DevSecops Technical Analyst-2400005147

JOB SUMMARY

• Overall 8+ Years of experience in information technology out of which 4+ years of experience in Cyber security and 2+ years of experience in threat modeling.Provide technical leadership and advise team members on attack and penetration testing. Ability to work both independently as well as lead a team. Familiarity with one or more threat modeling methodologies (e.g., MITRE, STRIDE, PASTA, LINDDUN, CVSS, Attack Trees, Security Cards, hTMM, Quantitative Threat Modeling Method, VAST Modeling, OCTAVE

RESPONSIBILITIES

Strategy

• Towards delivering and living out our TTO Strategy 25 by
• Establish Strong Digital Foundations · 
• Accelerate Transformation · 
• Drive Process Excellence

Business

• Contribute to the strategic goals of the organisation through the application of technology. 
• Solve problems through the application of technical knowledge and skill, determining when and how technology can solve business problems. 
• Scope and create technical solutions that contribute to the business’s strategic goals

Processes

• Identify new areas of focus and activity for both internal and external technology communities 
• Develop and roll out best practice in Technology domain of expertise or their specialism. 
• Rescue, remediate or provide expertise on initiatives with significant technology challenge

People & Talent

• Be a role model and build the appropriate culture and values. 
• Set appropriate tone and expectations from their team and work in collaboration with risk and control partners.
• Ensure the provision of ongoing training and development of people and ensure that holders of all critical functions are suitably skilled and qualified for their roles ensuring that they have effective supervision in place to mitigate any risks. 
• Employ, engage and retain high quality people. 
• Work with internal business teams, cross-functional engineering teams, and external vendors. ·
• Effective conflict resolver and strong leadership skills to deliver on commitments and knowing when to say No to stakeholder

Risk Management

• Make recommendations (and/or implement) to relevant stakeholders on possible risk management responses to identified risks and/or findings of concerns from investigations. 
• Manage escalations on PEP / Sensitive issues requiring additional assessment and/or control

Governance

• Take personal responsibility for understanding the risk and compliance requirements of the role. 
• Understand and comply with, in letter and spirit, all applicable laws, and regulations, including those governing anti-money laundering, terrorist financing, and sanctions; the Group’s policies and procedures; and the Group Code of Conduct. 
• Effectively and collaboratively identify, escalate, mitigate and resolve risk and compliance matters. 
• Embed the Group’s values and code of conduct to ensure that adherence with the highest standards of ethics, and compliance with relevant policies, processes, and regulations among employee’s form part of the culture

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group’s Values and Code of Conduct. 
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
• Lead to achieve the outcomes set out in the Bank’s Conduct Principles

Other Responsibilities

• Embed Here for good and Group’s brand and values, Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures; Multiple functions (double hats)

OUR IDEAL CANDIDATE

EDUCATION

• Bachelor's degree in Computer Science, Software Engineering, or a related field
• Overall 8+ Years of experience in information technology out of which 4+ years of experience in Cyberand cloud technologies

TRAINING

• Experience in technical writeups, requirement gathering, documentation in cyber & cloud technologies
• Experience and practice about writing professional documents.
• Responsible for technical writeups, presentation, hackathon and roadshows
• Responsible for writing and maintaining the documentation relating cyber and cloud technologies 
• Familiarity with one or more threat modeling methodologies (e.g., MITRE, STRIDE, PASTA, LINDDUN, CVSS, Attack Trees, Security Cards, hTMM, Quantitative Threat Modeling Method, VAST Modeling, OCTAVE)
• Familiarity in Mitre Attack Navigator, Mitre Defend
• Integrate / Leverage ChatGPT to perform threat modeling
• Familiarity in Threat Modeling Automation tools and creating / consuming threat libraries
• Familiarity in tools such as AttackIQ, Cymulate, Pentera, SafeBreach, Verodin (Mandiant Security Validation)
• Exposure on programming languages
• Exposure on DevOps tools, for ex. Bitbucket, Jenkins and Artifactory
• Experience with Public Cloud platforms, f