About the opportunity

Protect our bank and our customers by ensuring products are secure before being released into production. In this role you will focus on Application Security, Cloud Security Posture Management, and Vulnerability Disclosure Program management across development and engineering. You will also be responsible for security advisory and building security as code to engineer solutions across technology with specific focus on the areas of Cloud and Application Security to manage Cyber risks.

You will get the opportunity to work with the newest technologies, whilst also having access to learning and development platforms plus the opportunity to get certified in cloud technologies.  Our community is a place to thrive in if you enjoy working in a changing environment and thinking of creative solutions.

In this role you’ll get to…

• Enable Secure Development (DevSecOps) practices by embedding Static Application Security Testing (SAST), Software-Composition Analysis (SCA), Infrastructure as Code scanning (IAC) and Dynamic Application Security Testing (DAST) on Application and Infrastructure artifacts within CI/CD pipelines.
• Uplift Cloud Security Posture Management (CSPM) capability through tuning risky configuration detection policies and prescribing and codifying guardrails for secure configuration of cloud infrastructure.
• Build repeatable Security requirements into codifiable engineering patterns using a Security as Code approach.
• Support the management of Vulnerability Disclosure Program and build processes to manage findings.
• Perform Security Configuration reviews and provide security best practice guidance.
• Embed automation where required to remove manual intervention and speed up security issue detection and management.

What you’ll bring to the role

To be successful in the role you will have:

• Experience as a Developer or previously worked closely with Developers to build secure Applications.
• Experience with Static and Dynamic Analysis tools and the implementation within build pipelines.
• Experience with container technologies (Docker/Kubernetes) and use of cloud services. With understanding of cloud platforms security across AWS and/or GCP.
• Experience in the use Cloud Security Posture Management (CSPM) or Cloud Native Application Protection Platforms (CNAPP) tools.
• Understanding of secure coding and secure coding reviews.

We offer flexible work options that put our people first, and a hybrid model with at least 60% of your working week spent in the office.

We believe a diverse workforce supported by an inclusive culture is central to our success and we actively encourage applications from those who bring diversity of thought to our business. We support candidate requests for adjustment to accommodate an illness, injury, or disability to equitably participate in the selection process.

If this sounds like an opportunity for you check out the attached Position Description and apply.  INFORM~2.DOC

Please note, all internal candidates are required to notify their immediate leader when applying for a new career opportunity and you will be asked to acknowledge they have done so upon submission of your application.

Please contact the Hiring Leader Thilina Senevirathna (Service Owner Security Assurance Design and Testing) or Kate Weston (Senior Talent Acquisition Advisor) for a confidential discussion if there are any concerns meeting this requirement during the application process, or if you would like to discuss the position further. 

For more information, check out the Application Process for Internal Candidates page. 

Still in two minds?

Research suggests 60% of women and underrepresented groups might stop here, even after getting as far as drafting an application. We believe that diversity makes every team stronger, so even if you don’t tick every box we still want to see your application!

Please note shortlisting and interviews may take place prior to the advertised close date, so don't delay apply now!