Associate IT Security Manager

Associate IT Security Manager

HSBC
3-6 years
Not Specified

Job Description


Job Description
Some careers have more impact than others.
If you're looking for a career where you can make a real impression, join HSBC and discover how valued you'll be.
HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.
We are currently seeking an experienced professional to join our team in the role of Senior Cybersecurity Test Consultant.
Business:Cybersecurity
Principal responsibilities
  • Perform highly technical/analytical security assessments of custom mobile applications, widely understood infrastructure and networks, web services and APIs. This covers manual penetration testing, source code and configuration review.
  • Clearly and professionally document root cause and risk analysis of all findings
  • Adhere to the security testing process and raise any gaps or opportunities for improvement with manager.
  • Work closely with the DevOps teams to ensure that the security testing requirements are met and help automate repetitive tasks.
  • Develop understanding of business functionality and apply testing methodology as appropriate to technologies and risks
  • Code and demonstrate basic proof-of-concept exploits of vulnerabilities when required.
  • Assist with coordination of security testing projects according to a structured process, including writing test plans, test cases and test reports.
  • Advise on vulnerability remediation, control implementation and secure development practices
  • Assess product release risk and complexity and identify potential misuse scenarios through review of business requirements and design specifications
  • Assist with tracking, remediation, and risk acceptance for identified security vulnerabilities.
  • Assist in planning, test execution and vulnerability mitigation
  • Ensure that company security policies are implemented, enforced, and enhanced when appropriate
  • Participate in team discussions to formulate new or enhance existing processes and standards
  • Assist in security incident response activities
  • Adhere strictly to compliance and operational risk controls in accordance with company and regulatory standards, policies and practices report control weaknesses, compliance breaches and operational loss events
  • Run evaluations of new security testing technologies and provide recommendations.
  • Monitor security industry information sources and keep abreast of events, research, and developments.
  • Identify opportunities to improve our processes, quality of the work and efficiencies.
  • Mentor junior team members
Qualifications
Knowledge & Experience / Qualifications
  • Strong written and verbal communication skills in English language - used for all formal communication.
  • Ability of critical thinking to form and clearly articulate identified issues and their consequences.
  • Ability to comfortably hold a conversation on cyber security aspects with both technical and non-technical audience.
  • Maintain a wide breadth of penetration testing and/or leadership management skills to a significant degree of depth.
  • Understand the business context/significance of technical pentest findings.
  • Consistently output superior quality of deliverables.
  • Poses an entrepreneurial attitude to excel in loosely defined scenarios.
  • Ability to work independently or lead any team of penetration testers.
  • Superior time management skills and self-discipline.
  • Be subject matter expert in at least 1 of pentest domains (i.e. infrastructure/apps/mobile).
  • Demonstrated ability to solve complex technical problems.

The ideal candidate for this position will have:
  • At least 3 years of prior demonstrable hands-on experience in penetration testing.
  • Solid understanding of the platform security models for iOS and Android platforms.
  • Excellent understanding of platform-specific security risks, common vulnerabilities for mobile applications, common risks in financial applications.
  • Practical knowledge of penetration testing of widely understood infrastructure, web and mobile technologies, using manual and automated testing methods.
  • Excellent TCP/IP knowledge and understanding of security implications/issues.
  • Strong web application testing experience.
  • Proven programming/scripting skills.
  • Ability to explain security functionality from first principles.
  • Ability to adapt and apply information to new scenarios and technologies.
  • Strong understanding of applied use of cryptography in application development.

Other/desired skills/characteristics:
  • Strong grasp of common technologies, protocols and architectures that are commonly used by mobile application. (HTML, XML, JavaScript, JSON, REST, Microservices etc.)
  • Strong understanding of software development lifecycles especially DevOps
  • Experience with dynamic and static application security testing and associated tools.
  • Experience with performing security code reviews for Java, Objective C, Swift and Kotlin programming languages
  • Strong initiative, consensus-building and ability to collaborate directly with a variety of clients (business, development, compliance, etc.)
  • Experience with mobile security testing frameworks such as OWASP MASVS, OWASP MSTG.
  • Knowledge of enterprise application design & common security issues associated with it.
  • Advanced knowledge of common security analysis tools and testing techniques especially for the mobile security space.
  • Hands-on experience with SAST, DAST, IAST tools and ways to supplement their limitations.
  • Knowledge of security verification of mechanisms & technologies such as SSL, Pinning, Biometric Authentication, Out of Band Authentication, JWT, SAML, RASP, Oauth2 etc.
  • Prior software programming and development experience especially of iOS & Android platforms is a plus.
  • Prior programming experience with Java, Kotlin, Objective C & Swift programming languages would be a plus.
  • Prior experience with security testing or secure application development for a large enterprise would be a plus.
  • Prior experience with cloud-hosted applications & services would be a plus.
  • Experience in reverse engineering or disassembly considered a plus.

HSBCVZ/GZ*
You'll achieve more when you join HSBC.
HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.'
Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.
About HSBC Technology China
We develop, implement and support software and IT services and processes that allow HSBC to remain at the forefront of high-quality banking systems. We develop and maintain systems for HSBC's global businesses, as well as support functions such as Finance, HR and Risk. We work across a range of technology platforms and development disciplines, from mainframe to mobile technologies.
Our team includes software engineers and developers, architects, testers, IT and business analysts, consultants and programme and project managers, as well as team leadership and management roles. We employ people in almost all the countries and territories in which HSBC operates. Two locations of HSBC Technology China, including Guangzhou and Xi'an, are world-class technology hubs with industrial delivery capability.

About HSBC

Job Source : hsbc.taleo.net

Similar Jobs

People Also Considered

Career Advice to Find Better

Simple body text this will replace with orginal content