Bank has begun a major business and technology programme to adopt public cloud services, including announcing a ten-year partnership with Google.
One critical success factor for this cloud adoption is to ensure that the Bank's use of cloud services is secure. Therefore the Bank's security team, the Chief Security Office, has set up a Cloud Security Enablement programme to embed security into its cloud environments, and integrate into its overall range of information security capabilities.
Within Cloud Security Enablement, one team is focused on Cloud Security Engineering. This team specialises in developing in-cloud security controls, using "infrastructure as code" and "policy as code" techniques, and a mix of cloud-native and third party solutions.
The majority of the team's work is currently in Google Cloud Platform, with a small proportion in Microsoft Azure.
The team began in the UK and is now expanding in Bucharest. It reports functionally to the Cloud Security Engineering lead in the UK.
This role will be the first Bucharest team member, will assist in building the team in that location, and will act as the senior member of the local team.
In this role you will be:
- Developing and enhancing security controls in Deutsche Bank's Google Cloud and Microsoft Azure infrastructure - these controls are the security components of the Bank's "control plane" for each cloud service provider
- Developing features that help implement Deutsche Bank's security reference architectures for Google Cloud and Azure.
- Consulting with information security specialists in the Chief Security Office, and other infrastructure and application development teams across the Bank internationally, to understand their requirements for in-cloud security solutions
- Delivering features iteratively, using sprints and a backlog of tasks
- Using infrastructure-as-code techniques and CI/CD automation, via tools such as Terraform
- Using policy-as-code tools and techniques to specify security rules that are enforced both at build time (during the CI/CD pipeline, and with cloud-native tooling) and at run time (to detect deviations from policy, using third party and cloud-native tooling)
- Delivering in-cloud features that can be integrated with on-premises security capabilities, in areas such as access management, security logging and monitoring, and network security - so that the Chief Security Office can effectively secure and monitor its cloud infrastructure and applications, as well as its on-premise technology
- Acting as an internal expert in the native security features of the Cloud Service Providers, to advise other teams on options for improving and maintaining security
- Collaborating with other team members, and members of the wider engineering community in the Bank, on improvements to cloud engineering tooling and ways of working
- If required, acting as the security engineer embedded for a period in another application development team, working directly on developing cloud security controls for that application.
This is mostly a hands-on engineering role, not a pure management role. However, as the senior member of the local cloud security engineering team, you will also be:
- Acting as the local line manager for the team
- Assisting the Cloud Security Engineering lead to interview and select other local team members
- Introducing new team members to the ways of working of the team and the local office
- Providing technical supervision and mentoring of local team members
- Assisting the Cloud Security Engineering team lead with setting objectives and managing performance for the local team
- Providing management status reporting
Who we're looking for?
- Experienced software engineer
- Experienced in setting up and using public and hybrid cloud infrastructures
- Experienced in information security, through previous work in consultancy or corporate roles
- Leading and mentoring a team of software and/or security engineers
- Agile software/systems development
Google Cloud Platform engineering and security
Degree-level IT and/or information security qualification, or equivalent experience
- High quality written and spoken English
- Google Cloud Platform
- CI/CD tools and techniques
- Microsoft Azure engineering and/or security
- Working in an international, complex, matrix-management organization
Working with audit, control and risk functions in a regulated organization
Information security certification
- Cloud infrastructure, architecture or security certification
- Microsoft Azure
- Terraform Enterprise / Sentinel
- CI/CD tools
- VCS (Github and/or Gitlab)
- Cloud Security Posture Management tools
- Behaviour Driven Development (BDD) principles and practices, such as Cucumber and Gherkin
- Secrets Management in cloud platforms