Cloud Attack Surface Reduction Manager
| Posting date: | 02 July 2025 |
|---|---|
| Hours: | Full time |
| Closing date: | 01 August 2025 |
| Location: | London, EC2M 4AA |
| Company: | NatWest Group |
| Job type: | Permanent |
| Job reference: | R-00259684-OTHLOC-GBR-5FLON311 |
Summary
Join us as a Cloud Attack Surface Reduction Manager
- Take on a new challenge and use your specialist knowledge to support the wider bank in building and operating secure Cloud services that protect both colleagues and customers
- You’ll act as a subject matter expert in a Cloud security related field, building security early into design and supporting the continuous development of a sustainable, robust Cloud vulnerability management programme
- You’ll be joining an exciting and fast-paced area of the bank, where you can expect great exposure both for you and your work
What you'll do
As a Cloud Attack Surface Reduction Manager, you’ll work at a domain level to understand and ensure robust security is continuously considered and incorporated at every stage, programme increment and feature team delivery throughout the development lifecycle and through to support.
You’ll collaborate with feature teams across the bank and participate in story refinement, sprint planning and retrospective sessions, establishing a culture of innovation and strategic thinking that makes sure that the bank has knowledge of, and opportunities to exploit, the latest developments in your area of specialism.
You’ll also be:
- Making sure that decisions made are based on robust data, return on investment and value measures that demonstrate thoughtful and intelligent cost management
- Encouraging the identification of ideas and driving the delivery of initiatives that will reduce cost and simplify the bank
- Building and leveraging relationships with colleagues across the bank and third parties to make sure decisions made are commercially focused and create long term value for the bank
The skills you'll need
You’ll need experience and knowledge of Cloud technologies and Cloud security controls and best practices, alongside an understanding of Agile methodologies with experience of working in an Agile team.
You’ll also demonstrate:
- The ability to write technical issues in business terms
- Analytical and problem solving skills
- Knowledge and experience of the legal and regulatory environment
- Knowledge and experience using native Cloud security tools in a large organisation setting, with a particular focus on AWS Inspector and AWS Security Hub
- Knowledge and experience of Microsoft Defender for Cloud and Google Security Command Centre would also be beneficial
- Knowledge and experience of Platform as a Service (PaaS) and Containers as a Service (CaaS) cloud service models