About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It%26#39;s about showing how you embody our valued behaviours – do the right thing, better together and never settle – as well as our brand promise, Here for good.
We%26#39;re committed to promoting equality in the workplace and creating an inclusive and flexible culture – one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
PURPOSE:
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It%26#39;s about showing how you embody our valued behaviours – do the right thing, better together and never settle – as well as our brand promise, Here for good.
We%26#39;re committed to promoting equality in the workplace and creating an inclusive and flexible culture – one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
PURPOSE:
- Security Technology Services (STS) is a critical function within Standard Chartered Bank operating under the overall purview of %26ldquo;Enterprise Technology%26rdquo;.
- The STS team is made up of cyber security thought leaders, whom are accountable for the provision global cyber security services and products which allow the bank%26rsquo;s Cyber Security posture to be maintained and continuously improved to keep pace with an ever evolving cyber threat landscape.
- The STS Perimeter and Network Security function protects the Bank from cyber security threats at a network level through the selection, delivery and continued operation of effective security technology controls to ensure, and support the continuity and growth of the Bank%26rsquo;s business operations, whilst meeting internal and external stakeholders%26rsquo; expectations across a technology footprint which comprises the 70+ countries and territories in which SCB operates.
- As a function of this role we are looking to acquire the skills of a specialist Cloud Network Security Engineer who will drive the implementation of Cloud based Network Security solutions and capabilities consistent with industry best practices and the banks Information Cyber Security policies and standards.
- The establishment of effective network security controls consistent with Standard Chartered Bank%26rsquo;s growing expansion into the cloud shall ensure that the Bank%26rsquo;s security posture continues to be maintained, whilst ensuring Cyber Resilience and protection from a multitude of advanced and emerging cyber threats.
- The ideal candidate will have a Dev Ops / SRE mindset, a grounding in Cyber Security concepts as a primary foundational skill with a good understanding of threats as they present themselves in a Public Multi-Cloud context; an appreciation of Cloud DevOps/DevSecOps methodologies, in particular the use of Infrastructure-as-Code tooling and a practical exposure to Security tools, technologies and methodologies as they apply to multi-region, multi-provider cloud architectures (i.e. AWS, Azure, GCP, OCI). The candidate will have an up-to-date knowledge on industry technology trends and emerging capabilities applicable to Cloud Network Security, be a driven self learner, be highly collaborative and an excellent communicator with strong problem solving capabilities and an ability to convert abstract concepts into resilient and effective solutions.
RESPONSIBILITIES:
- Work alongside other specialists both within and outside of the Perimeter Security technology domain as a Cloud Network Security Specialist to replicate key security controls to secure the Public Cloud IaaS perimeter, to include: Network and Workload Segmentation/Micro-Segmentation, Cloud Access Security Broker (CASB), Web Application Firewall (WAF) and DDoS Protection, Outbound Web Filtering and Data Loss Prevention, Secure Access Service Edge (SASE), API Security, Cloud-to-Cloud,
- Have a detailed appreciation of common cloud services in IaaS, PaaS and SaaS contexts and cloud native security controls, understanding how they differ/compare across different Cloud Providers offerings. Understand and be familiar with multiple security vendor overlay technologies (pro%26rsquo;s/cons) and how they fit and function within a multi-cloud context.
- Comfortable working with one or more configuration management orchestration tools (i.e. Hashicorp Terraform, CloudFormation, Ansible), understand the concept and elements of CI/CD pipelines (unit test, regression, canary) and be able to perform API level integration between dispirate systems i.e. SIEM tools
- Some knowledge of workflow automation techniques and command line scripting tools and IDE%26rsquo;s as well some Python or Golang experience would be a distinct advantage.
- Be familiar with common web security vulnerabilities and techniques i.e. OWASP top 10 and offensive security tools (i.e. Kali, Metasploit, Burpsuite) for exploiting them.
- Be able to perform threat modelling and have a familiarity with one or more Security Industry Frameworks and Methodologies and how to leverage these to the best effect to mitigate threats i.e. Cyber Kill Chain, Mitre ATT%26amp;CK Framework.
- Have an appreciation of relevant regulatory frameworks applicable to Cyber Security in highly regulated financial institutions across various jurisdictions, i.e. CBEST, HKMA iCAST, NIST CSF, MAS TRM.
- Have an appreciation and understanding of Compliance Frameworks applicable to Public Cloud
- Documentation skills and an attention to detail. The role will require the updating of process documentation, schematics, manuals and presentation materials for various internal governance forums. Ability to produce high quality meaningful, succinct and accurate documentation, often within compressed timescales to meet various dynamic demands.
- Review findings from various sources (audit, stress test, penetration testing, issue diagnostics) to identify root cause, providing pragmatic and innovative recommendations and solutions for sustainable improvement.
KEY STAKEHOLDERS:
- Head, STS Perimeter Security
- Services Domain Heads within Security Technology Services
- Portfolio Lead for agile teams (Tribes)
- Project Management Office (Project and Programme Managers)
- Other relevant functions within Enterprise Technology (Infrastructure, Cloud, Cyber Defence, Networks etc.)
- Line of Business Stakeholders (as appropriate)
COMPETENCIES (KNOWLEDGE %26amp; SKILLS):
- A Bachelor%26#39;s degree in Engineering or related fields
- 8 %26ndash; 10 years of progressive Network Security experience comprising firewalls, intrusion detection, web application firewall, web proxy, DDoS Protection and Remote Access (IPSec, SSL/TLS) with at least 3 years in delivering enterprise grade solutions
- Minimum of 2 %26ndash; 3 years of practical experience with public cloud technologies (AWS/Azure/GCP/OCI), inclusive of cloud native security capabilities from one or more cloud service provider is a must
- Intermediate network routing and switching knowledge and experience inclusive of multi-region multi-cloud access (Transit Gateway, VPC Peering, Direct Connect, NLB/ALB, NAT)
- Full and comprehensive understanding of Identity and Access Management within atleast one Public Cloud Provider as well as strong conceptual understanding of Symmetric and Asymmetric key based cryptogrphy.
- Knowledge of Cyber Security Frameworks i.e. Cyber Kill Chain, Mitre ATT%26amp;CK, NIST CSF as well as Financial Industry Regulatory Frameworks and Regulations specific to Public Cloud
- Skillsets in the following would be an advanatage
- Scripting experience in Python and/or Golang
- Working knowledge of Containers (i.e. Docker) and container orchestration platforms (Kubernetes, OpenShift)
- Understanding of CI/CD pipeline tools and methodologies, Infrastructure-as-Code (Terraform, CloudFormation, Ansible)
- Experience working in geographically dispersed virtual teams, preferably in the Financial Services industry.
- Experience with enterprise applications (architecture, development, support, and troubleshooting).
- Experience and exposure to threat modeling and design reviews to assess security implications and requirements for introduction of new technologies.
- Strong interpersonal and communication skills; ability to work in a team environment
- Ability to work independently with minimal direction; self-starter/self-motivated
- Industry security certifications, i.e. ISC2, SANS and cloud security certifications i.e. CCSP, CCSK
- Cloud certifications related to AWS, Azure, GCP or OCI would be beneficial
- Technical writing and high quality documentation skills with attendion to detail
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our . We welcome conversations on flexible working.
Source link
