Job description
Some careers open more doors than others.
If you’re looking for a career that will unlock new opportunities, join HSBC and experience the possibilities. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.
HSBC Digital Business Services is a pivotal part of the Group, providing essential operational and technical support to our global businesses and helping improve customer service and efficiency. Digital Business Services combines global expertise and technology to help keep us ahead of the competition.
We are currently seeking a high calibre professional to join our team as a Senior Red Teamer.
Principal Responsibilities
The Red Team, within the Global Cybersecurity Research & Offensive Security (CROS) function, conducts targeted assessments against critical areas of the Bank, designed to simulate real-world attacks; focusing on people, process and technology.
The role holder will be responsible for participating in the management of threat intelligence led Red Team engagements and supporting a team of highly skilled red teamers. Additionally, the role holder will be responsible for managing stakeholders (including regulators) to clearly scope Red Team engagements, define objectives and direct a delivery approach that minimizes operational risk.
This individual will support growth and engage with a diverse set of stakeholders in order to achieve CROS objectives, including Business and Functions, Cybersecurity leads, Head of Cybersecurity functions, Control Owners and Regulators.
The successful candidate will have a proven track record on delivering red team assessments. Additionally, the to be successful in this role the candidate should meet the following requirements:
- Team management, leadership and team building skills
- Experience leading highly sensitive projects
- Experience dealing with Red Team regulatory requirements such as:
- CBEST
- TIBER
- iCast
- CORIE
- AASE
- CBEST
- Exploit development
- Purple teaming
- Attack simulation
- Penetration testing
Requirements
- Education to degree level or above (Desirable) or relevant work experience
Experience / Skills
- English - Fluent written and spoken
- Proven written and verbal communication skills
- Strong team management, leadership and team building skills
- Ability to develop clear business impact and justification to drive investment in team capabilities
- Demonstrated experience running highly sensitive projects
- Demonstrated experience in meeting red team regulatory requirements
- Understanding of TLPT Frameworks such as CBEST, iCast, TIBER, CORIE, AASE
- Demonstrable experience in vulnerability identification and exploitation
- Participation in the Cyber Security industry.
- Knowledge of malware packing, obfuscation, persistence, exfiltration techniques
- Knowledge on bypassing security controls such as DLP, Endpoint Protection, Firewalls, IDS/IPS and Web Proxies
- Demonstrable experience in tooling, automation and prototyping
- Demonstrated experience in source code review
- Demonstrated experience in penetration testing
You’ll achieve more when you join HSBC.
HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.
Issued by The Hongkong and Shanghai Banking Corporation Limited.