Specialist Security Engineer

Vacancy for a Security Engineer - Contractor requirement

Hourly rates apply

Security Engineer

Summary

Contribution to security engineering efforts within CIB to identify and track security issues in the software development lifecycle before software is release to production and defend our systems from attack. Assist product engineering teams with secure design, architecture and development through direct consultation with teams and contribution to the security knowledge base. Keep informed and involved in the security community within the bank to provide insight and context to product engineering teams.

Skill/Experience/Education

Mandatory Skills

Preferably proficient in either Java or C#

Desired Skills / Experience with:

• DevOps

• CI/CD

• Agile

• Understanding of Security platform (pref)

• Front End tools (React or Angular or JavaScript)

• Data oriented, will be dealing with reams of data

Skills

• *Demonstrable ability to find security defects in a range of client and server-side apps
• *Programming with a variety of languages including shell scripting and OO languages
• *Ability to quickly learn and implement new technologies
• *Excellent problem solving and analysis abilities
• *Understanding of security vulnerabilities, attacker exploit techniques, and remediation methods
• Good verbal and written communication
• Ability to work towards the big picture and zoom in on the specifics
• Communicating technical concepts to a non-technical audience
• Relationship building with diverse range of colleagues in various roles and levels

Knowledge & Experience

• Solid experience in information security
• Broad understanding of hosting and cloud environments
• Employing cryptography in application design
• Authentication and Authorization technologies i.e. OAuth2, OpenID Connect
• Strong Unix, Windows and networking security skills
• Programming / software development
• Security testing using offensive security testing / ethical hacking techniques
• Understanding of development frameworks
• Development of CI/CD pipelines
• Security testing and automated testing
• IT related degree / certificate or equivalent experience
• Relevant qualification e.g. CISSP/OSCP/CEH/Security+
• Broad understanding of SIEM & Defensive Technologies
• Experience developing custom scripts or tools used for vulnerability scanning and identification
• System hardening to eliminate vulnerabilities and reduce attack surface area
• Threat modeling with development teams

Activates

• Configuration / customization of platforms and technologies that provide security testing services such as SAST/DAST/SCA
• Design and build automated security testing processes across a range of technologies
• Develop reference implementations to prove and demonstrate use of security components for product engineering teams.
• Develop components to automate security testing within build processes.
• Assist product engineering teams with implementation of security components.
• Assess security tools and integrate tools where needed.
• Configure new and existing security tools to support security testing activities.
• Document security patterns relevant to product engineering teams.
• Document guidelines aligned to security standards.
• Consult with teams in security code reviews where needed.
• Develop skill in Thread Modelling and assist others with the process.
• Work across organisational structures where required to achieve the stated goals.
• Engage in learning and skills development focused on security, including achieving relevant certifications and informal security skills development through Capture The Flag exercises.
• Understand the security environment within the bank that drives the requirements for security tools, security testing capabilities and policies and standards that apply to our engineering activities.
• Keep informed on what is going on in the organisation e.g. coding standards, patterns & practices, ongoing organisational security initiatives, current incidents and risks.
• Triage and handle security issues.
• Participate in security architecture reviews.
• Contribute to security testing guidelines and wiki docs
• Participate in DevSecOps implementations, through all phases from pre-commit to after deployment

Would be great to have experience with

• Container (Kubernetes / Rancher) and Virtualization Technologies
• AWS
• Infrastructure as code processes and tools
• Banking or other regulated industries
• Azure Devops, Jenkins
• Native mobile app development