Architecture Cyber Capability Ination

Job Description

About Standard Chartered We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.To us, good performance is about much more than turning a profit. Its about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.Were committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.Overview:Cyber Security Services (CSS) is a critical function within Standard Chartered Bank. It is the CSS mission to protect the Bank from information and cyber security threats by delivering effective information and cyber security services, responding to security incidents and educating staff. The CSS function is instrumental in ensuring the Bank soundly meets its commitments to internal and external stakeholders and maintain an appropriate cyber security defence posture. Furthermore, the CSS team plays a significant part in the Bank s Here for Good vision and brand promise.The CSS team protect the Bank from cyber security threats by delivering effective information security technology services, managing and responding to security incidents to ensure, and support the continuity and growth of Bank s business operations; and meet the both internal and external stakeholders expectations across 70+ countries and territories, in which SCB operates.The importance of our mission has strengthened over time and is a principle concern for shareholders, clients, regulators and the communities we operate in. Our Bank s success depends on the CSS function to maintain the correct balance of security capabilities and risk management across all businesses and functions across our global footprint.The Function: The Application and Infrastructure Vulnerability Management domain is responsible for identifying, responding and remediating security vulnerabilities to protect the Bank from evolving and sophisticated cyber threats. This is done through periodic assessments of infrastructure, applications and services in the Bank.The CSS team is made up of cyber security thought leaders, who are accountable for the provision of a global set of cyber security services and products in order to maintain and continuously improve Bank s cyber security posture in today s ever evolving cyber security landscape.As part of the Cyber Security Services within SCB, a new Application Security Engineer role is being created which requires a highly skilled and experienced Application Security Professional to add more capability and value to the existing Application Security team in the Bank.RESPONSIBILITIES:

• Well versed with Web and Mobile application security vulnerabilities.
• Knowledge of OWASP Top 10 and SANS Vulnerabilities
• Experience conducting application security reviews.
• Understanding of modern technologies and frameworks like Docker, Kubernetes, Jenkins.
• Professional experience in a system administration role supporting multiple platforms and applications.
• Good understanding of DevSecOps methodologies.
• Triage application security vulnerabilities.
• Experience with source code repositories (e.g. GitHub, Bitbucket, etc), CI/CD pipelines, and associated security tooling.
• Hands-on experience working with SAST/DAST and related tools (e.g., AppScan Source, Fortify, WebInspect, VeraCode, etc).
• Software development or scripting experience in any one of them (Python, Shell, Java, Groovy)
• Good understanding on Mobile Application Development (either Android / iOS) and frameworks
• Open Source Utilization and
• Participate in Technical reviews/analysis.
• Ability to effectively communicate issues to multiple stakeholders.
• Assist development teams in implementing secure SDLC practices.
• Effective vendor management skills.

KEY STAKEHOLDERS:

• Application Security team
• Business stakeholders Application Development Teams
• Developers
• Vendors

COMPETENCIES (KNOWLEDGE & SKILLS):

• 8-10 or more years of Industry experience in Application Security domain.
• Proven skills in co-ordination, working with vendors and internal teams.
• Excellent oral, written communication and presentation skills
• Able to work independently or collaboratively with different teams.
• Provide creative solutions to novel problems to enable the business to operate in an effective and agile manner.
• Willingness to learn and adapt new technologies/processes as per business needs.
• Willing to work in a challenging, complex and dynamic environment.
• Security certification will be an added advantage. Cyber Security Certification and Trainings (preferred)
• CEH
• Application Security Trainings

Apply now to join the Bank for those with big career ambitions.To view information on our benefits including our flexible working please visit our career pages . We welcome conversations on flexible working.,

Keyskills :
mobile application developmentsecure sdlccyber securityrisk managementvendor managementsecurity servicesbusiness operationstechnology servicesinformation securityapplication securitycreative solutions