Information Security Specialist

Deutsche Bank has begun a major business and technology programme to adopt public cloud services, including announcing a ten-year partnership with Google.

One critical success factor for this cloud adoption is to ensure that the Bank's use of cloud services is secure. Therefore the Bank's security team, the Chief Security Office, has set up a Cloud Security Enablement programme to embed security into its cloud environments, and integrate into its overall range of information security capabilities.

Within Cloud Security Enablement, one team is focused on Cloud Security Engineering. This team specialises in developing in-cloud security controls, using "infrastructure as code" and "policy as code" techniques, and a mix of cloud-native and third party solutions.

The majority of the team's work is currently in Google Cloud Platform, with a small proportion in Microsoft Azure.

The team began in the UK and is now expanding in Bucharest. It reports functionally to the Cloud Security Engineering lead in the UK.

This role will be one of the first members of this team in Bucharest, building and maintaining security capabilities and policies in Google Cloud Platform and Azure, and using associated security tools. The role will also help the overall team manage its work efficiently using agile ways of working, and associated tools such as Jira.

Responsibilities

In this role you will be:

• Developing and enhancing security controls in Deutsche Bank's Google Cloud and Microsoft Azure infrastructure – these controls are the security components of the Bank's "control plane" for each cloud service provider
• Developing features that help implement Deutsche Bank's security reference architectures for Google Cloud and Azure.
• Consulting with information security specialists in the Chief Security Office, and other infrastructure and application development teams across the Bank internationally, to understand their requirements for in-cloud security solutions
• Delivering features iteratively, using sprints and a backlog of tasks
• Using infrastructure-as-code techniques and CI/CD automation, via tools such as Terraform
• Using policy-as-code tools and techniques to specify security rules that are enforced both at build time (during the CI/CD pipeline, and with cloud-native tooling) and at run time (to detect deviations from policy, using third party and cloud-native tooling)
• Delivering in-cloud features that can be integrated with on-premises security capabilities, in areas such as access management, security logging and monitoring, and network security – so that the Chief Security Office can effectively secure and monitor its cloud infrastructure and applications, as well as its on-premise technology
• Acting as an internal expert in the native security features of the Cloud Service Providers, in the areas you have worked in, to advise other teams on options for improving and maintaining security
• Collaborating with other team members, and members of the wider engineering community in the Bank, on improvements to cloud engineering tooling and ways of working
• If required, acting as the security engineer embedded for a period in another application development team, working directly on developing cloud security controls for that application.

Experience

Essential:

• Experienced software engineer
• Familiar with setting up and using public and hybrid cloud infrastructures, using at least one of the major Cloud Services Providers
• Familiar with information security concepts and techniques
• Agile software/systems development

Desirable:

• Google Cloud Platform engineering and security
• Microsoft Azure engineering and/or security
• Working in an international, complex, matrix-management organisation
• Working with audit, control and risk functions in a regulated organisation

Skills and qualifications

Essential:

• Degree-level IT and/or information security qualification, or equivalent experience
• High quality written and spoken English
• One of: Google Cloud Platform, Microsoft Azure, AWS
• CI/CD tools and techniques
• Agile ways of working (such as Scrum) and maintaining the team workload in supporting tools, such as Jira

Desirable:

• Information security certification
• Cloud infrastructure, architecture or security certification
• Google Cloud Platform
• Microsoft Azure
• Terraform or Terraform Enterprise / Sentinel
• CI/CD tools
• VCS (Github and/or Gitlab)
• Cloud Security Posture Management tools
• Behaviour Driven Development (BDD) principles and practices, such as Cucumber and Gherkin
• Typescript
• Secrets Management in cloud platforms

We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.

Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group.

We welcome applications from all people and promote a positive, fair and inclusive work environment.