VP, Security DevOps Lead, Microservices & Continuous Delivery, Group Technology
Posting Date: 09-Jun-2020
Location: Raffles Place, Singapore, SG
Company: United Overseas Bank Limited About UOB
United Overseas Bank Limited (UOB) is a leading bank in Asia with a global network of more than 500 branches and offices in 19 countries and territories in Asia Pacific, Europe and North America. In Asia, we operate through our head office in Singapore and banking subsidiaries in China, Indonesia, Malaysia and Thailand, as well as branches and offices.
Our history spans more than 80 years. Over this time, we have been guided by our values - Honorable, Enterprising, United and Committed. This means we always strive to do what is right, build for the future, work as one team and pursue long-term success. It is how we work, consistently, be it towards the company, our colleagues or our customers. About the Department
The Technology and Operations
function is comprised of five teams of specialists with distinct capabilities: business partnership, technology, operations, risk governance and planning support and services. We work closely together to harness the power of technology to support our physical and digital banking services and operations. This includes developing, centralising and standardising technology systems as well as banking operations in Singapore and overseas branches. Job Responsibilities
You will be responsible for setting up DevSecOps strategy, roadmap, security standards and security gates to enhance the security practices in the DevOps pipeline as a measure of shift left methodology. The successful candidate must be a technically savvy, dynamic leader, excellent communicator, have demonstrable technical hands-on supporting DevSecOps implementation, setting up DevSecOps tools coupled with excellent infrastructure knowledge and automation expertise.
As part of a cross-functional product development group, you should be comfortable working with highly talented teams ensuring that modern technology and process are utilised as part of the role considering security as the top most priority.
- Develop DevSecOps roadmap, strategy, standards, toolset, integration in partnership with Information Security team.
- Design, develop and roll out DevSecOps pipelines, controls, and security gates complying to shift left methodology.
- Demonstrate strong technical skills in security such as Static application security testing (SAST), Dynamic application security testing (DAST), Software composition analysis (SCA) and Penetration testing (PenTest).
- Integrate infrastructure pipelines, compliance pipelines and DevOps pipeline with DevSecOps pipeline.
- Conduct POCs, feature comparison and seamless integration with DevOps tools and DevSecOps tools to provide enhanced DevOps features.
- Coordinate with the stakeholders from requirements gathering until successful implementation DevOps/DevSecOps pipeline on boarding.
- Work with the vendors to setup centralized DevOps/DevSecOps solutions considering market best practice, Industry standard and ease of support.
- Configure SSO, SSL, Load Balancer, Auto Scaling and DNS setup for the DevOps Toolset with naming convention.
- Lead analysis and resolution of root cause for All DevOps/DevSecOps issues covering platform, infrastructure and tools.
Be a part of UOB Family
- Deep technical background in security aspects such as Static application security testing (SAST), Dynamic application security testing (DAST), software composition analysis (SCA) and Penetration testing (PenTest).
- Technically savvy in setting up security strategy, roadmap, standards, maturity levels and soft/hard gates as part of DevSecOps pipeline.
- Sound knowledge in integrating security testing as part of DevSecOps pipeline to ensure security is in-built during build phase.
- In-depth understanding in setting up DevSecOps pipeline as a centralized solution including empowering features to development, testing and security teams.
- Possess solid knowledge in identifying security threats pro-actively and implement detection and prevention methods as part of DevSecOps pipeline.
- Prior experience installing, configuring and supporting security tools such as Veracode, blackduck, coverity, sonatype, whitesource and xray.
- Sound knowledge on DevSecOps governance, Security standards and audit requirements for DevSecOps pipeline.
- Evidenced delivery of complex projects
- Security concepts and what makes for a secure solution
- Analyzing, documenting and validating security requirements
- Ability to advice on industry standard tools for monitoring, alerting, configuration management and performance tuning of security detection and testing
- Able to design and execute security strategy and roadmap
- Knowledge of AS400, mainframe beneficial
- Knowledge of best practices, market and Banking industry trends around infrastructure and Cloud to provide thought leadership and knowledge transfer
- Understanding of APIs, Microservices and Agile methodology
- Proven track record in developing technology strategy and vision
- Extensive background in working with business partners in areas of software development, APIs, integrations and service deployment.
- Ability to multitask and work in a fast-paced, collaborative team environment
- Excellent written and oral communication skills; writing, publishing and conference-level presentation skills
- Stays current with industry trends and leads development of key DevOps/DevSecOps, Runtime, and Operational innovation platforms.
Apply now and make a difference.