Our Technology teams work closely with Bank's global businesses to help design and build digital services that allow our millions of customers around the world; to bank quickly, simply and securely. We also run and manage our IT infrastructure, data-centres and core banking systems that power the world's leading international bank.
Our multi-disciplined Technology teams include amongst others: DevSecOps engineers, IT architects, front and back-end developers, infrastructure specialists, cybersecurity experts, and delivery, project and programme managers.
Following extensive investment across our Technology and Digital domains and with plans for continued expansion throughout 2021 and beyond, we are currently seeking a Global Head of Vulnerability Management to join the Cybersecurity team within Technology.
Brief overview of the business areas
Global Cybersecurity is responsible for enabling businesses and functions to manage their information, technology and cybersecurity risks by ensuring these are well-understood, and that controls used the manage such events are defined, assessed and implemented appropriately. Cybersecurity predominantly deliver this via objective, independent, professional and specialized subject matter experts. The role forms part of the first line of defence in relation to the risk management framework.
The Cybersecurity Assessment and Testing (CSAT) function, part of Global Cybersecurity, is accountable for Vulnerability Management, Secure Development (inc. DevSecOps), Threat and Controls Assessment (inc. threat modelling) and Third Party Security Assessment. The function drives the identification, capture, assessment, testing/verification and ultimately the remediation of security defects, gaps and vulnerabilities across Bank's estate in conjunction with business and technology teams - on-premise, within the Cloud and for those resulting from third party engagements.
The role will report to the Development lead, working within an agile, DevSecOps environment. The role will be responsible for architecting, designing, developing, automating, deploying, and integrating tools within the global cybersecurity vulnerability management systems. The role will partner with the Secure Development team to design, create and evaluate solutions for day to day problems as well as working closely with Pen Testers and Application Security Engineering to integrate their tools and support the end-to-end secure deployment of security technologies across the Bank.
Some travel may be required.
The role will be accountable for the following:
- Designing, developing, implementing, and supporting integration pieces for the various tools within the Vulnerability Management estate
- Implementing the agreed software system architecture
- Defining and implementing data structures, system designs and patterns
- Designing and implementing scalable web services, applications, and APIs
- Developing tools and scripts for reporting for operational teams across Cybersecurity
- Identifying bottlenecks and improving software efficiency
- Collaborating with the design team on the development of micro-services
- Troubleshooting and bug fixing
- Ensuring that issues raised in their area are solved and followed to conclusion
- Writing technical documents to support items that have been developed and delivered by the team.
- Proposing new technologies and techniques to quickly and comprehensively identify vulnerable infrastructure and platforms
- Collaborating with stakeholders at various levels across Cybersecurity and other IT teams, to develop solutions that protect the bank.
- Designing and driving the implementation of service offerings, capability uplifts, and process improvements to protect the bank from a continuously changing threat landscape
- Acting as a coach and mentor for other team members
- Previous experience as a full stack engineer in an agile, DevSecOps environment
- 10+ years experience of back-end languages (Python is a must - any other is a +)
- 10+ years experience of Scripting Skills (Python is a must - any other is a +)
- 10+ years experience of Debugging (e.g. stack traces, log files and other system outputs)
- 10+ years experience of SQL (e.g. MySQL, DB2, Oracle, MongoDB, PostgreSQL)
- 5+ years experience of Networking (e.g. TCP/IP, Subnetting, Firewalls, etc)
- 5+ years experience of System Administration (e.g. configuring /managing servers, Linux /Windows)
- 5+ years experience of Cloud Engineering (e.g. Alibaba, GCP, AWS, Azure)
- 5+ years experience of containers (e.g. Docker, Kubernetes)
- Knowledge of Vulnerability Scanning /Pen Testing /Red Teaming and associated scanning and consolidation products
- Knowledge of working with application security tools (e.g. SAST, DAST, MAST)
- Knowledge of Governance, Risk & Compliance processes
- Knowledge of Patch Management processes
- Automation and Orchestration driven mindset
- Good verbal and written communication skills
- Ability to work and lead in a fast paced, team focused environment with a proven track record of delivering and completing assigned tasks as an individual and as team
- Willingness to continuously learn and share learnings with others
Luxoft, a DXC Technology Company, is a global digital strategy and software engineering firm with about 18,000 international employees within its 44 offices in 21 countries. It is headquartered in Zug, Switzerland.
In 2000, Luxoft was established in Moscow under the direction of Dmitry Loschinin. In 2008 it acquired ITC Networks in Bucharest. In 2013, Luxoft was listed on the New York Stock Exchange, following an initial public offering of 4.1 million shares at $17.00 per ordinary share.
In January 2019, Luxoft was acquired by U.S. company DXC Technology. Luxoft partnered with LG Electronics to create a next-generation Autonomous Mobility concept vehicle that integrates consumers' personalized digital lifestyles into a driving experience. Luxoft enabled Switzerland's first Blockchain based e-vote platform with the City of Zug and Hochschule Luzern's Blockchain Lab.
Luxoft, a DXC Technology Company is a world-renowned company. It has been present on the Polish market for over 11 years. We have offices in Krakow, Warsaw, Wroclaw, and Tri-City. We employ almost 2,000 experienced experts carrying out projects for over 40 clients from the financial, automotive, medical, tourist industries, etc. We work for many international clients, including the USA, Great Britain, and Switzerland.
So far, Luxoft Poland has made a name for itself as a company that offers work on innovative projects, we offer various experiences in the field of IT, opportunities for rapid development, an extensive training program, and attractive benefits for employees.
At present, 62% of Luxoft Poland employees come from Poland, and 38% from around 50 countries, including Ukraine, Brazil, Russia, India, Belarus, Turkey, Spain, Portugal, Italy, Romania, USA, etc.
At Luxoft, a DXC Technology Company, as much as 85 percent of employees are experts with the "Senior" experience level, with at least five years of experience. We care about our employees, so every day we try to provide them with the best possible conditions for work and development.
Technology is our passion! We focus on top engineering talent means that you will be working with the best industry professionals from around the world. Because of that, Luxoft is a global family with an epic atmosphere – we love what we do!