GCP Cloud Security Architect
The Team: Global Cloud Services at HSBC
Cloud First strategy - HSBC have adopted a “Cloud First” strategy in order to meet the growing market demand for speed to market, delivery flexibility and staying competitive in an increasingly challenging marketplace. The strategy is driven by a focus on business value, key focus areas being:
- Delivering improved capability – HSBC will be leveraging the Cloud Service Provider (CSP) technologies that HSBC would not have been able to provide internally at an equivalent speed, cadence, cost or quality.
- Increasing delivery flexibility – benefit from CSP elasticity and dynamic scaling of immediately available near infinite capacity, providing a cost effective edge in a rapidly changing and increasingly competitive market.
- Transforming our Cost Model – adopt a flexible on demand consumption based model, leveraging lower available pricing for commodity services freeing up funding to focus on higher value propositions.
Our Cloud First strategy has well established design principles, focussed on extracting the highest value from the cloud market with its associated resilience and security:
- Each major Cloud provider is playing a defined role within a multi-Cloud architecture.
- We are using geographical distribution for resilience and reduced latency, retaining control of the physical location of systems and data.
- Open standards and common technologies are prioritised to support contingency plans for key services.
- We are employing native Cloud services where appropriate to provide enhanced capabilities.
- We are protecting our data from attack and unauthorised access through market leading defence in depth, encryption and access management controls.
Your responsibilities will include:
Seeking a Google Cloud Platform Security Architect to collaborate across all organizations in HSBC to identify, deliver, and document the required artifacts to enable movement of applications and data to the cloud, including strategy, technical roadmaps, position statements, concepts, and logical specifications. The Cloud Security Architect will be hands-on, directly interacting with the engineering and application development teams and provide leadership to drive alignment on security requirements, influence decision makers, build relationships, and communicate strategy and architecture to the broader internal community.
- Provide a detailed understanding of cloud security and cloud infrastructure services, Threat landscape and attack scenario’s, Risks.
- Possess significant breadth across other disciplines (e.g., enterprise security architecture, compute services, storage, large-scale networking, virtualization, data center, integration architecture (API), orchestration technologies (Kubernetes, Docker, open stack), systems resiliency, service support, Secure application development lifecycle management (DevSecOps), and service delivery).
- Lead through influence, communicate effectively through clarity of thought and demonstrated understanding of business and technical requirements.
- Be a strong technologist with pragmatic view and creative mind, and a natural collaborator with line of business security architects, engineers, developers, application owners, service providers, and senior management.
Who we're looking for?
- 7+ years of hands-on experience
- Industry certifications: GIAC, CISA and/or CISSP, CSSLP
- Experience with the assessment, implementation, management and documentation of a broad set of information security technologies and processes (e.g., app security, data protection, access management, network security) within a cloud environment
- Experience working with Google Cloud Platform cloud security management / governance tools, Cloud Access Security Brokers (CASB), cloud services and 3rd party hosted services, and server virtualization products and technologies
- Experience designing cloud security solutions, including creating artifacts, models, and strategy presentations
- Experience with service-oriented architecture for cloud-based services
- Solid understanding of the end-to-end information technology (IT) process, including architecture, design & engineering, implementation, and operations
- Understanding of common industry cyber security frameworks, standards and methodologies, including; OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards
- Knowledge and technical understanding of common network protocols such as TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc. and network protocol analysis suits
- Knowledge of VM operations- and how to operate, troubleshoot, update, and upgrade production instances of VM systems
- Able to work with application teams to investigate issues caused by scanning and suggest changes to prevent future problems
- Knowledge of Threat Intelligence tools and processes, with the ability to build and sustain a program in support of the Cyber Intel Operations team
- Knowledge and understanding of 3rd party/peer/regulatory/governmental information sharing and disclosure platforms and/or processes
- Knowledge of the concepts behind what makes up the & digital footprint & of a large multinational organization
- Able to identify and define workstreams, and work across various teams to find key stakeholders, and drive the reduction of risk.
- Healthcare package for families
- Healthcare package
- Life insurance
- Medical consultations in our office
- Employee assistance programme
- Free sport clubs
- Fitness, yoga and massages in office
- Multisport card
- Financial bonus
- Hot beverages
- In-house language courses
- Financial and technology academy
- Access to leading e-learning platforms
- Car parking
- Bicycle parking