Associate Director, Software Engineering
Xi'an, China
Job description
Job description
Some careers have more impact than others.
If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be.
We are currently seeking an experienced professional to join our team in the role of Associate Director, Software Engineering .
Business: IWPB Technology
Principal responsibilities
Anti-Malware Scanning
·
Regular security intelligence gathering and analysis (horizon scanning).
·
Regularly scanning the mobile app environment and various devices for malware threats using specialized tools to detect and neutralize malicious or fraudulent behaviours, ensuring app security and user data protection.
Proactive and Regular Testing
·
Ongoing assessments like vulnerability scans and penetration tests to identify and mitigate security weaknesses.
Reviewing, Enhancing, and Optimizing Configurations Across Systems
·
Adjusting app security controls and related configurations to minimize vulnerabilities and optimize the mobile security environment for malware defence.
Deploying Capabilities onto Mobile Application Including Managing the Customer Experience
·
Review architectural designs and vendor's security solutions, provide recommendations.
·
Recommend enhancements of existing or deployment of new mobile security features.
·
Work closely with delivery teams to develop and monitor security risk remediation programme activities and actions to ensure delivery within acceptable timelines.
Creating and Owning Proactive and Reactive Customer Communications
·
Informing users about security updates and malware incidents, providing guidance within the app for proactive protection and response.
·
Educate teams in terms as to their security responsibilities, provide policies, guidance and mobile security engagement model.
Creating and Owning Incident Response Plans
·
Developing plans for detecting, isolating, and addressing malware threats in the app, ensuring quick recovery and minimal disruption.
Ongoing Governance
·
Establishing policies, monitoring systems, and ensuring regulatory compliance to maintain ongoing app security and effectiveness against malware threats. Maintaining SLAs and feedback loop with markets.
·
Surface strategic and architectural decisions through the approved governance or oversight channels as defined by the bank’s operating model
·
Participate in IT Security engagement activities (e.g. risk assessment and threat modelling sessions, security risk review etc.)
·
Anti-Malware Scanning
·
Principal responsibilities Principal responsibilities
Requirements
·
Strong understanding of security industry trends, hot topics, commercial and vendor capability awareness
·
Strong understanding of the security threat landscape, awareness of major historical and recent vulnerabilities, awareness of security industry responses to significant threats
·
Strong understanding of zero trust security including detailed knowledge of concepts, industry whitepapers and practical implementations
·
Experience in incident management, flows and documentation
·
Experience supporting major programmes and other project-based activities
·
Knowledge and experience with reverse engineering malware utilizing both dynamic and static analysis tools
·
Security architecture or security solution architecture experience
·
Experience in creating, reviewing and approving security designs
·
Experience with collaboration and knowledge management tools such as SharePoint, Teams, Confluence and JIRA
·
Hands on experience in working with DevOps and Agile teams following a secure software development lifecycle. Should be able to provide hands on leadership in improving automation and incorporating security as part of the CI/CD pipeline.
·
Good to have experience in application risk assessment, threat modelling
Technical skillset:
·
Proficient in application security reviews of mobile, web, and APIs, etc.
·
Ability to assess and identify any possible vulnerabilities in technology being developed prior to implementation
·
Knowledge of tools like Burp Suite, Postman, SoapUI, Checkmarx, Netsparker, Nexus IQ, etc. to perform the security testing and analysing the scanned report
·
Strong grasp of application security tooling, and experience of driving automation within the delivery environment
·
Industry recognised Information Security and Cyber Security qualifications is essential e.g. CISSP, CISA, OSCP, GIAC GPEN
·
Good at application security testing like SAST, DAST. Experienced in web application, API Security, and mobile application security testing in conformance to various industry standards like OWASP top 10, SANS top 25 etc.
·
Good to have knowledge on programming and scripting skills in languages like Java, JavaScript, Angular, Spring Boot, etc.
·
Good to have knowledge of cloud platforms (Azure, AWS and GCP) and experience in performing security review against applications deployed in cloud.
Non-technical skills:
·
Excellent communication skills are mandatory. The role demands a great deal of interaction with various global teams and so the role holder must be able to express themselves clearly verbally and in writing
·
Strong ability to translate between business talk and technical details is a must. The role requires interaction with non-technical business staff
·
Strong ability to prioritize security testing requirements
·
Critical thinking
·
Strong decision-making skills
·
A self-starter, able to act independently with minimal direction
What additional skills will be good to have:
·
Experience of mobile development, security analysis, integration, and testing on Android, iOS or HarmonyOS.
·
Familiar with Android, iOS or HarmonyOS system architecture, security mechanisms, security vulnerabilities and detection methods, proficient in using analysis and debugging tools
·
Experience in release AppStore, Google Play and response reviewer, security audit work.
HSBCAL/GZ*
About HSBC Technology China
We develop, implement and support software and IT services and processes that allow HSBC to remain at the forefront of high-quality banking systems.
You’ll achieve more when you join HSBC.
HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.
Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.
***Issued By HSBC Software Development (GuangDong) Limited Xian Branch***