The Container Security Technical SME will be a key part of the Secure Development team, reporting to the Global Head of Cloud and Container Security. They will, closely collaborate with peers across Cybersecurity and the business development teams to enable the rapid build of secure technology products and services.
responsibilities :
Understand container related threats and risks to the Bank and communicate to different stakeholders.
Manage container scanning tool and ensure service is performing within defined KCI metrics.
Run security scans and help development teams understand vulnerabilities and remediation to these vulnerabilities.
Defining and maintaining scanning tool configuration, ruleset and policy and revising as required to minimise false positive ratio.
Leading and executing the creation, review and maintenance of security scanning quality assurance approach and related documentation.
Monitoring new product and technology trends, risk and threat intelligence feeds to advance security capabilities while balancing an excellent user experience.
Data analysis to identify patterns and trends in security related findings.
Partnering with key stakeholders including engineering application teams, SDLC Federated Control Owners, Operational &
Resilience Risk, CCO Technology, Cybersecurity Risk & Control Strategy and Cybersecurity Business Engagement.
requirements-expected :
To be successful in this role you should have proven experience within the Technology sector with knowledge of the following skills:
Experience in working in cloud environments. Ideally AWS or GCP.
Experience in Cloud and/or Container Security review and Vulnerability assessment.
Experience in deploying containers and setting up Kubernetes clusters.
Experience in cybersecurity principles, assessment and triage for security flaws and common vulnerabilities for containerised applications.
Ability to understand and assess both threats and vulnerabilities, articulating these to both technical and business stakeholders.
Some experience in development work utilising a programming language, preferably Python
Professional IT Security qualifications and/or certification.
An inquisitive approach, always asking how to achieve goals in a smarter and more effective way.
An ability and interest to learn and experiment with new approaches to vulnerability management, in different contexts
Experience of working in international and diverse environments.
Experience in engaging with business, technology, regional and regulator stakeholders.
Experience/ understanding of threat modelling and third party security assessments would be beneficial.
Good spoken and written communication and ability to adapt style based on audience (Fluent in spoken / written English).
