Job Description

Job description

The health and safety of our employees and candidates is very important to us. Due to the current situation related to the Novel Coronavirus (2019-nCoV), we're leveraging our digital capabilities to ensure we can continue to recruit top talent at the HSBC Group. As your application progresses, you may be asked to use one of our digital tools to help you through your recruitment journey. If so, one of our Resourcing colleagues will explain how our video-interviewing technology will be used throughout the recruitment process and will be on hand to answer any questions you might have.

Some careers shine brighter than others.

If you're looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.

Department: -

Our Technology teams work closely with HSBC's global businesses to help design and build digital services that allow our millions of customers around the world; to bank quickly, simply and securely. We also run and manage our IT infrastructure, data-centres and core banking systems that power the world's leading international bank.

Our multi-disciplined Technology teams include amongst others: DevSecOps engineers, IT architects, front and back-end developers, infrastructure specialists, cybersecurity experts, and delivery, project and programme managers.

Following extensive investment across our Technology and Digital domains and with plans for continued expansion throughout 2021 and beyond, we are currently seeking a Global Head of Vulnerability Management to join the HSBC Cybersecurity team within Technology.

Brief overview of the business areas

Global Cybersecurity is responsible for enabling businesses and functions to manage their information, technology and cybersecurity risks by ensuring these are well-understood, and that controls used the manage such events are defined, assessed and implemented appropriately. Cybersecurity predominantly deliver this via objective, independent, professional and specialized subject matter experts. The role forms part of the first line of defence in relation to the risk management framework.

The Cybersecurity Assessment and Testing (CSAT) function, part of Global Cybersecurity, is accountable for Vulnerability Management, Secure Development (inc. DevSecOps), Threat and Controls Assessment (inc. threat modelling) and Third Party Security Assessment. The function drives the identification, capture, assessment, testing/verification and ultimately the remediation of security defects, gaps and vulnerabilities across HSBC's estate in conjunction with business and technology teams - on-premise, within the Cloud and for those resulting from third party engagements.

In this role, you will:

The role will report to the Development lead, working within an agile, DevSecOps environment. The role will be responsible for architecting, designing, developing, automating, deploying, and integrating tools within the global cybersecurity vulnerability management systems. The role will partner with the Secure Development team to design, create and evaluate solutions for day to day problems as well as working closely with Pen Testers and Application Security Engineering to integrate their tools and support the end-to-end secure deployment of security technologies across HSBC. Some travel may be required.

The role will be accountable for the following:

• Designing, developing, implementing, and supporting integration pieces for the various tools within the Vulnerability Management estate
• Implementing the agreed software system architecture
• Defining and implementing data structures, system designs and patterns
• Designing and implementing scalable web services, applications, and APIs
• Developing tools and scripts for reporting for operational teams across Cybersecurity
• Identifying bottlenecks and improving software efficiency
• Collaborating with the design team on the development of micro-services
• Troubleshooting and bug fixing
• Ensuring that issues raised in their area are solved and followed to conclusion
• Writing technical documents to support items that have been developed and delivered by the team.
• Proposing new technologies and techniques to quickly and comprehensively identify vulnerable infrastructure and platforms
• Collaborating with stakeholders at various levels across Cybersecurity and other IT teams, to develop solutions that protect HSBC
• Designing and driving the implementation of service offerings, capability uplifts, and process improvements to protect HSBC from a continuously changing threat landscape
• Acting as a coach and mentor for other team members

Requirements

To be successful in this role, you should meet the following requirements:

• Previous experience as a full stack engineer in an agile, DevSecOps environment
• 15+ years experience of back-end languages (e.g. Java, Python, .NET and PHP)
• 15+ years experience of Scripting Skills (e.g. Python, Perl and Bash)
• 15+ years experience of Debugging (e.g. stack traces, log files and other system outputs)
• 10+ years experience of SQL (e.g. MySQL, DB2, Oracle, MongoDB, PostgreSQL)
• 10+ years experience of front-end languages (e.g. HTML5, CSS, JavaScript, C++, and JQuery)
• 5+ years experience of Networking (e.g. TCP/IP, Subnetting, Firewalls, etc)
• 5+ years experience of System Administration (e.g. configuring /managing servers, Linux /Windows)
• 5+ years experience of Cloud Engineering (e.g. Alibaba, GCP, AWS, Azure)
• 5+ years experience of containers (e.g. Docker, Kubernetes)
• Knowledge of Vulnerability Scanning /Pen Testing /Red Teaming and associated scanning and consolidation products
• Knowledge of working with application security tools (e.g. SAST, DAST, MAST)
• Knowledge of Governance, Risk & Compliance processes
• Knowledge of Patch Management processes
• Automation and Orchestration driven mindset
• Good verbal and written communication skills
• Ability to work and lead in a fast paced, team focused environment with a proven track record of delivering and completing assigned tasks as an individual and as team
• Willingness to continuously learn and share learnings with others

Come Power a Business that Defines How to Power the World.

• As a business operating in markets all around the world, we believe diversity brings benefits for our customers, our business and our people. This is why HSBC is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of background, circumstances, age, disability, gender identity, ethnicity, religion or belief and sexual orientation.
• We want everyone to be able to fulfil their potential which is why we provide a range of flexible working arrangements and family friendly policies.
• As an HSBC employee, you will have access to tailored professional development opportunities and a competitive pay and benefits package.
• Personal data held by HSBC relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Candidate User Guide -

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Issued by - HSBC Software Development India