Job description
Some careers have more impact than others.
If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be.
We are currently seeking an experienced professional to join our team in the role of Head of Crowd-sourced Security Testing
Business: Cybersecurity
Principal responsibilities
The Head of Crowd-sourced Testing leads Bug Bounty activities across HSBC, including the delivery of requirements under the Firm’s cybersecurity controls. They are responsible for ensuring engagement with “the crowd”, ensuring information about all applicable services is available to security researchers, triaging, managing, and communicating findings to internal technology teams, and identifying thematic issues and driving targeted engagement across these areas.
The role includes, but is not limited to:
• Accountable for the delivery of the Bug Bounty to meet the requirements of HSBC’s cybersecurity controls, auditors, and global regulators.
• Responsible for ensuring the crowd is leveraged with well scoped with clearly defined objectives, and delivered on time through an approach that scales and minimises operational risk.
• Responsible for identifying thematic findings in line with threat actor techniques and procedures, and the shifting technology landscape within HSBC, and driving the crowd to target these areas.
• Accountable for the delivery of the change and continuous uplift across crowd-sourced testing.
• Global Control Operator for Crowd-sourced Security Testing under VIAO.3 (Offensive Security) control and protecting the bank’s technology, information, and customers.
• Leadership of a small team to manage operation of the Bug Bounty.
Requirements
Knowledge & Experience / Qualifications
• Proven experience in identifying and communicating security vulnerabilities across Web, APIs, Infrastructure, and Mobile (e.g., penetration testing).
• Experience in identifying vulnerabilities by leveraging “the crowd” (e.g., Bug Bounty)
• Experience working in highly sensitive projects and a highly regulated environment.
• Excellent communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external stakeholders.
• Excellent understanding of cybersecurity principles, global financial services business models, regional regulations and applicable laws.
• Formal education and advanced degree in Information Security, Cybersecurity, Computer Science or similar and/or commensurate demonstrated work experience in the same.
HSBCVZ/GZ*
About HSBC Technology China
We develop, implement and support software and IT services and processes that allow HSBC to remain at the forefront of high-quality banking systems.
You’ll achieve more when you join HSBC.
HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.”
Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.
***Issued By HSBC Software Development (GuangDong) Limited***