Security Engr - Chennai, India - Standard Chartered

Standard Chartered
Standard Chartered
Verified Company
Chennai, India

1 month ago

Deepika Kaur

Posted by:

Deepika Kaur

beBee Recuiter
Description

Job:
Technology


Primary Location:
Asia-India-Chennai


Schedule:
Full-time


Employee Status:
Permanent


Posting Date: 16/Jul/2023, 10:19:05 PM


Unposting Date:
Ongoing


The Role Responsibilities

Job Role
We are seeking a highly motivated and experienced Cloud Security hands-on Engineer to join SCB. The Cloud Security hands-on Engineer will be responsible for designing, implementing, and maintaining our cloud-based security infrastructure.


This will include developing a deep understanding of our cloud architecture, identifying and mitigating potential security threats and vulnerabilities, and collaborating with other teams to ensure our security measures are effective.

Atleast 6 years of experience with

  • 4 years of Information Security or engineering experience.
  • 2 years of direct experience in at least one Public Cloud (AWS or Azure).
  • Work closely with Product Security, Engineering, Operations, and Corporate Security to define security strategy and execute on it. Implementing automation to enable developers to easily consume security services.
  • Enforce standard methodologies, processes and tools and ensure compliance to enterprise architecture, global information security policies and engineering strategy.
  • Validate adherence to AWS and Azure governance standards for policy definitions, rolebased access controls, ARM Templates, resource groups and Azure Blueprints.
  • Identify security tools and lead operationalization of solutions from POC to Production, e.g. API Threat Protection, Container Security, etc Streamline POC processes.
  • Work with SRE and Engineering to implement a chaostesting methodology and toolkit. Integrating security tools issue tracking with Jira.
  • Implement automation to investigation and response workflows for Automated Incident Response.
  • Interview, hire, and create onboarding plans for new or transferred employees.
  • Encourage others to seek opportunities for different and innovative approaches to addressing problems; facilitate the implementation and acceptance of change.
  • Stay current on threats, vulnerabilities, and controls.
  • Familiarity with SecOps processes i.e. detection, monitoring, alerting and threat intelligence.
  • Hands-On Proficiency in scripting and coding using Bash, Python, IaC (Terraform, Cloud formation, Azure ARM).
  • Participate in the entire lifecycle of software development, including requirements analysis, design, development, testing, deployment, and maintenance. (Tools like Junit, Postman, Burp, Terratest, Sentinel, Misconfig test, OPA, etc).
  • Extensive knowledge in analyzing the contents and the build process of a container image in order to detect security issues, vulnerabilities or potential risks. Opensource tools such as Dagda, Clair, Trivy, Anchore, etc. can be leveraged for container image analysis.
  • Familiar with Opensource tools such as Jenkins, etc can be leveraged to build the CI / CD pipelines, and DefectDojo and OWASP Glue can help in tying the checks together and visualizing the check results in a single dashboard.
  • Handson experience in Opensource tools such as truffleHog, gitsecrets, GitGuardian and similar can be utilized to detect such vulnerable management of secrets.
  • Expert knowledge with integrating crucial security tasks into CI / CD pipelines.
  • Strong knowledge of software development methodologies and the software development lifecycle.
  • Strong knowledge of container security and secrets management.
  • Experience with Azure technologies in general, such as Service Fabric, Application Service Environment, Azure Kubernetes Service, Azure DevOps, Azure Monitor, Azure Sentinel, Azure Defender Suite, Azure SQL, Cosmos, Azure APIM, Azure AD, Azure OMS / Application Insights, Global Traffic Manager, etc.
  • Experience with AWS technologies, such as CodePipeline, CodeBuild, CodeDeploy, CodeStar, Guardrails, Amazon ECS, AWS Lambda, etc.
  • Working experience with configuration management.
  • Produce and streamline audit evidence.

Strategy


Responsibilities that are related to the development and implementation of a strategy, for example, Awareness and understanding of the Group's business strategy and model appropriate to the role.


Business


Responsibilities related to the delivery of business and / or financial objectives, for example, Awareness and understanding of the wider business, economic and market environment in which the Group operates.


Processes


Reference the processes for which the role holder is responsible, as per the Operational Risk Framework definition of first / second line, for example, Responsible for executing and supervising the Budget process.


People and Talent

  • Lead through example and build the appropriate culture and values.
  • Set appropriate tone and expectations from their team and work in collaboration with risk and control partners.
  • Ensure the provision of ongoing training and development of people and ensure that holders of all
More jobs from Standard Chartered
See all jobs of Standard Chartered