VP, Senior DevSecOps Engineer, Architecture & Engineering, Group Technology

Employer
United Overseas Bank
Location
Singapore, Singapore
Salary
Competitive
Posted
15 Nov 2022
Closes
28 Nov 2022
Ref
17761438
Job Function
Other
Industry Sector
Finance - General
Employment Type
Full Time
Education
Bachelors
VP, Senior DevSecOps Engineer, Architecture & Engineering, Group Technology

Posting Date: 11-Nov-2022

Location: Singapore (City Area), Singapore, Singapore, 048624

Company: United Overseas Bank Ltd

About UOB
United Overseas Bank Limited (UOB) is a leading bank in Asia with a global network of more than 500 branches and offices in 19 countries and territories in Asia Pacific, Europe and North America. In Asia, we operate through our head office in Singapore and banking subsidiaries in China, Indonesia, Malaysia and Thailand, as well as branches and offices. Our history spans more than 80 years. Over this time, we have been guided by our values - Honorable, Enterprising, United and Committed. This means we always strive to do what is right, build for the future, work as one team and pursue long-term success. It is how we work, consistently, be it towards the company, our colleagues or our customers.

About the Department
Group Technology and Operations (GTO) provides software and system development, information technology support services and banking operations.
We have centralized and standardized the technology components into Singapore, creating a global footprint which can be utilized for supporting our regional subsidiaries and the branches around the world. We operate and support 19 countries with this architecture to provide a secure and flexible banking infrastructure.
Our Operations divisions provide transactional customer services for our businesses while also focusing on cost efficiency through process improvements, automation and straight through processing.

Job Responsibilities
You will be responsible for setting up DevSecOps strategy, roadmap, security standards and security gates to enhance the security practices in the DevOps pipeline as a measure of shift left methodology. The successful candidate must be a technically-savvy, dynamic leader, excellent communicator, have demonstrable technical hands-on supporting DevSecOps implementation, setting up DevSecOps tools coupled with excellent infrastructure knowledge and automation expertise.
As part of a cross-functional product development group, you should be comfortable working with highly-talented teams ensuring that modern technology and processes are utilised as part of the role considering security as the topmost priority.
  • Develop DevSecOps roadmap, strategy, standards, toolset, integration in partnership with Information Security team.
  • Design, develop and roll out DevSecOps pipelines, controls, and security gates complying to shift left methodology.
  • Demonstrate strong technical skills in security such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA) and Penetration Testing (PenTest).
  • Integrate infrastructure pipelines, compliance pipelines and DevOps pipeline with DevSecOps pipeline.
  • Coordinate with the stakeholders from requirements gathering until successful implementation DevOps/DevSecOps pipeline onboarding.
  • Work with the vendors to set up centralized DevOps / DevSecOps solutions considering market best practice, Industry standard and ease of support.
  • Lead analysis and resolution of root cause for All DevOps / DevSecOps issues covering platform, infrastructure and tools.
  • Stay current with industry trends and lead development of key DevOps / DevSecOps, Runtime, and Operational innovation platforms.
  • Conduct POCs, feature comparison and seamless integration with DevOps tools and DevSecOps tools to provide enhanced DevOps features.
  • Conducting design reviews and challenging existing thinking


Job Requirements
Must-haves:
  • Hands-on knowledge and technical background in continuous security techniques and framework such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA).
  • Hands-on technical experience in setup, manage and supporting CI/CD toolset (BitBucket, Jenkins, Artifactory, xRay, SonarQube, Veracode, JIRA and Confluence - but not limited to).
  • Prior working experience installing, configuring, integrating, upgrading and patching CI/CD tools
  • Hands on to script and code Jenkins pipelines (build, scan, test, deploy) in a centralized framework.
  • In-depth knowledge of automation accomplished with advanced Python, Chef, Ruby, Ansible and PowerShell
  • Sound knowledge in integrating security testing as part of DevSecOps pipeline to ensure security is in-built during build phase.
  • Technically savvy in setting up security strategy, roadmap, standards, maturity levels and soft/hard gates as part of DevSecOps pipeline.
  • Sound knowledge on DevOps governance, security standards and audit requirements.
  • Prior experience in setting up Traditional, Container and Cloud DevOps pipeline for monolithic, container and cloud applications.
  • Prior hands-on experience in continuous testing, techniques and tools (JUnit, Selenium, Tosca, Load runner, Performance Testing etc)
  • Possess solid knowledge in identifying security threats pro-actively and implement detection and prevention methods as part of DevSecOps pipeline.
  • Ability to multitask and work in a fast-paced, collaborative team environment
  • Excellent written and oral communication skills; writing, publishing and conference-level presentation skills

Good-to-haves:
  • Build relationships, obtain buy-in for proposed changes
  • Evidenced delivery of complex projects
  • Security concepts and what makes for a secure solution
  • Analyzing, documenting and validating security requirements
  • Ability to advice on industry standard tools for monitoring, alerting, configuration management and performance tuning of security detection and testing
  • Able to design and execute security strategy and roadmap
  • Knowledge of AS400, Mainframe is beneficial
  • Comfortable working in a challenging environment

Nice-to-haves:
  • Knowledge of best practices, market and Banking industry trends around infrastructure and Cloud to provide thought leadership and knowledge transfer
  • Understanding of APIs, Microservices and Agile methodology
  • Proven track record in developing technology strategy and vision
  • Extensive background in working with business partners in areas of software development, APIs, integrations and service deployment.
  • Self-directed and comfortable working in ambiguous environments
  • Experience working in a highly matrixed organization
  • Demonstration of strong influencing skills


Be a part of UOB Family
  • You need to sign in to save