HSBC Group

Some careers shine brighter than others.

If you’re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.

Department - Wholesale IT

In this role, you will:
Key Responsibilities:
1. Proactive Vulnerability Identification
•    Work with Central CyberSec teams and conduct regular and automated vulnerability scans across IT infrastructure (servers, endpoints, cloud, containers, and network devices) using tools like Nessus, Qualys, Tenable, or Rapid7.
•    Perform manual validation of scan results to eliminate false positives and prioritize critical risks.
•    Stay updated on zero-day vulnerabilities, CVEs, and threat intelligence to address emerging threats.
2. Risk Assessment & Prioritization
•    Analyze vulnerabilities using CVSS scores, exploitability, and business context to determine risk levels.
•    Collaborate with IT and DevOps teams to assess patch impact and remediation timelines.
•    Maintain a risk-based vulnerability management (RBVM) approach to focus on high-impact issues.
3. Remediation & Patch Management
•    Work with ITSOs/system owners and IT teams to track and enforce remediation of vulnerabilities within SLAs.
•    Validate fixes through re-scanning and penetration testing where necessary.
•    Develop compensating controls for vulnerabilities that cannot be immediately patched.
4. Compliance & Reporting
•    Ensure adherence to security frameworks and compliance to group, value stream defined KCIs, controls and internal policies.
•    Generate executive and technical reports (dashboards, metrics, trend analysis) for stakeholders and senior management.
•    Support audits by providing evidence of vulnerability management processes.
5. Continuous Improvement
•    Recommend improvements to scanning policies, schedules, and tool configurations.
•    Conduct training sessions for teams on secure coding, patching, and risk awareness.

To be successful in this role, you should meet the following requirements: 
•    10+ years of relevant IT experience, including exposure to Vulnerability Management, Risk & Controls / Cyber Security experience. Appropriate certification is a plus.
•    At least 4+ years in vulnerability management, cybersecurity, or IT risk.
•    Hands-on experience with VM tools (Qualys/Nessus/Tenable/OpenVAS) and patch management.
•    Knowledge of CVSS, CVE, MITRE ATT&CK, and threat landscapes.
•    Understanding of OS (Windows/Linux), cloud (AWS/Azure/GCP), and network security.
•    Strong analytical skills to triage risks and communicate actionable insights.
•    Understanding of IT infrastructure and Application architects particularly in banking domain.
•    Proficient with using Excel, Macros, JIRA, Confluence and PowerPoint
•    Strong grasp of tooling, driving automation within the environment.
•    Excellent in verbal and written communication skills.
•    Must demonstrate, collaboration, open communication and reaching across functional borders.
•    Be flexible to work with wide range of people across globe having diverse cultural and professional background.

You’ll achieve more when you join HSBC.
India HTC - IND HSDI : IJP candidate user guide (service-now.com)

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Issued by – HSBC Software Development India