Azure

• Graph Databases

• ADO

• OWASP Top 10

• CVE, CVSS, CWE

• Stakeholder Management

Qualifications

• Degree in computer science

• CISSP, CISM, CCSP

• Cloud security certifications

• TAGAF or equivalent architecture frameworks

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
Flexible working options based around home and office locations, with flexible working patterns.
Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

Provider	Description	Enabled
LinkedIn	LinkedIn is an employment-oriented social networking service. We use the Apply with LinkedIn feature to allow you to apply for jobs using your LinkedIn profile. Opting out of LinkedIn cookies will disable your ability to use Apply with LinkedIn. Cookie Policy Cookie Table Privacy Policy Terms and Conditions
Google Analytics	Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Cookie Information Privacy Policy Terms and Conditions
Google Tag Manager	Google Tag Manager is a tag management system for conversion tracking, site analytics, remarketing and more. Privacy Policy Terms and Conditions