Description:

The Cloud and Container Security Manager is a hands-on technical manager role responsible for the day-to-day operations of the team and part of the broader Attack Surface Management group.

In this role, you will help define, drive, and deliver the vision and strategy for the team to ensure that it aligns with the overall Vulnerability Management and Cloud Compliance Program. You will demonstrate extraordinary organizational and cross-functional communication skills to drive the Secure Software Development Lifecycle (SSDLC) at the bank and will understand risk analysis and have excellent business acumen. Most importantly, you will motivate, mentor, train and help develop staff to maintain a highly effective and passionate team.

• Communicating security issues to a wide variety of internal and external customers to include technical teams, executives, risk groups, vendors and regulators
• Maintaining a deep understanding of current threat, vulnerabilities, attacks, countermeasures and how to respond effectively to them while providing training to the rest of the team on these items
• Integrating cloud and container security requirements into DevOps & CI/CD pipelines, working collaboratively with Agile and non-Agile teams
• Developing meaningful operational and security centric metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk
• Continuously maturing the Cloud and Container Security Program by identifying appropriate technologies, policies, communication channels, organizational structures, and relationships with third parties
• Ability to be adaptable and flexible while working in a dynamic environment
• Foster and maintain relationships with key stakeholders and business partners both regionally and globally
• Excellent oral and written communications skills
• Serve as the escalation point for all matters of the team
• Be innovative, think strategic, and challenge the status quo

• 5 or more years of progressive technical security industry experience, preferably in driving and implementing secure development practices into the Secure Software Development Lifecycle (SSDLC) and integration into an organization's development processes and pipeline
• Experience as a technical lead or manager of a team responsible for developing and integrating technical solutions for Cloud and Container security
• Possess strong technical security skills and comprehension of security and risk
• 3 ore more years' experience in Container, Cloud, SSDLC and Threat Modelling
• Deep understanding of OWASP Top 10 and CWE
• Deep understanding of web application design, container/cloud development, vulnerabilities, runtime, and architecture.
• Experience with developing and scripting in languages (Java, .NET, Python, C#, PowerShell, etc.)
• Experience in managing security testing tools like Prisma Compute, Prisma Cloud
• Managing and developing agile deployment methodologies/processes for Cloud and Containers
• Knowledge of MITRE ATT&CK and the cyber kill chain frameworks

• One or more relevant security certifications (LPT, OSCP, GWAPT, GWEB, GCIA, GSNA, GCSA, CISSP, CISM, CISA, CEH, GIAC, GPEN, GCED, Security +)
• Public Cloud Service Provider certifications, preferably for AWS and Azure at a minimum
• Bachelor's Degree or equivalent combination of experience