SMA Lead - Automation Engineer

SMA Lead - Automation Engineer

Standard Chartered
Bengaluru / Bangalore India
10-50 years
Not Specified

Job Description

About Standard Chartered 
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.  
To us, good performance is about much more than turning a profit.  It%27s about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good. 
We%27re committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.

  • Cyber Security Services (CSS) is a critical function within Standard Chartered Bank operating under the overall purview of Technology Services.
  • The CSS team is made up of cyber security thought leaders, who are accountable for the provision of a global set of cyber security services and products in order to maintain and continuously improve Bank’s cyber security posture in today’s ever evolving cyber security landscape.
  • The CSS team protect the Bank from cyber security threats by delivering effective information security technology services, managing and responding to security incidents to ensure, and support the continuity and growth of Bank’s business operations; and meet the both internal and external stakeholders’ expectations across 70+ countries and territories, in which SCB operates.
  • This role is within the Security Monitoring %26amp; Analytics service line and supports the Cyber Defence Centre (CDC) to identify, develop, and implement threat use cases. The candidate will work closely with the Cyber Defence Center (CDC) and Cyber Threat Use Case Manager to drive and continuously enhance threat use cases and mature the Alerting and Detection strategy across the bank.

  • Support the delivery and contribute to maturing the Security Monitoring and Analytics automation strategy.
  • Lead development activities as part of the SOAR project are delivered on time and according to requirements.
  • Work closely with CSS service lines to identify, document, and implement use case requirements and playbooks for automation initiatives.
  • Responsible for the architectural design of orchestration capabilities within the Security Monitoring and Analytics service in conjunction with the respective service managers across service lines and ensures all design patterns are appropriately documented and maintained in the corresponding repositories and these reflect both the current implementation and the intended target view.
  • Responsible for the strategic evolution of the orchestration and automation capabilities within Security Monitoring and Analytics in alignment with changing business needs, threat land scape and technical requirements to increase the quality of the selected solutions concerning identify, protect, detect, respond %26amp; recovery domains.
  • Develop fast, scalable and secure web based tools with modern web development techniques where process automation requires it keeping user experience in mind.
  • Build Web based tools using ReactJs wherever process automation requires user inputs.
  • Build API integration for data enrichment across internal (e.g., CMDB, Active Directory) and external (e.g., VirusTotal, DomainTools) data sources.
  • Build Web based Tools integration for data enrichment across internal (e.g., CMDB, Active Directory) and external (e.g., VirusTotal, DomainTools) data sources.
  • Automate analysis, security testing, vulnerability discoveries, threat intelligence gathering and consuming threat feeds to track adversaries
  • Leverage REST calls to various APIs for data enrichment and contexualize security alerts across internal (e.g., CMDB, Active Directory) and external (e.g., VirusTotal, DomainTools) data sources
  • Document mapping and architecture between various integration points, document playbooks and actions they perform.
  • Develop new and enhance existing Phantom playbooks in Python.
  • Work closely with SIEM Content Engineering service to ensure close alignment in the alerting and orchestration.
  • Work closely with service architect to map integrations and dependencies across security tools (e.g., Splunk, Tanium, Anomali), JIRA, and APIs.
  • Conduct training sessions on new playbooks and integration with operations personnel.
  • Ensure proper documentation is created and maintained for playbooks, integrations, and interfaces.
  • Run daily agile sessions, sprint planning, and demos in the absence of product / program manager.
  • Support the Cyber Threat Use Case Manager, Cyber Defence Analysts, and Threat Intel Analysts in designing and implementing threat use cases.
  • Develop and gather requirements for threat use cases to detect adversary behaviours.
  • Maintain the threat use case library to ensure use cases are properly enriched, mapped to Mitre Att%26amp;ck, and operating correctly.
  • Work closely with Threat Intelligence, Cyber Defence Center, and business stakeholders to identify potential threat scenarios and translate them into threat use cases.
  • Work closely with other service lines to continuously enhance threat use cases as new products, logs, and capabilities are introduced to the organization.
  • Identify and improve orchestration, data enrichment and triage capabilities through SOAR platform.
  • Ensure proper documentation is created and maintained for playbooks, integrations, and interfaces.

  • Cyber Defence Centre (CDC)
  • Threat Intelligence
  • Other CSS / STS Teams
  • Business Stakeholders

Our Ideal Candidate:
  • Minimum 10-year experience in full stack web development with a preference in Python language.
  • Proficiency in Python Frameworks like Flask or Django.
  • Strong UI Development Skills with CSS, HTML5, Javascript and UI Frameworks like ReactJS/AngularJS.
  • Proficiency in working with one or more of the following components like RabbitMQ, Redis, Elastic Search / Splunk, PostgreSQL/MySQL, Nginx, Kong API Gateway.
  • Experience with developing in Cloud Native Environments like Kubernetes / Openshift.
  • Experience with OAuth2, OpenID and related authentication technologies used in securing web applications.
  • Good understanding of security technologies that support security operations (e.g., SIEM, Threat Intelligence Platform, Malware Analysis, Endpoint Detection and Response Solutions)
  • Experience with SOAR platforms (e.g. Phantom, Demisto, Resilient) - Preferred.
  • Experience with Splunk and strong understanding of Splunk SPL - Preferred.
  • Understanding of Cloud Services (AWS / Google / Azure).
  • Understanding of Machine Learning Concepts.
  • Must be motivated, independent and self-sufficient. Able to receive an assigned task and see it through to completion with minimal supervision.
  • Excellent communication skills - oral, written and presentation; technical reporting writing across various types of target audiences.
  • Strong sense of personal ownership and responsibility in accomplishing the service line and function goals.
  • Able to get things done in a fast-paced environment. Be transparent and open around what doesn’t work and what does.
  • Excellent organisational and leadership skills (successfully lead and managed end-to-end technology services and or technology operations) with ability to manage multiple deadlines and effectively prioritise.
  • Experience of developing an effective stakeholder strategy, influencing relevant stakeholders and decision makers, and executing decisions efficiently and consistently. 

Apply now to join the Bank for those with big career ambitions. 
To view information on our benefits including our flexible working please visit our . We welcome conversations on flexible working.

Similar Jobs

Career Advice to Find Better