Overview
About the role
Deutsche Bank has begun a major business and technology programme to adopt public cloud services, including announcing a ten-year partnership with Google.
One critical success factor for this cloud adoption is to ensure that the Bank’s use of cloud services is secure. Therefore the Bank’s security team, the Chief Security Office, has set up a Cloud Security Enablement programme to embed security into its cloud environments, and integrate into its overall range of information security capabilities.
Within Cloud Security Enablement, one team is focused on Cloud Security Engineering. This team specialises in developing in-cloud security controls, using “infrastructure as code” and “policy as code” techniques, and a mix of cloud-native and third party solutions.
The majority of the team’s work is currently in Google Cloud Platform, with a small proportion in Microsoft Azure.
The team began in the UK and is now expanding in Bucharest. It reports functionally to the Cloud Security Engineering lead in the UK.
This role will be the first Bucharest team member, will assist in building the team in that location, and will act as the senior member of the local team.
Responsibilities
In this role you will be:
-
Developing and enhancing security controls in Deutsche Bank’s Google Cloud and Microsoft Azure infrastructure – these controls are the security components of the Bank’s “control plane” for each cloud service provider
-
Developing features that help implement Deutsche Bank’s security reference architectures for Google Cloud and Azure.
-
Consulting with information security specialists in the Chief Security Office, and other infrastructure and application development teams across the Bank internationally, to understand their requirements for in-cloud security solutions
-
Delivering features iteratively, using sprints and a backlog of tasks
-
Using infrastructure-as-code techniques and CI/CD automation, via tools such as Terraform
-
Using policy-as-code tools and techniques to specify security rules that are enforced both at build time (during the CI/CD pipeline, and with cloud-native tooling) and at run time (to detect deviations from policy, using third party and cloud-native tooling)
-
Delivering in-cloud features that can be integrated with on-premises security capabilities, in areas such as access management, security logging and monitoring, and network security – so that the Chief Security Office can effectively secure and monitor its cloud infrastructure and applications, as well as its on-premise technology
-
Acting as an internal expert in the native security features of the Cloud Service Providers, to advise other teams on options for improving and maintaining security
-
Collaborating with other team members, and members of the wider engineering community in the Bank, on improvements to cloud engineering tooling and ways of working
-
If required, acting as the security engineer embedded for a period in another application development team, working directly on developing cloud security controls for that application.
This is mostly a hands-on engineering role, not a pure management role. However, as the senior member of the local cloud security engineering team, you will also be:
-
Acting as the local line manager for the team
-
Assisting the Cloud Security Engineering lead to interview and select other local team members
-
Introducing new team members to the ways of working of the team and the local office
-
Providing technical supervision and mentoring of local team members
-
Assisting the Cloud Security Engineering team lead with setting objectives and managing performance for the local team
-
Providing management status reporting
Experience
Essential
-
Experienced software engineer
-
Experienced in setting up and using public and hybrid cloud infrastructures
-
Experienced in information security, through previous work in consultancy or corporate roles
-
Leading and mentoring a team of software and/or security engineers
-
Agile software/systems development
-
Google Cloud Platform engineering and security
Desirable
-
Microsoft Azure engineering and/or security
-
Working in an international, complex, matrix-management organisation
-
Working with audit, control and risk functions in a regulated organisation
Skills and qualifications
Essential
-
Degree-level IT and/or information security qualification, or equivalent experience
-
High quality written and spoken English
Our values define the working environment we strive to create – diverse, supportive and welcoming of different views. We embrace a culture reflecting a variety of perspectives, insights and backgrounds to drive innovation. We build talented and diverse teams to drive business results and encourage our people to develop to their full potential. Talk to us about flexible work arrangements and other initiatives we offer.
We promote good working relationships and encourage high standards of conduct and work performance. We welcome applications from talented people from all cultures, countries, races, genders, sexual orientations, disabilities, beliefs and generations and are committed to providing a working environment free from harassment, discrimination and retaliation.
