Descripción

If you’re looking for a career where you can make a real impression, join Global Service Center (GSC) HSBC and discover how valued you’ll be. HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.

We are currently seeking an experienced professional to join our team in the role of Pentester Senior

Role Purpose:

This job role is responsible for providing subject matter expertise in Penetration Testing to support wider Cyber Security efforts and organization. The successful candidate will operate as part of a global/regional team within the Cybersecurity organization to provide expertise, oversight and assurance around security process, controls, standards, and regulatory requirements.

Main Activities:

  • Key purpose of this position is to:
  • Lead/perform and own the design and delivery of penetration tests across variety of technologies.
  • Work within virtual teams of security and technical specialists to ensure quality delivery of world class security solutions to the business.
  • Lead penetration tests designed to highlight and clearly articulate risk to the business, in terms the business can understand.
  • Drive and lead penetration tests and resulting deliverables, to aid in ensuring that the Bank operates within defined risk appetite.
  • Represent Cybersecurity function as technical SME in internal and external discussions.
  • Help drive the maturity of Cybersecurity function by continuously improving quality of our services and removing inefficiencies, in line with wider Cybersecurity strategy.
  • Ensure adherence to the three lines of defence organisational model, with clear lines of responsibility, accountability, and segregation of duties.
  • Ensure compliance with internal audit and external regulators, to ensure that any organisational changes are fit for purpose and meet their expectations.
  • Collaborate with relevant stakeholders to enhances the delivery of a Cybersecurity strategy to secure the bank’s technology, protecting and enhancing HSBC’s values, reputation, and stakeholder value.
  • Provide supervision, guidance, and mentor less experienced members of a team.
Requisitos

A successful candidate will ensure the security of the company's custom applications and related implementations by identifying potential vulnerabilities and appropriate controls, guiding risk mitigation, and liaising directly with engineering and management teams, business owners, and global technical workgroups.

Principal Accountabilities:

  • Perform highly technical/analytical security assessments of custom mobile applications, widely understood infrastructure and networks, web services and APIs. This covers manual penetration testing, source code and configuration review.
  • Clearly and professionally document root cause and risk analysis of all findings
  • Adhere to the security testing process and raise any gaps or opportunities for improvement with manager.
  • Work closely with the DevOps teams to ensure that the security testing requirements are met and help automate repetitive tasks.
  • Ability to comfortably hold a conversation on cyber security aspects with both technical and non-technical audience.
  • Develop understanding of business functionality and apply testing methodology as appropriate to technologies and risks.
  • Code and demonstrate basic proof-of-concept exploits of vulnerabilities when required.
  • Assist with coordination of security testing projects according to a structured process, including writing test plans, test cases and test reports.
  • Experience with security testing frameworks such as OWASP MASVS, OWASP MSTG.
  • Advise on vulnerability remediation, control implementation and secure development practices.
  • Strong written and verbal communication skills in English language – used for all formal communication.
  • Assess product release risk and complexity and identify potential misuse scenarios through review of business requirements and design specifications.
  • Assist with tracking, remediation, and risk acceptance for identified security vulnerabilities.
  • Assist in planning, test execution and vulnerability mitigation.
  • Ensure that company security policies are implemented, enforced, and enhanced when appropriate.
  • Participate in team discussions to formulate new or enhance existing processes and standards.
  • Assist in security incident response activities.
  • Adhere strictly to compliance and operational risk controls in accordance with company and regulatory standards, policies and practices, report control weaknesses, compliance breaches and operational loss events.
  • Run evaluations of new security testing technologies and provide recommendations.
  • Monitor security industry information sources and keep abreast of events, research, and developments.
  • Identify opportunities to improve our processes, quality of the work and efficiencies.

Competencies:

  • Problem Solution
  • Communication
  • Strong analytical skills

Due to the urgent hiring need, candidates with immediate right to work locally and no relocation need will be prioritised.

At HSBC we offer our colleagues a greater number of leave days so that they can fully enjoy their wedding, take care of the new member of the family, or grieve the loss of a family member. Our paid leave package is at the forefront in Mexico, now you have one more reason to be HSBC and proudly live a culture of well-being, balance, and care.

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

***Issued By HSBC Electronic Data Process Mexico Private LTD***

Volver al resultado de la búsqueda