The Role Responsibilities
Work with Security Automation and tools around it, including but not limited to AWS Lambda, RunDeck, Jenkins, Terraform, Ansible, etc
Manage security program development, security architecture, security tools and technology
Well versed in OWASP API Top 10 Security Threats and API security best practices
In depth knowledge and technical expertise on REST API and SOAP Security
Familiar with the use of API security tools not limited to (Postman, Swagger and JMeter)
Steer the shaping and delivering of cutting-edge service offerings using industry-leading tools
Lead hands-on implementation processes across multiple leading-edge technologies
Perform security design reviews with development and product teams
Create and foster a security culture in cloud operations and development
Test and evaluate 3rd party security technologies and tools
Define and implement security monitoring and response procedures
Produce and present security reports and roadmaps for management
Regularly assist team members with maintenance, tuning, and implementation of Web Application Firewall, Content Delivery Network & other application layer security configurations as needed.
Understand project approach to technical deployments for critical cyber security services including Infra DDoS Protection, Application Layer Security, TLS / SSL Certificates, Web Resilience & DNS Protection.
To work effectively under pressure to prioritize project and BAU tasks per need / criticality.
Participate in the Security Audits and Assessments.
To quickly grasp the network design, application / infrastructure security concepts, techniques, technologies, and tools
Should be able to adjust and work with diverse skilled team members.
Provide contributions as assigned to any / all departmental projects, as assigned by management.
Creation and regular maintenance of client impacting security issues & administrative / maintenance tasks.
Participate in planning and coordinating installations, upgrade, migration and configuration.
To contribute developing and maintaining optimal network performance, enforcing security measures and establishing good working relationship with the senior management and clients in order to facilitate a long-term technological direction and vision.
Take part in red-team and offensive security exercises where applicable
Support and deliver upon assigned security projects
Architect, deploy and maintain proactive security tools including, but not limited to : Web Application Firewalls, DDoS Protection, Bot Mitigation (web applications), API Protection and custom tools
Participate in Security Incident On-call rotation
Responsible to deliver the Banks Secure Web Defence Service
Regulatory & Business Conduct
Display exemplary conduct and live by the Group’s Values and Code of Conduct.
Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank.
This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
Technology Services End User Services; Core Infra Services Networks; Second Line and Third Line of Defence
Documents solution requirements given business and technical objectives
Defines, creates, and maintains WAF, CDN and DDoS Configurations.
Understands various proxy authentication methods with relation to a domain environment
Serves as a primary responder as part of Major Incident Management taking ownership on resuming services.
Perform root cause analysis and troubleshooting effort for production deployment
Functions as a liaison between the Bank and Vendor Technical Support teams as part of Incident and Problem Management
Competent in reporting issues, anomalies and problems through proper channels (i.e., Incident, Problem Management from technical support)
Able to analyse Packet capture (Wireshark, tcp dump) to identify the Network level issues
Performs other duties relevant to deployment and security operations as assigned
Our Ideal Candidate
Bachelor’s Degree in Computer Science, IT / Information Systems.
Overall 4 years of combined IT and Info Security work experience with a broad range of exposure to Information Security Systems
3+ Years' experience in Network Security related technologies (Web Application Firewalls, Bot Protection, API Protection, DNS Security, DDoS Protection, etc)
1+ Years' experience in log correlation SIEM solutions like Splunk
Experience with Security Automation and tools around it
Visit our careers website