Security Assessment Automation Specialist (VP)
Sumitomo Mitsui Finance Dublin Limited (SMFD) is a wholly owned subsidiary of SMBC and is growing rapidly as a Centre of Excellence for the bank’s universal banking business across EMEA. It provides a range of technology and operational support services, aligned to SMBC’s growth, innovation, and transformation strategies.
What You'll Do
* Automated Security Pipelines – Design and implement enterprise‑grade security assessment pipelines integrating SAST, DAST, IAST, and SCA tools into CI/CD workflows.
* Infrastructure as Code Security – Integrate security testing into IaC workflows (Terraform, CloudFormation), ensuring security by design in automated deployments.
* Hybrid Environment Coverage – Support cloud‑native (Azure, GCP) and on‑prem infrastructure with tailored assessment strategies.
* Ephemeral & Traditional Infrastructure – Implement pre‑deployment validation for immutable resources and architect scanning solutions for long‑lived assets using network and agent‑based tools.
* Policy‑as‑Code Governance – Establish frameworks for automated enforcement of security baselines and compliance requirements.
* Shift‑Left Security – Collaborate with DevOps and platform teams to embed security early in the software delivery process.
* Tooling & Innovation – Continuously evaluate emerging security tools and techniques, ensuring alignment with evolving threats and technologies.
* Security Architecture Guidance – Provide governance, secure design patterns, and best practices for security automation.
What You'll Bring
* Strong knowledge of CI/CD security integrations and DevSecOps principles.
* Proficiency in security assessment tools (SAST, DAST, IAST, SCA) and pipeline automation.
* Expertise in CI/CD security, DevSecOps, and automation of security assessments.
* Hands‑on with Infrastructure as Code security (Terraform, CloudFormation) and Policy‑as‑Code (Azure Policy, OPA).
* Experience securing hybrid/multi‑cloud (Azure, GCP) and on‑prem environments.
* Strong knowledge of security frameworks (NIST CSF, ISO 27001/2, CIS) and secure design principles.
* Skilled in threat modelling, Zero Trust, Least Privilege, and Network Segmentation.
* Familiar with SSDLC, governance, risk, compliance, and secure coding practices.
* Understanding of architectural patterns (Multi‑Tier, Microservices, Event‑Driven) and frameworks (TOGAF, SABSA).
* Right to work in Ireland and willing to work on site in Dublin (hybrid working model).
Senior Level: Mid‑Senior Level | Employment Type: Full‑time
#J-18808-Ljbffr