Job Title: Global Container Security Product Technical Owner
Big Bank Funding. FinTech Thinking.
Our technology teams in the UK work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world, to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world’s leading international bank.
Our multi-disciplined teams include: DevOps engineers, IT architects, front and back end developers, infrastructure specialists, cyber experts, as well as project and programme managers.
Role Description:
The Global Container Security Product Technical Owner will be a key part of the Secure Development team, reporting to the Global Head of Cyber Threat & Controls Assessment and Secure Development. They will, closely collaborate with peers across Cybersecurity and the business development teams to enable the rapid build of secure technology products and services, thereby reducing the risk to HSBC by enabling early identification and remediation of security vulnerabilities.
Responsibilities:
- Technical Product Ownership and Service management for Container security scanning capabilities, as utilised in the SecDevOps lifecycle.
- Defining and driving scanning product vision, strategy/ road map and metrics; balancing requirements around usability, productivity, security and scale to create optimal experiences for engineering application teams.
- Performing continuous capability assessment and driving improvements of the security scanning product efficacy, coverage, quality, false-positive ratio, service processes and procedures.
- Defining and maintaining scanning tool configuration, ruleset and policy and revising as required to minimise false positive ratio.
- Leading and executing the creation, review and maintenance of security scanning quality assurance approach and related documentation.
- Expanding the coverage of security scanning across different container platforms
- Looking at the full end to end lifecycle of a container and ensuring security assurance across the full workflow
- Looking at cloud native solutions and ensuring coverage of cloud with container security scanning
- Planning and executing project roadmaps to; enhance functionality and/or remediate identified security scanning product gaps.