Description de l'offre
Application Security Engineer, Tooling SME
Some careers grow faster than others.
If you're looking for a career that will give you plenty of opportunities to develop, join HSBC and your future will be rich with potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.
The IT Security team at HSBC are engaged to transform the way information security is accomplished at the bank and we are set to enable the business to do more, as securely as we want, or need to be. In short, in line with the Bank's strategy, we are to be Simpler, Better, Faster and of course – More Secure.
To achieve this we have many exciting challenges ahead and are looking for people with a real passion for what they would like to do. Working with some of the best technology talent we are searching for technologists and enablers that will help support us on this journey.
As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK-based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.
We are currently seeking an experienced individual to join this team in the role of Application Security Engineer.
This hands-on role requires engineering and IT operations expertise working in a Cybersecurity capacity to automate and support application security technologies across range of operational platforms, such as AWS and Google Cloud Platform. Working as part of a global team you will be required to provide expertise on these technologies working closely with DevOps and Digital teams across all business lines of the organisation.
The Application Security Engineer is charged with protecting the HSBC brand, shareholder value, information and financial assets, part of a team that works across the globe in the following ways:
Support the delivery of tooling to implement controls ensuring compliance with HSBC Information Security policies and standards globally including any regulatory requirements.
Collaborate to drive the implementation of the enterprise wide and regional / business level IT Strategy.
Your responsibilities will include:
· Help implement and support new application security technologies to meet business requirements in line with latest industry trends and best practises.
· Day to day hands-on operational support of tooling services and troubleshooting of technical issues.
· Provide technical expertise, advice and guidance on supported tools and services to the business and IT teams,
· Service management and availability, providing a top tier support capability that exceeds business expectations.
· Working with vendors to enhance product capability and deliver greater value for the business.
· Ensuring any decisions, services and technologies are delivered and run in a compliant, effective manner and delivers appropriate benefit to the business.
· Provide technologies that better help the business grow and develop. Ensure that the business requirements are fully understood whilst ensuring the HSBC Security vision is delivered in live with business expectations.
· Work with IT and Business stakeholders to proactively deploy and build out technology solutions to help reduce risk while acting with the overall business risk appetite.
· Support key relationships in global cyber security and local IT. Cultivate strong relationships with organisationally important global and local stakeholders with a tailored approach
· Understand the financial services industry security and threat landscape
· Create a collaborative environment within the team, and externally with other teams (such as IT, ISR, Audit, etc.).
· Work with Integrity and always with the business in mind
· Adopt and roll-out global tools and processes when available. Understand the global IT Security expectations and drivers, to align frameworks. Engage with global teams to perform global tasks.
· Manage impacts of risk and control frameworks. Track and remediate any issue, finding or recommendation. Contribute when required to global and regional audits.
· Support a customer-centred culture, championing activities encouraging outstanding customer advocacy. Proactively seek opportunities to maximize IT security to improve business operations.
To be successful in this role you should meet the following requirements:
Cyber Security experience with a specific focus on application tooling (Static, Infrastructure, Real time and Dynamic Security tooling and processes)
Experience with some or all of the following tools - IBM Appscan, Contrast Security, Checkmarx, Tenable Nessus
Technical skills – Linux, Windows, SAST/IAST/DAST/RASP, troubleshooting, Shell Scripting and programming languages (Python, Java) are desirable
· Experience of implementing and/or supporting operational production services
· DevOps and pipeline technologies, and a strong grasp of DevSecOps practices
· Understanding of Cloud technologies and experience with AWS and GCP are desirable
· Previous experience working in architecture or application development roles is desirable
· A thirst for knowledge of emerging application security technologies is essential
· Ability to build strong relationships and communicate on complex IT Security issues within a wide spectrum of stakeholders and able to advise on technical matters to a non-technical audience
· Experience of building and deploying tooling to support Application Security tooling strategies
· Experience of Web Security technology aimed at the application layer
· Excellent written and spoken communication skills; an ability to communicate with impact, ensuring complex information is articulated in a meaningful way to wide and varied audiences
· A comprehensive understanding of risk management and proven experience of ensuring own/others' compliance with relevant regulatory processes
· Industry qualifications (CISSP, CISA, CISM) are desirable
The base location for this role is Sheffield.
You'll achieve more when you join HSBC.
At HSBC we look to enable our employees to better balance their work / life priorities and have the flexibility required to meet challenging needs as they progress through different life stages. Where possible we will consider the following flexible working options: part-time working, job sharing, term-time working, and working from home and staggered hours. If in considering a role with HSBC you have a need for some flexibility in your working arrangements please discuss this with the recruitment team in the early stages of the application process.
HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment.
Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.