CSAT (Cyber Security Assurance and Testing) is a department within Cyber Security at HSBC. It owns the controls and services that provide pre-production and production application and infrastructure security scanning, remediation management and reporting.
The ideal candidate will be able to both, technically lead from the front, and possess the ability to lead, inspire and motivate the team. A mix of technical skills, attention to detail and leadership is required. The successful candidate will also be required to build relationships with the broader Cyber and Enterprise architecture community and actively contribute at local Design Authority.
The role will report to the Global Head of CSAT Engineering and will be responsible for managing the architecture and solution design team within CSAT. You will be managing a team of 4-5 technical architects/designers that are responsible for designing the solutions used withing CSAT change and run programmes. This includes a significant programme of rearchitecting and migration of our core services to cloud infrastructure. In addition, the team are responsible for supporting the engineering team to deliver changes to services and ensure that the design documentation is approved at the necessary governance forums, taking on feedback and adapting the designs as appropriate.
responsibilities :
Lead the technical design of systems and services in the CSAT space
Lead the team of technical architects within CSAT Engineering and liaising with other architecture teams across HSBC
Develop and support all architectural artefacts for the projects that will implement these changes, including but not limited to: Architecture Impact Assessments; External Hosting Considerations to support Enterprise Architecture sign off to host the service in a cloud; Solution Design documents; Design authority sign off appropriate documentation; Producing artefacts in sufficient detail so that they can be consumed by the engineering delivery team.
Drive Tech/Arch requirements to meet business requirements for the technologies being deployed, which must be aligned to Sec Arch strategy.
Advise on important security-related technologies and assessing the risk associated with proposed changes.
Deliver architectural patterns and support quality assurance initiatives in the Engineering team.
Interact with and influencing senior stakeholders across departments.
Collaborate with cross-functional teams to align the security data management system with overall business objectives.
Stay abreast of emerging technologies and security trends to continually enhance the systems capabilities and apply innovative security architecture solutions to new or existing problems to able to justify and communicate design decisions.
requirements-expected :
Extensive experience in information security and/or IT risk management with a focus on security, performance, and reliability.
Strong expertise in cloud technologies and integration with on-prem data centres, particularly Kubernetes and GCP.
5+ years’ experience owning and developing application and service architectures including the processes, infrastructure layers and application layers and how to integrate through SDLC build services such as CI and CD pipelines.
Extensive experience with microservice architecture in Kubernetes
Solid understanding of security protocols, cryptography, authentication, authorisation, and security.
Good understanding of the foundation of SDLC and software delivery including DevOps and DevSecOps culture.
Knowledge of Security Scanning tools and platforms including Nessus, Nessus IQ, Checkmarx, Netsparker, Aquasec (desirable but not essential).