HSBC Group

If you are a UK or CIIOM based employee, please apply using the following link which will take you to our new Recruitment System:    https://performancemanager.successfactors.eu/sf/jobreqpvt?jobId=6568&company=hsbcholdin&st=D704C9BC178D3328DB8AC73039EFF7B620889525

If you’re looking to take an exciting new direction with your HSBC career, an internal move can open the door to many opportunities, allowing you to take on a new challenge, and develop your skills. Bring your knowledge of our brand to a new role and grow yourself further.   
 
We are currently seeking an experienced professional to join our team in the role of Principal Security Researcher.
 
The Security Research team, within the Global Offensive Security function, provides a specialist approach to assessing the security of systems and technology, identifying previously unknown vulnerabilities and new attack techniques.
 
A move across the business allows you to continue to access tailored professional development opportunities, and our fantastic benefits packages.
 
In this role you will:
 
•    Deliver security research projects focused on HSBC critical services, ensuring that design, quality and implementation of controls do not expose the bank to a significant level of risk.
•    Identify previously unknown vulnerabilities and new attack techniques.
•    Work with key stakeholders to proactively drive the reduction in Cybersecurity risks and improve the security risk posture of HSBC within the business risk appetite.
•    Provide subject matter expertise and guidance to a broad range of stakeholders across global business and functions.
•    Engage with relevant programmes that are critical to the bank.
•    Understand the financial services industry security and threat landscape.
•    Engage with a diverse set of stakeholders to achieve OffSec objectives, including Business and Functions, Cybersecurity leads, Head of Cybersecurity functions and Control Owners.
•    Achieve excellence by driving performance, compliance and security.
•    Develop tools and automation of processes to enhance security assessment. 
•    Present strong teamwork attitude with the global OffSec as well as all Global Businesses and Functions.
•    Establish and maintain productive relationships across the bank in the client facing role.
•    Identify new project opportunities and demonstrate innovative thinking.
•    Analyse and interpret the evolving security threat landscape.
•    Use innovation in security to address the needs of customers and stakeholders.

To be successful in this role you should meet the following requirements:
 
•    Demonstrated experience in penetration testing
•    0-day discovery and vulnerability disclosure experience
•    Understanding of analysis of common operating system, such as Linux, Windows, Google Android and iOS.
•    Demonstrated experience in third party vulnerability disclosure
•    Demonstrated experience in black box software security review techniques, including ‘fuzzing’ and reverse engineering
•    Leadership skills and the ability to manage stakeholders and staff.
 
This role is based in Sheffield.
 
Being open to different points of view is important for our business and the communities we serve. At HSBC, we’re dedicated to creating diverse and inclusive workplaces - no matter their gender, ethnicity, disability, religion, sexual orientation, or age.

We are committed to removing barriers and ensuring careers at HSBC are inclusive and accessible for everyone to be at their best. We take pride in being a Disability Confident Leader and will offer an interview to people with disabilities, long term conditions or neurodivergent candidates who meet the minimum criteria for the role.
 
If you have a need that requires accommodations or changes during the recruitment process, please get in touch with our Recruitment Helpdesk:
Email: hsbc.recruitment@hsbc.com
Telephone: +44 207 832 8500

You can find out more about the recruitment journey and what to expect by viewing our Recruitment Process FAQs in HR Direct and by clicking here (only available via internal access).