Principal Penetration Tester/Lead Consulant Specialist

Some careers shine brighter than others.

If you’re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.

We are currently seeking an experienced professional to join our team in the role of Lead Consultant Specialist

In this role, you will:

• Perform highly technical/analytical security assessments of custom mobile applications, widely understood infrastructure and networks, web services and APIs. This covers manual penetration testing, source code and configuration review.
• Clearly and professionally document root cause and risk analysis of all findings
• Adhere to the security testing process and raise any gaps or opportunities for improvement with manager.
• Work closely with the DevOps teams to ensure that the security testing requirements are met and help automate repetitive tasks.
• Develop understanding of business functionality and apply testing methodology as appropriate to technologies and risks
• Code and demonstrate basic proof-of-concept exploits of vulnerabilities when required.
• Assist with coordination of security testing projects according to a structured process, including writing test plans, test cases and test reports.
• Advise on vulnerability remediation, control implementation and secure development practices
• Assess product release risk and complexity and identify potential misuse scenarios through review of business requirements and design specifications
• Assist with tracking, remediation, and risk acceptance for identified security vulnerabilities.
• Assist in planning, test execution and vulnerability mitigation
• Ensure that company security policies are implemented, enforced, and enhanced when appropriate
• Participate in team discussions to formulate new or enhance existing processes and standards
• Assist in security incident response activities
• Adhere strictly to compliance and operational risk controls in accordance with company and regulatory standards, policies and practices; report control weaknesses, compliance breaches and operational loss events
• Run evaluations of new security testing technologies and provide recommendations.
• Monitor security industry information sources and keep abreast of events, research, and developments.
• Identify opportunities to improve our processes, quality of the work and efficiencies.
• Mentor junior team members
• Other responsibilities as assigned