Responsibilities:

• Developing and enhancing security controls in Deutsche Bank's Google Cloud and Microsoft Azure infrastructure - these controls are the security components of the Bank's "control plane" for each cloud service provider
• Developing features that help implement Deutsche Bank's security reference architectures for Google Cloud and Azure.
• Consulting with information security specialists in the Chief Security Office, and other infrastructure and application development teams across the Bank internationally, to understand their requirements for in-cloud security solutions
• Delivering features iteratively, using sprints and a backlog of tasks
• Using infrastructure-as-code techniques and CI/CD automation, via tools such as Terraform
• Using policy-as-code tools and techniques to specify security rules that are enforced both at build time (during the CI/CD pipeline, and with cloud-native tooling) and at run time (to detect deviations from policy, using third party and cloud-native tooling)
• Delivering in-cloud features that can be integrated with on-premises security capabilities, in areas such as access management, security logging and monitoring, and network security - so that the Chief Security Office can effectively secure and monitor its cloud infrastructure and applications, as well as its on-premise technology
• Acting as an internal expert in the native security features of the Cloud Service Providers, to advise other teams on options for improving and maintaining security
• Collaborating with other team members, and members of the wider engineering community in the Bank, on improvements to cloud engineering tooling and ways of working
• If required, acting as the security engineer embedded for a period in another application development team, working directly on developing cloud security controls for that application.

This is mostly a hands-on engineering role, not a pure management role. However, as the senior member of the local cloud security engineering team, you will also be:

• Acting as the local line manager for the team
• Assisting the Cloud Security Engineering lead to interview and select other local team members
• Introducing new team members to the ways of working of the team and the local office
• Providing technical supervision and mentoring of local team members
• Assisting the Cloud Security Engineering team lead with setting objectives and managing performance for the local team
• Providing management status reporting

Must have:

• Experienced software engineer
• Experienced in setting up and using public and hybrid cloud infrastructures
• Experienced in information security, through previous work in consultancy or corporate roles
• Leading and mentoring a team of software and/or security engineers
• Agile software/systems development
• Google Cloud Platform engineering and security
• Degree-level IT and/or information security qualification, or equivalent experience
• High quality written and spoken English
• Google Cloud Platform
• Terraform
• CI/CD tools and techniques

Nice to have:

• Microsoft Azure engineering and/or security
• Working in an international, complex, matrix-management organization
• Working with audit, control, and risk functions in a regulated organization
• Information security certification
• Cloud infrastructure, architecture, or security certification
• Microsoft Azure
• Terraform Enterprise / Sentinel
• CI/CD tools
• VCS (Github and/or Gitlab)
• Cloud Security Posture Management tools
• Behaviour Driven Development (BDD) principles and practices, such as Cucumber and Gherkin
• Typescript
• Secrets Management in cloud platforms