Some careers have more impact than others.
If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be.
We are currently seeking an experienced professional to join our team in the role of Lead IT Security Analyst
Business: Cybersecurity
Principal responsibilities
• As a SAST (Static Application Security Testing) to provide SAST scanning support service, e.g. scanning onboarding service , scanning rules review , SDLC control related task
• Defining and driving scanning product vision, strategy/ road map and metrics; balancing requirements around usability, productivity, security and scale to create optimal experiences for engineering application teams.
• Performing continuous capability assessment and driving improvements of the security scanning product efficacy, coverage, quality, false-positive ratio, service processes and procedures.
• Defining and maintaining scanning tool configuration, ruleset and policy and revising as required to minimise false positive ratio.
• Leading and executing the creation, review and maintenance of security scanning quality assurance approach and related documentation.
• Planning and executing project roadmaps to; enhance functionality and/or remediate identified security scanning product gaps.
• Monitoring new product and technology trends, risk and threat intelligence feeds to advance HSBC's security capabilities while balancing an excellent user experience.
• Partnering with key stakeholders including engineering application teams, SDLC Federated Control Owners, Operational Resilience Risk, CCO Technology, Cybersecurity Risk Control Strategy and Cybersecurity Business Engagement.
Some careers have more impact than others.
If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be.
We are currently seeking an experienced professional to join our team in the role of Lead IT Security Analyst
Business: Cybersecurity
Principal responsibilities
• As a SAST (Static Application Security Testing) to provide SAST scanning support service, e.g. scanning onboarding service , scanning rules review , SDLC control related task
• Defining and driving scanning product vision, strategy/ road map and metrics; balancing requirements around usability, productivity, security and scale to create optimal experiences for engineering application teams.
• Performing continuous capability assessment and driving improvements of the security scanning product efficacy, coverage, quality, false-positive ratio, service processes and procedures.
• Defining and maintaining scanning tool configuration, ruleset and policy and revising as required to minimise false positive ratio.
• Leading and executing the creation, review and maintenance of security scanning quality assurance approach and related documentation.
• Planning and executing project roadmaps to; enhance functionality and/or remediate identified security scanning product gaps.
• Monitoring new product and technology trends, risk and threat intelligence feeds to advance HSBC's security capabilities while balancing an excellent user experience.
• Partnering with key stakeholders including engineering application teams, SDLC Federated Control Owners, Operational Resilience Risk, CCO Technology, Cybersecurity Risk Control Strategy and Cybersecurity Business Engagement.
To be successful in this role you should have proven experience within the Technology sector with knowledge of the following skills:
• Experience in DevSecOps including Agile and Waterfall Software Development Life Cycle.
• Experience in software source code security review and application development
• Experience on integration automation of various security technologies preferably Container Security Scanning (CONT) including Static application security testing (SAST), Dynamic application security testing (DAST), Mobile Application Security Testing (MAST) tools within DevOps tooling pipeline (Jenkins, GitHub, Chef, Ansible, Nexus, etc).
• Experience in cybersecurity principles, assessment and triage for security flaws and common vulnerabilities for web and mobile applications.
• Ability to understand and assess both threats and vulnerabilities, articulating these to both technical and business stakeholders.
Professional IT Security qualifications and/or certification.
• An inquisitive approach, always asking how to achieve goals in a smarter and more effective way.
• An ability and interest to learn and experiment with new approaches to vulnerability management, in different contexts, across the amazing scale that HSBC brings.
• Experience of working in international and diverse environments.
• Experience in engaging with business, technology, regional and regulator stakeholders.
• Ability to communicate to executive leadership – effectively translating technical gaps into business risk.
• Ability to prepare concise presentations and updates for senior management.
• Influential, credible and persuasive, active listener, embraces HSBC Values, shows good judgement and demonstrates high level of communication skills in order to achieve effective stakeholder management.
• Experience/ understanding of threat modelling and third party security assessments would be beneficial.
• Good spoken and written communication and ability to adapt style based on audience (Fluent in spoken / written English).
About HSBC Technology China
We develop, implement and support software and IT services and processes that allow HSBC to remain at the forefront of high-quality banking systems.
You’ll achieve more when you join HSBC.
HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.”
Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.
Issued By HSBC Software Development (GuangDong) Limited
To be successful in this role you should have proven experience within the Technology sector with knowledge of the following skills:
• Experience in DevSecOps including Agile and Waterfall Software Development Life Cycle.
• Experience in software source code security review and application development
• Experience on integration automation of various security technologies preferably Container Security Scanning (CONT) including Static application security testing (SAST), Dynamic application security testing (DAST), Mobile Application Security Testing (MAST) tools within DevOps tooling pipeline (Jenkins, GitHub, Chef, Ansible, Nexus, etc).
• Experience in cybersecurity principles, assessment and triage for security flaws and common vulnerabilities for web and mobile applications.
• Ability to understand and assess both threats and vulnerabilities, articulating these to both technical and business stakeholders.
Professional IT Security qualifications and/or certification.
• An inquisitive approach, always asking how to achieve goals in a smarter and more effective way.
• An ability and interest to learn and experiment with new approaches to vulnerability management, in different contexts, across the amazing scale that HSBC brings.
• Experience of working in international and diverse environments.
• Experience in engaging with business, technology, regional and regulator stakeholders.
• Ability to communicate to executive leadership – effectively translating technical gaps into business risk.
• Ability to prepare concise presentations and updates for senior management.
• Influential, credible and persuasive, active listener, embraces HSBC Values, shows good judgement and demonstrates high level of communication skills in order to achieve effective stakeholder management.
• Experience/ understanding of threat modelling and third party security assessments would be beneficial.
• Good spoken and written communication and ability to adapt style based on audience (Fluent in spoken / written English).
About HSBC Technology China
We develop, implement and support software and IT services and processes that allow HSBC to remain at the forefront of high-quality banking systems.
You’ll achieve more when you join HSBC.
HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.”
Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.
Issued By HSBC Software Development (GuangDong) Limited