Purpose of the job:
- Design, implement and contribute to the operations of information and cyber security processes, technology, and capabilities
- Ensure security by design by providing security engineering and architecture services to IT functions in the scope of projects
- Provide security expertise and support the increased adoption of cloud technologies through implementation of modern security capabilities
- Provide advice and guidance to business units on implementation of controls for cloud based applications and services
- Support software developers by integrating security practices into the Software Development Lifecycle
Provide internal management, expert advice and operational experience on information security risk and control matters throughout the organisation. This includes:
- Design, Deploy and Operate the Bank’s Cyber Security technologies in direct support of the Security Operations Centre (SOC). This includes a wide spectrum of security technologies including IDS/IPS, SIEM, Vulnerability Management, Identity Governance, Privilege Access Management, and SOAR.
- Support the Bank’s IT and Enterprise Architects in planning and evaluating fundamental changes to the Bank’s core IT infrastructure, ensuring that security is baked in from day one.
- Extending the functionality and capabilities of security solutions through specialized and tailored development of rules, scripts, and software solutions to meet operation security requirements.
Security Standards and Hardening
- Advice on the secure configuration of systems, appliances, and applications used by the Bank.
- Lead major IT projects related to the implementation and/or modernization of security capabilities supporting the Bank’s Cyber Defence or Cyber Protection mandates.
Your qualification and work experience:
- Master degree or equivalent experience in an engineering, computer sciences or quantitative discipline
- Experience as an application architect, senior system developer or senior system engineer
- Exposure to security engineering related concepts
- Track record of on-going technical education and/or professional expertise development in the areas of IT and security
- Credible track record as technical lead and/or project manager
- Security Development skills including demonstrated experience in automating security tasks through vendor provided APIs
- Experience with Scripting and Rule Development preferably in: Python, Bash, Regular Expression Development, SQL Query Language, SNORT, PowerShell
- Strong Understanding of cloud architecture and application of security controls to cloud environments
- Experience in leveraging cloud solutions to improve security, in particular: Microsoft Azure, Microsoft Office 365, Endpoint Detection and Response
- Experience with deploying and operating security technologies
- Good understanding of mobile related technologies, virtualization, and containers
- Good understanding of the landscape of security solution providers
- Familiar with industry-recognized key critical controls (e.g. SANS or equivalent)
- Familiar with secure software development tools and procedures including secure code review, third party component management, and static code analysis
- Familiar with common application security weaknesses (e.g. OWASP Top 10)
- Strong analytical capabilities and data-analysis skills
- Good communication skills both with technical experts and senior management
- Team player but technically autonomous
- Certification in security-related disciplines and technologies would be an advantage (accreditation such as CISSP or CISA a plus)
What you can expect in return
Simply put, we want your time at the BIS to be a career-enriching experience. We offer a genuinely unique international working environment with colleagues from more than 60 countries, which will give you a broad exposure to a number of business areas and expert networks. You will also receive a competitive compensation package net of tax, including health insurance, and comprehensive support to help you relocate smoothly.
The BIS is fully committed to equal opportunity employment and strives for diversity among its staff