Lead, Security Engineering - Singapore - Standard Chartered

Standard Chartered

Verified Company

Singapore

1 week ago

Posted by:

Wei Jie

beBee Recruiter

Description

Job:
Technology

Primary Location:
Asia-Singapore-Singapore

Schedule:
Full-time

Employee Status:
Permanent

Posting Date: 03/Jul/2023, 2:42:33 AM

Unposting Date: 17/Jul/2023, 5:59:00 PM

Role Responsibilities
We are seeking a highly motivated and experienced Cloud Security Hands-On Engineer to join SCB. The Cloud Security Hands-on Engineer will be responsible for designing, developing, implementing, and maintaining information systems.

This will include developing a deep understanding of our cloud architecture, identifying and mitigating potential security threats and vulnerabilities, and collaborating with other teams to ensure our security measures are effective.

Strategy

Responsibilities that are related to the development and implementation of a strategy, for example, Awareness and understanding of the Group's business strategy and model appropriate to the role.

Business

Responsibilities related to the delivery of business and/or financial objectives, for example, Awareness and understanding of the wider business, economic and market environment in which the Group operates

Processes

Reference the processes for which the Role Holder is responsible, as per the Operational Risk Framework definition of first / second line, for example, Responsible for executing and supervising the Budget process

People & Talent
Reference all responsibilities related to people and talent matters, for example:

Lead through example and build the appropriate culture and values. Set appropriate tone and expectations from their team and work in collaboration with risk and control partners.
Ensure the provision of ongoing training and development of people and ensure that holders of all critical functions are suitably skilled and qualified for their roles ensuring that they have effective supervision in place to mitigate any risks.
Employ, engage and retain high quality people, with succession planning for critical roles.
Responsibility to review team structure/capacity plans.
Set and monitor job descriptions and objectives for direct reports and provide feedback and rewards in line with their performance against those responsibilities and objectives.

Risk Management

Responsibilities relating to identifying, assessing, monitoring, controlling and mitigating risks to the Group, as well as an awareness and understanding of the main risks facing the Group and the role the individual plays in managing them. For example
The ability to interpret the Group's financial information, identify key issues based on this information and put in place appropriate controls and measures

Governance

Responsibilities relating to the direction, planning, structure, frameworks (e.g. processes and policies) and oversight. For example, Responsible for assessing the effectiveness of the Group's arrangements to deliver effective governance, oversight and controls in the business and, if necessary, oversee changes in these areas; Awareness and understanding of the regulatory framework, in which the Group operates, and the regulatory requirements and expectations relevant to the role

Key stakeholders

Application Development Community, DevOps Engineering, Security Architecture, Security Engineering, Control Owners.
8+ years of Information Security or engineering experience.
2+ years of direct experience in at least one Public Cloud (AWS or Azure).
Hands-On Proficiency in scripting and coding using Bash, Python, IaC (Terraform, Cloud formation, Azure ARM).
Experienced in the SDLC, including requirements analysis, design, development, testing, deployment, and maintenance. (Tools like Junit, Postman, Burp, Terratest, Sentinel, Misconfig test, OPA,etc.,)
Experience with Azure technologies in general, such as Service Fabric, Application Service Environment, Azure Kubernetes Service, Azure DevOps, Azure Monitor, Azure Sentinel, Azure Defender Suite, Azure SQL, Cosmos, Azure APIM, Azure AD, Azure OMS/Application Insights, Global Traffic Manager, etc.
Experience with AWS technologies, such as CodePipeline, CodeBuild, CodeDeploy, CodeStar, Guardrails, Amazon ECS, AWS Lambda, etc.
Extensive knowledge in analyzing the contents and the build process of a container image in order to detect security issues, vulnerabilities or potential risks. Opensource tools such as Dagda, Clair, Trivy, Anchore, etc., can be leveraged for container image analysis.
Work closely with Product Security, Engineering, Operations, and Corporate Security to define security strategy and execute on it. Implementing automation to enable developers to easily consume security services.
Enforce standard methodologies, processes and tools and ensure compliance to enterprise architecture, global information security policies and engineering strategy.
Validate adherence to AWS and Azure governance standards for policy definitions, rolebased access controls, ARM Templates, resource