We are the bank's security engineering team - our mission is simple - we make sure that we build and leverage secure systems and operate them at production scale in a secure way. Our engineering teams move fast and are constantly innovating, and our security engineers need to ensure we provide the right tools and processes to help them move at high velocity.
We are a builder function, we build tools and processes that bring to life the banks security standards and policies. We use security metrics to make continuous improvements to security controls and culture. We strive for automation and love Jira tickets. What is not measured, can not be improved.
We are seeking a lead security engineer who can drive security strategy and initiatives from 0 to 1. This could be across a wide range of domains covering identity, application security, cloud, DevSecOps, or detection engineering. We are open to security engineers with deep skills in one or more of these domains.
You will have excellent stakeholder management skills, and are able to operate and influence across the business.
You should be excited about shaping the future of information security by building security tools to identify and eradicate vulnerabilities across all stages of the software development lifecycle.
You will work with public cloud, terraform, commercial cloud posture security management tools, open-source and build tools that automate our security posture.
The day-to-day activities
Work with the wider security engineering team to take security requirements and build scalable applications and solutions that automate security and reduce the risk of the bank.
Own the strategy for assigned security domains, consisting of tactical initiatives and strategic multi-year decisions.
Partner with teams across the bank including SRE, Data Engineering, GenAI and Product to identify areas of security posture improvement, create the plan and execute.
Maintain standards and procedures inline with regulatory and internal policy requirements.
Lead engagements with internal and external audits that are applicable to first line technology.
Mentor junior engineers to uplift their ability across security domains, increasing the teams knowledge and standard operating procedures.
Should have relevant experience of 8+ years within information security
Experience with scripting/programming security automation.
Knowledge of cloud platforms (AWS, Serverless, managed services, containers, etc)
Excellent soft skills - able to handle pressure in a fast-paced environment. Open-minded, creative and innovative.
Relevant certifications such as CISSP, CISM, CEH, or equivalent.
In-depth knowledge of security frameworks, standards, and best practices.
Proficiency in security technologies (e.g., SIEM, IDS/IPS, firewalls, endpoint protection).
Strong understanding of network protocols, operating systems, and application security.
Excellent problem-solving, analytical, and decision-making skills.
Strong leadership, communication, and collaboration abilities.
Ability to manage multiple projects and priorities in a fast-paced environment.