GSC: Principal Security Researcher - 267254

Job Advert Details

Some careers shine brighter than others.

If you’re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

Your career opportunity

Offensive Security provides an independent challenge to HSBC’s cybersecurity posture by bringing the attacker’s mindset to find and exploit vulnerabilities and to simulate real-world attacks. Through this, OffSec discover weaknesses across people, process, and technology, enabling the Firm to better understand its exposure to cybersecurity attacks and to drive a proactive approach to protect itself and to manage risk more effectively.

The Security Research team, within the Global Cybersecurity Research and Offensive Security CROS function, provides a specialist approach to assessing the security of systems and technology, identifying previously unknown vulnerabilities and new attack techniques. Additionally, the Security Research team supports the wider CROS function by developing tools and automation of processes to enhance security assessment.

What you’ll do

• Deliver security research projects focused on HSBC critical services, ensuring that design, quality and implementation of controls do not expose the bank to a significant level of risk.
• Identify previously unknown vulnerabilities and new attack techniques.
• Work with key stakeholders to proactively drive the reduction in Cybersecurity risks and improve the security risk posture of HSBC within the business risk appetite.
• Provide subject matter expertise and guidance to a broad range of stakeholders across global business and functions.
• Engage with a diverse set of stakeholders to achieve CROS objectives, including Business and Functions, Cybersecurity leads, Head of Cybersecurity functions and Control Owners.
• Achieve excellence by driving performance, compliance and security.
• Engage with specialist technology functions such as, Cybersecurity Technology, Cybersecurity Operations and Security Architecture.
• Establish and maintain productive relationships across the bank in the client facing role.

What you need to have to succeed in this role

• Experience with leading highly sensitive projects, 0-day discovery and vulnerability disclosure
• Experience in the Cybersecurity, network security, embedded systems & hardware hacking.
• Understanding of analysis of mobile technologies, common operating system, such as Linux, Windows, Google Android and iOS.
• Demonstrable experience in tooling, automation and prototyping.
• Experience in source code review and penetration testing
• Previous exposure to black box software security review techniques, including ‘fuzzing’ and reverse engineering

What we offer

• Competitive salary
• Annual performance-based bonus
• Additional bonuses for recognition awards
• Multisport card
• Private medical care
• Life insurance
• One-time reimbursement of home office set-up (up to 800 PLN).
• Corporate parties & events
• CSR initiatives
• Nursery discounts
• Financial support with trainings and education
• Social fund
• Flexible working hours
• Free parking

If your CV meets our criteria, you should expect the following steps in the recruitment process:

• Online behavioural test (for external candidates only)
• Telephone screen (for external candidates only)
• Zoom interview with the hiring manager

We are looking to hire as soon as possible so don’t wait and apply now!

You'll achieve more when you join HSBC.

We thank all interested candidates for their applications. We reserve the right to contact only selected candidates.

In case you would like to resign from participation in recruitment process or withdraw previously sent to us application, please email us at: krakow.recruitment@hsbc.com