Lead, Devsecops

Job Summary

A security developer to build and operationalize security controls for SCB around Cloud and Containers services with focus on DevSecOps, Infrastructure as Code and Security Automation. Work closely with Internal security team understand their tools and APIs for automation.

To find and resolve security weaknesses, include security examinations, protections, and countermeasures at each place of the product advancement lifecycle to create solid and trustworthy programming.

Security programmers know about dialects like Python, Java, and C++ since they have programming and coding information.

Key Responsibilities

• Partner with stakeholders to learn and understand a wide variety of threat model subjects

• Responsible for building cyber threat models following the defined standards

• Responsible for writing and maintaining the documentation relating threat models and technical architecture of analyzed systems

• Responsible to execute cyber-attack simulations applying the defined methodologies and practices

• Advise and enable informed decisions using clear language, purpose, and fact

• Deliver learning opportunities relevant to stakeholders

• Define the scope of depth of analysis for threat modelling

• Gain a visual understanding of what you are threat modelling

• Creating a component diagram with a control flow graph (which shows all possible execution paths in a program)

• Model the attack possibilities

• Identifying assets, security controls, trust zones, and threat agents

• Identify threats and create a traceability matrix of missing or weak security controls

Key stakeholders

• SCB Cloud Security, Cloud Engineering, Cloud Operations Teams and VX Engineering team

• Cloud Security Management Team

• Technology Services Portfolio Manager

• Managers in key support functions (e.g. CIOs)

• Support function departments needed to execute projects

Skills and Experience

• Python, Java, Go Development

• API layer

• Web Technologies (DHTML, AJAX, etc.)

Qualifications

• Experience with scripting and orchestration including Terraform

• Experience with Python, Go, Java, or Ruby

• Experience working with DevOps tools, for ex. Bitbucket, Jenkins and Artifactory

• Experience in DevSecOps pipeline security tools, for ex. OPA, Sentinel

• Experience with Public Cloud platforms, for ex. AWS, Azure or GCP

• Experience in API layer like security, custom analytics, throttling, caching, logging, monetization, request and response modifications etc.

• Experience with Container platforms, for ex. Kubernetes, OpenShift, EKS, AKS or GKE

• Experience in Security automation using Cloud services, like AWS Lambda or Step Function

• Experience creating Splunk use cases (SIEM) and Splunk query language

• Cloud or Container Certifications like CKA, AWS SA, AZ-500, TF Associate

• Cyber Security Certification like CISSP, CCSP, CCSK

• Critical thinking and problem-solving skills

• Communication skills and Decision-making

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do

• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well

• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.

• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.

• Flexible working options based around home and office locations, with flexible working patterns.

• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits

• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.

• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.