Job description
Global Container Security Technical Lead
Join a digital first bank that’s powered by people.
Our technology team builds innovative digital solutions rapidly and at scale to deliver the next generation of banking services for our customers around the world.
In our cybersecurity team you’ll be helping to safeguard the financial system on which millions of people depend.
You’ll be making banking more secure by designing, implementing, and operating controls to manage cybersecurity risk. You’ll help define HSBC Group cyber security standards, deliver Global Security Operations ad Threat management services, provide round-the-clock monitoring and security incident response services, and oversee Network/Application/Infrastructure Security. The work you do will provid3e assurance of the adequacy and effectiveness of security controls to Business Risk Owners.
The Container Security Technical lead will be a key part of the Secure Development team, reporting to the Global Head of Container Security and Compliance. They will, closely collaborate with peers across Cybersecurity and the business development teams to enable the rapid build of secure technology products and services, thereby reducing the risk to HSBC by enabling early identification and remediation of security vulnerabilities
As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK-based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.
In this role you will:
• Acting as the primary point of contact for container security-related matters.
• For containers technology consumed across HSBC’s platforms:
• Developing and maintaining containers security standards and best practices.
• Defining, implementing, and monitoring the containers ecosystem security posture across HSBC platforms to align with security standards and best practice.
• Providing expert guidance on container security to security control owners, including input to control documentation and metrics.
• Partnering with key stakeholders; engineering application teams, Container Security Architecture team, SDLC Federated Control Owners, Operational & Resilience Risk, CCO Technology, Cybersecurity Risk & Control Strategy and Cybersecurity Business Engagement.
• Defining and implementing observability requirements to enable timely identification of high-risk breaks, drifts, vulnerabilities.
• Conducting security assessments of strategic and preferred containers platforms/workloads by leveraging observability provided by control operators e.g. image build process, orchestration, and deployment pipeline.
Requirements
To be successful in this role you should meet the following requirements:
• Experience of working with containers (Kubernetes/ other container orchestration; AWS, GCP, Azure, AliCloud). Experience of working on cloud platforms.
• Service management/ product ownership.
• Experience on integration & automation of various security technologies especially container security tools (e.g. scanners, CNAPP, etc.) within DevOps tooling pipeline (Jenkins, GitHub, Chef, Ansible, Nexus, etc).
• Experience in cybersecurity principles, assessment and triage for security flaws and common vulnerabilities for web and mobile applications.
• Ability to understand and assess both threats and vulnerabilities, articulating these to both technical and business stakeholders.
• Ability to accommodate changes in vulnerability scanning tooling trend to cover, in addition to known CVEs issues such as misconfigurations and secrets identification.
• Professional IT Security qualifications and/or certification.
• An inquisitive approach, always asking how to achieve goals in a smarter and more effective way.
• An ability and interest to learn and experiment with new approaches to vulnerability management, in different contexts, across the amazing scale that HSBC brings.
This role is based in Sheffield .
Opening up a world of opportunity
Being open to different points of view is important for our business and the communities we serve. At HSBC, we’re dedicated to creating diverse and inclusive workplaces. Our recruitment processes are accessible to everyone - no matter their gender, ethnicity, disability, religion, sexual orientation, or age.
We take pride in being part of the Disability Confident Scheme. This helps make sure you can be interviewed fairly if you have a disability, long term health condition, or are neurodiverse.
If you’d like to apply for one of our roles and need adjustments made, please get in touch with our Recruitment Helpdesk:
Email: hsbc.recruitment@hsbc.com
Telephone: +44 207 832 8500