Cloud Attack Surface Reduction Manager

Job title: Cloud Attack Surface Reduction Manager

Company: NatWest Group


Job description: Join us as a Cloud Attack Surface Reduction Manager

• Take on a new challenge and use your specialist knowledge to support the wider bank in building and operating secure Cloud services that protect both colleagues and customers
• You’ll act as a subject matter expert in a Cloud security related field, building security early into design and supporting the continuous development of a sustainable, robust Cloud vulnerability management programme
• You’ll be joining an exciting and fast-paced area of the bank, where you can expect great exposure both for you and your work

What you’ll doAs a Cloud Attack Surface Reduction Manager, you’ll work at a domain level to understand and ensure robust security is continuously considered and incorporated at every stage, programme increment and feature team delivery throughout the development lifecycle and through to support.You’ll collaborate with feature teams across the bank and participate in story refinement, sprint planning and retrospective sessions, establishing a culture of innovation and strategic thinking that makes sure that the bank has knowledge of, and opportunities to exploit, the latest developments in your area of specialism.You’ll also be:

• Making sure that decisions made are based on robust data, return on investment and value measures that demonstrate thoughtful and intelligent cost management
• Encouraging the identification of ideas and driving the delivery of initiatives that will reduce cost and simplify the bank
• Building and leveraging relationships with colleagues across the bank and third parties to make sure decisions made are commercially focused and create long term value for the bank

The skills you’ll needYou’ll need experience and knowledge of Cloud technologies and Cloud security controls and best practices, alongside an understanding of Agile methodologies with experience of working in an Agile team.You’ll also demonstrate:

• The ability to write technical issues in business terms
• Analytical and problem solving skills
• Knowledge and experience of the legal and regulatory environment
• Knowledge and experience using native Cloud security tools in a large organisation setting, with a particular focus on AWS Inspector and AWS Security Hub
• Knowledge and experience of Microsoft Defender for Cloud and Google Security Command Centre would also be beneficial
• Knowledge and experience of Platform as a Service (PaaS) and Containers as a Service (CaaS) cloud service models

Hours 35Job Posting Closing Date: 08/07/2025Ways of Working:Remote First

Expected salary:

Location: Edinburgh

Job date: Thu, 03 Jul 2025 07:36:52 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (jobsnear.pro) you saw this job posting.Thanks&Good Luck