Description:
Deutsche Bank has a major business and technology program to adopt public cloud services, including a ten-year partnership with Google. The Bank’s security team established a Cloud Security Enablement program to embed security into its cloud environments and integrate into its overall range of information security capabilities. Within Cloud Security Enablement, our team focuses on Cloud Security Engineering and specializes in developing in-cloud security controls (guardrails) using infrastructure-as-code, policy-as-code techniques, and a mix of cloud-native and third-party solutions. We are looking for an information security expert in Cloud Security Engineering to analyze and specify how to secure cloud services in Google Cloud Platform and Azure, and to help the Bank innovate and adopt public cloud at scale, while protecting its data. You’ll need to have a blend of security, engineering, and cloud skills, and a passion for cloud security.
What You’ll Do
- Analyze the security features and needs of cloud services that have been requested by the Bank’s application developer community, based on vendor documentation and your own hands-on experimentation
- Specify security rules for guardrails that can be enforced both at build time (during the Continuous Integration/Continuous Deployment (CI/CD) pipeline) and at run time (to detect deviations from policy), using third party and cloud-native tooling
- Identify other security-enforcing measures that are needed to make the cloud services safe to use, and work with the owners of those solutions to plan the implementation
- Clearly document your analysis, any residual risks that you have identified, and the implementation plan for controls; and present this to stakeholders for their review and agreement
- Collaborate with other engineers to ensure specifications are implemented in policy-enforcing tools, and contribute to the team’s tooling strategy, and act as an internal expert in the security features of cloud services, to advise other teams on options for improving and maintaining security; contributing to or reviewing architectural reference documents for those cloud services
- Periodically revisit the analysis and guardrail specification of past services, to take account of changes made by the vendor, and how the Bank’s developers want to use the services
Skills You’ll Need
- Experience in information security and public cloud technologies
- Understanding of Google Cloud Platform or Microsoft Azure, with the ability to go hands-on to investigate the platforms’ security features
- Exposure to current development techniques such as agile, CI/CD pipelines, Terraform
- Awareness of cloud security products such as Cloud Security Posture Management tools with the ability to write and explain your ideas in a very clear and concise way, tailoring your style to the knowledge of the audience
- Understanding of an international, complex, matrix-management organization and working with audit, control, and risk functions in a regulated organization