Cyber Security Analyst

The Container Security Engineer will be a key part of the Secure Development team, reporting to the Global Head of Container Security and Compliance. They will, closely collaborate with peers across Cybersecurity and the business development teams to enable the rapid build of secure technology products and services, thereby reducing the risk to HSBC by enabling early identification and remediation of security vulnerabilities., * Contributing to the container security program objectives, implementing solutions, defining standards and best practice to continually advance a secure enterprise container adoption program.

• Providing expert guidance and hands on advice on container security to security control owners, including input to control documentation and metrics.
• Partnering with key stakeholders; engineering application teams, Container Security Architecture team, SDLC Federated Control Owners, Enterprise Risk Management (ERM), CCO Technology, Cybersecurity Risk & Control Strategy and Cybersecurity Business Engagement.
• Partnering with Information Technology Service Owners to integrate container security tools into their containers lifecycle to give them early insight into potential issue that would impact 'go live'.
• Defining and implementing observability requirements to enable timely identification of high-risk breaks, drifts, vulnerabilities.
• Conducting security assessments of strategic and preferred containers platforms/workloads by leveraging observability provided by control operators e.g. image build process, orchestration, and deployment pipeline.
• Providing input to the Security Operation Center (SOC) and Incident management team as necessary in responding to security incidents within containers platforms.
• Ensuring containers ecosystem comply with relevant industry regulations and standards (e.g. PCI-DSS, NIST, CIS).
• Support continuous capabilities assessments by setting up containers environments for assessing new security tools functionality and onboarding requirements.

Do you have experience in Terraform?, * Experience of working with containers (Kubernetes/ other container orchestration; AWS, GCP, Azure, AliCloud).

• Experience of working on cloud platforms e.g. deploying cloud workloads and infrastructure.
• Experience in automation script e.g. Terraform, cloud formation, helm charts etc.
• Experience on integration & automation of various security technologies especially container security tools (e.g. scanners, CNAPP, etc.) within DevOps tooling pipeline (Jenkins, GitHub, Chef, Ansible, Nexus, etc).
• Experience in a major programming language such as Python or Java, and associated tooling (Git, Maven, IDEs, Jenkins, Github etc.)
• Experience of security fundamentals with relation to a k8s platform and DevSecOps
• Highly motivated self-starter with excellent interpersonal and problem-solving skillsStrong oral and written communication skills