|Job Type:||Full Time|
Vaultex are a joint venture between Barclays Bank and HSBC. We are doing well and are the UK’s leading cash processing company, processing around £160 billion bank notes and coins per year on behalf of our shareholders and their customers. The note inflow we process, if laid end-to-end, would stretch to the moon and back!
The IT department have completed a transformation moving away from the traditional delivery methods with the establishment of Agile teams and utilising the latest Agile Delivery and Development techniques.
The team is focused on building the next generation of cash processing and cash management solutions, and leveraging technology innovation to change the way we do business. This is an exciting journey and we are seeking to recruit people who are excited by the prospect of transforming businesses through use of technology!
The role supports the Head of IT Security in ensuring that Vaultex IT development and cloud services are delivered in a manner which supports the confidentiality, integrity and availability of systems and data, whilst complying with good practice principles, regulatory requirements and the shareholders’ requirements.
The Cloud Security Specialist performs monitoring of cloud service usage, compliance with cloud security policies, offers specialist support and guidance to the development cells and carries out technical assessments of the cloud environment. The role will be responsible for supporting the build and/or evaluation of various cloud based services.
The role will work with Application Development, Operations, and other stakeholders to ensure a consistent approach to cloud services.
The role also requires travel to the various Vaultex sites, to liaise with user departments in both the admin offices and the centres.
- Design and development of the cloud security control infrastructure.
- Cloud Security Risk Assessments
- Ensure appropriate security tooling is implemented, and that security policies and control are in place.
- Serve as a technical resource with cross-functional teams advising and assisting with the design and implementation of cloud/cloud-security.
- Perform proactive monitoring of cloud services.
- Measure compliance with IT security policies and maintain industry leading security standards across the whole IT estate.
- Perform security assessments including vulnerability and application testing across all cloud based services.
- Liaise with business functions and stakeholders with an emphasis on clear communication both internally and externally, and maintenance of metrics / scorecards for security performance.
- Drive & Support the ongoing Security Awareness Programme, promoting awareness of applicable polices and standards, and drive the co-ordination of remediation activities.
- Act as a central contact point for cloud security audit related activity
- Provide second / third level support on IT Security incidents
- Provide guidance and support to development cells ensuring that new and existing services are developed in line with a secure code mentality and best practise.
- Drive the embedding of security within the continuous integration/improvement pipeline and support Agile/DevOps execution in a secure manner.
- Maintain an ongoing assessment of emerging cloud threats and vulnerabilities recommending enhancements/improvements/innovation where necessary.
- Support the technology architecture function in the development of security patterns.
- Support the implementation and maintenance of the develop security standards and coding guidelines.
- Strong IT Security knowledge
- Background in cloud computing, certification in Azure & Azure DevOps technologies is desirable.
- Understanding of IT risks, controls and mitigation techniques
- Communication (Written, verbal and inter-personal)
- Expertise with vulnerability scanning techniques
- Experience in designing cloud security monitoring solutions.
- Excellent attention to detail
- Good knowledge of ITIL processes
- Understanding of Agile and DevOps methodologies.
- Vulnerability detection and remediation.
- Stakeholder management.
- Experience with development teams and embedding of security tooling within.
- Good problem solver and willing to work at a low level of detail where required.
- Ability to carefully gather and analyze information, and pinpoint issues in complex information
IT Security policy framework
- Ensuring that policies are kept up to date in line with business requirements.
- Thorough understanding of key systems
- Security design testing in accordance with the OWASP security testing methodology
IT Security risks
- Threat identification and remediation including penetration testing (all new Infrastructure/applications, adhoc + annual tests) and vulnerability remediation. Logical Access Management – ensuring that a least privilege approach is in place and verified
- Ensuring the IT Security queries are responded to with precise information
- IT Security awareness – ensuring that the functions of the programme are carried out consistently.
- Configuration, Patch, and Vulnerability Management – ensuring the implementation and delivery of the controls across the environment.
We are a living wage employer with Investors in People Gold Status and have a great range of benefits including:
– Career Development Opportunities and structured training/on-boarding.
– A generous company pension (employees auto enrolled onto the scheme at 4% with 10% employer contribution)
– 25 days holiday with an option to buy additional holidays
– A performance based bonus scheme paying up to 20% of salary annually.
– Group life assurance
– VaultXtra – discounts on various retailers, cycle to work scheme, childcare vouchers, Gym Flex Membership, Cash-back on purchases, reloadable cards to spend in store and eye tests.
– Employee Assistance Programme – a free and independent service should our employees require professional, confidential and impartial advice for legal advice and counselling.
– Competitive salaries and regular pay reviews.
Vaultex UK Ltd is an equal opportunities employer and welcomes applications from all member of the community. Please note that due to the secure nature of our business all successful candidates will need to provide a five year traceable work history (satisfactory employment references or evidence to explain employment gaps), and complete a criminal record and credit background check.