Job Summary

About TrustBank:

Trust is backed by a unique partnership between Standard Chartered, one of the world's most trusted banks with more than 160 years of experience in Singapore, and FairPrice Group, the nation’s leading grocery retailer for almost 50 years.

We were born in the cloud and use the best and latest technology to deliver a world-class customer experience and cutting-edge security.

Key Responsibilities

• Own the deployment, clustering, high availability, and rolling-upgrade posture of Keycloak running on Kubernetes.
• Design and operate the configuration-as-code pipeline that promotes realm and client definitions through environments.
• Own the relational database backing the identity platform: sizing, replication, backup/restore, capacity planning, and upgrade paths.
• Own secrets and key management for realm secrets, client credentials, and signing keys, including the integration path for hardware-backed key management.
• Build and run the observability stack around the platform — metrics, distributed tracing, structured logs, SLOs, and paging.
• Author and maintain operational runbooks: incident response, DR drills, certificate rotation, JWKS rollover.
• Partner with API-gateway and service-mesh teams on ingress hardening, mTLS posture, and production cutover topology.
• Ensure authentication and transaction-signing latency targets are met under peak load.
• Carry on-call responsibility for the platform post-cutover.

Must-have skills

•  **Cloud-native architecture** — immutable infrastructure, declarative configuration, horizontal scale-out, and failure-as-design-input.
•  **AWS in production** — managed Kubernetes (EKS), certificate management (ACM), secrets management, and key management (KMS).
• **Kubernetes at production scale** — stateful workloads, rolling upgrades without dropping session state, pod-disruption semantics, topology-aware scheduling.
• **Kubernetes Operator / CRD pattern** — deploying and debugging non-trivial Operators for stateful workloads.
• **Microservices architecture** — understanding of how an IdP behaves as a synchronous dependency for a large service estate, and the coordination required for issuer / JWKS changes.
• **JVM platform operations** — runtime tuning (GC, heap, native memory) and distributed caching / clustering at the JVM layer.
• **Relational database operations** — sizing, replication, point-in-time recovery, upgrade paths.
• Secrets management and rotation patterns.
• **Observability** — metrics, distributed tracing, structured logs, SLOs.
• **OAuth2 / OIDC / JWT fundamentals** — enough to reason about token flows, JWKS rotation, and session behaviour in an operational context.
• Direct Keycloak operations experience — session replication, realm import/export, in-place upgrade, clustered cache behaviour.
• Hardened enterprise Kubernetes distributions.
• Hardware-backed key management / HSM exposure.
• Service-mesh operations.
• GitOps delivery with declarative configuration promoted via pull-request-driven workflows.
• Prior operations exposure to a mature commercial or open-source IdP.
• Event-streaming platform operations.
• Blue-green or dual-issuer cutover patterns.

Behavioural requirements

• **Ownership.** You take end-to-end responsibility for the platform in production, not just until handover.
• **Pragmatism over novelty.** You prefer boring, reliable patterns to clever ones, and can justify the choice.
• **Written thinking.** You document trade-offs, not just decisions, and leave a paper trail others can follow.
• **Constructive disagreement.** You push back on architectural direction where you see issues, and bring alternatives rather than objections.
• **Operational temperament.** You are calm in incidents, methodical under pressure, and rigorous about root-cause analysis.
• **Security mindset.** You think about blast radius, least privilege, and audit trail as defaults, not afterthoughts.
• **Regulated-environment awareness.** You understand that change control, auditability, and data protection are non-negotiable, and you treat them as design inputs rather than obstacles.

Experience bar

• Senior level. Minimum 8 years engineering experience, including at least 3 years running a stateful, security-critical platform in production at meaningful scale. Candidates with demo-grade or lab-only experience will not be a fit.

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group’s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Qualification

• Bachelor's degree
• Languanges: English

Skills and Experience

• AWS technologies
• Keycloak
• CI/CD

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.