Job Description

Sheffield

Key Responsibilities
•    Contributing to the container security program objectives, implementing solutions, defining standards and best practice to continually advance a secure enterprise container adoption program.
•    Providing expert guidance and hands on advice on container security to security control owners, including input to control documentation and metrics. 
•    Partnering with key stakeholders; engineering application teams, Container Security Architecture team, SDLC Federated Control Owners, Enterprise Risk Management (ERM), CCO Technology, Cybersecurity Risk & Control Strategy and Cybersecurity Business Engagement.
•    Partnering with Information Technology Service Owners to integrate container security tools into their containers lifecycle to give them early insight into potential issue that would impact ‘go live’.
•    Defining and implementing observability requirements to enable timely identification of high-risk breaks, drifts, vulnerabilities.
•    Conducting security assessments of strategic and preferred containers platforms/workloads by leveraging observability provided by control operators e.g. image build process, orchestration, and deployment pipeline.
•    Providing input to the Security Operation Center (SOC) and Incident management team as necessary in responding to security incidents within containers platforms.
•    Ensuring containers ecosystem comply with relevant industry regulations and standards (e.g. PCI-DSS, NIST, CIS).
•    Support continuous capabilities assessments by setting up containers environments for assessing new security tools functionality and onboarding requirements.

What you will bring to the role
To be successful in this role you should have proven experience within the Technology sector with knowledge of the following skills:
•    Experience of working with containers (Kubernetes/ other container orchestration; AWS, GCP, Azure, AliCloud).
•    Experience of working on cloud platforms e.g. deploying cloud workloads and infrastructure.
•    Experience in automation script e.g. Terraform, cloud formation, helm charts etc.
•    Experience on integration & automation of various security technologies especially container security tools (e.g. scanners, CNAPP, etc.) within DevOps tooling pipeline (Jenkins, GitHub, Chef, Ansible, Nexus, etc).
•    Experience in a major programming language such as Python or Java, and associated tooling (Git, Maven, IDEs, Jenkins, Github etc.)
•    Experience of security fundamentals with relation to a k8s platform and DevSecOps
•    Highly motivated self-starter with excellent interpersonal and problem-solving skills
•    Strong oral and written communication skills

Location
The role-holder is expected to engage with stakeholders and their teams, which could be up-to 3 days a week in the office.   

͏

Deliver