Purpose of the Role
To develop, implement and maintain solutions that support the safeguarding of the bank’s systems and sensitive information.
Accountabilities / Responsibilities
* Provision of subject matter expertise on security systems and engineering patterns.
* Development and implementation of protocols, algorithms, and software applications to protect sensitive data and systems.
* Management and protection of secrets, ensuring they are securely generated, stored, and used.
* Execution of audits to monitor, identify and assess vulnerabilities in the bank’s infrastructure/software and support the response to potential security breaches.
* Identification of advancements to support innovation and adoption of new cryptographic technologies and techniques.
* Collaboration across the bank, including developers and security teams, to ensure cryptographic solutions align with business objectives, security policies and regulatory requirements.
* Development, implementation and maintenance of Identity and Access Management solutions and systems.
* Building, deploying and maintaining DLP services and policies, driving service‑level incidents through to remediation, creating and maintaining high‑quality documentation, engaging with stakeholders to ensure requirements are prioritised and expectations are set, working with other DLP SMEs to ensure adequate service coverage across DLP tooling, evaluating and implementing technical changes and project deliverables, and engaging product vendors where necessary for incident investigation and product enhancements.
Expected Contributions / Leadership
For senior positions: define strategy, drive requirements, manage resources, budgets and policies, deliver continuous improvements, lead teams, influence operations, demonstrate leading behaviours (Listen, Energise, Align, Develop) and foster an environment for colleagues to thrive.
For individual contributors: serve as subject matter expert, guide technical direction, lead collaborative assignments, coach team members and advise stakeholders on risk mitigation and control strengthening.
Qualifications and Experience
* Experience with the software security landscape: CVEs, CWEs, common software vulnerability types; SAST, SCA, DAST.
* At least one programming language (eg Java, Go).
* Experience with at least one major cloud provider (AWS, GCP, Azure).
* REST API design.
* HTTP authentication.
* Linux terminal experience, including scripting and automation (shell, Python).
* Experience with CI/CD.
* Experience with GraphQL (highly valued).
Location
This role will be based out of the Knutsford or Glasgow campus.
#J-18808-Ljbffr