1. Home
  2. IT Security Red Team Tester

Offers “HSBC”

Expires soon
HSBC

IT Security Red Team Tester

  • Sheffield (South Yorkshire)
  • Design / Civil engineering / Industrial engineering
Apply Now

Job description

The IT Security Red Team Tester role is based within the Red Team, part of the HSBC Operating Services and Technologies (HOST) IT Security function.

The Red Team is an independent team that applies Cyber Threat Intelligence to deliver adversarial testing with the purpose of improving HSBC's capabilities. Through application of existing experience and knowledge of Red Team tactics you will help to shape and run Red Team campaigns.

This role will appeal to IT Security / Penetration Testers looking for a positive, enthusiastic working environment which encourages collaborative networking with like-minded security professionals globally.

This is a fantastic opportunity to work with a team of highly skilled information security professionals working within the financial services industry, that provides a unique chance for skilled Penetration Testers to broaden their skillset and test a variety of established and emerging technologies.

Training and development is actively encouraged at HSBC, with the opportunity to attend external training courses and the option to train in both technical and non-technical areas.

Your responsibilities will include:
·  Digesting and translating Cyber Threat Intelligence into bespoke attack scenarios for the purposes of measuring HSBC detection and response capabilities
·  Conducting targeted penetration testing of exercise and test events with the application of targeted sophisticated attacks as a simulated adversary
·  Participating in event planning stages to develop cyber assessment plans and conducting no-notice penetration tests against HSBC systems
·  Creating Red Team support materials (e.g. Probabilistic Attack Graphs, Cyber Exercise Playbooks etc.)
·  Assisting with the on-boarding of new members of the Red Team through work shadowing and knowledge transfer sessions
·  Supporting the identification of controls to remediating and/or mitigating identified security weaknesses of systems, applications, processes and procedures.
·  Ensuring that testing is conducted in accordance with regulatory frameworks and compliance requirements
·  Supporting the application of consistent use of Group and industry standard Test methodologies, standards and tools (including metrics).
·  Supporting/Managing and providing direction/expertise to all levels of Red Team personnel across a range of Red Team activities, including, but not restricted to, the creation of Probabilistic Attack Graphs, Cyber Exercise Playbooks, Test Strategies, risk assessments, scripting and execution. Ensuring these are completed on time/budget and to agreed level of quality. Undertaking these activities as required.
·  Supporting the production of high quality management information and reporting to appropriate stakeholders including metrics at a Group and/or local level.
·  Contributing to the definition of requirements for, and subsequent construction of, Red Team campaigns
·  Delivering fair outcomes for our customers and ensure own conduct maintains the orderly and transparent operation of financial markets.
·  Establishing and maintaining high quality communication and relationships, both internal and external to the Bank, as a representative of the Red Team function
·  Providing support, guidance and mentoring to other team members as required.
·  Undertaking a Red Team Tester role for small/medium complex projects as required (and relevant to experience), ensuring schedule/budget/quality requirements are met.
·  Providing support, training, mentoring to Red Team personnel where required on tools and technical subject matter.
·  Maintaining a strong awareness of technology and testing trends and industry best practice, and provide advice to Business/IT.
·  Undertaking additional tasks as directed by Line Management.

Desired profile

The ideal candidate for this role will have:
·  Relevant technical knowledge to be able to automate tasks using a scripting language (Python, Perl, Ruby, etc.)
·  The ability to perform targeted penetration tests without use of automated tools
·  Strong knowledge of networking protocols and packet analysis
·  Well versed expertise across multiple security technologies such as Firewalls, IDS/IPS, Web Proxies and DLP amongst others
·  Demonstrated specialist knowledge of malware packing and obfuscation techniques, software exploitation (web, client-server and mobile) on modern operation systems and of the Windows and *NIX operating systems
·  Familiarity with common reconnaissance, exploitation, and post exploitation frameworks
·  Past working experience in a relevant IT Security Testing or Penetration Testing role
·  Availability to undertake the travel required for this role, i.e. if the post holder is not already based locally to Sheffield, they will be required to travel to Sheffield regularly.
·  Experience working in relevant environment/s, i.e. Demonstrable understanding of financial sector, or other large organization, security and IT infrastructures is desirable but not essential
·  Role relevant qualifications, i.e. Security Testing Related Qualifications, including university and/or commercial certifications such as Cyber Security, CREST, CHECK, CHECK Team Leader, Red Team, OSINT, Pen Tester, Penetration testing, pen-tester, CTL, CTM, CCT, CRT, CCSAM, CCSAS, OSCP, CSSLP is desirable but not essential
·  Past working experience in a relevant Red Team role is desirable but not essential
·  Self-awareness with confidence to work independently and take responsibility for own development
·  Both spoken and written communication skills with experience of adapting your style and approach to the audience and message to be delivered
·  Planned projects and activities systematically in line with business priorities, using a variety of analysis and problem solving techniques
·  A comprehensive understanding of the regulatory frameworks and compliance requirements associated with financial services and experience of working within these
In addition to the details listed above, the ideal candidate will have:
·  A passion for cyber security and a willingness to commit to the further study required and creativity to keep pace with the application of the latest threat concepts and techniques
·  The ability to coordinate, work with and gain the trust of business stakeholders to achieve a desired objective
·  Strong attention to detail in conducting analysis, combined with an ability to accurately record full documentation in support of their work

The base location for this role is Sheffield, however it is possible that the role can be delivered remotely from the UK, with campaign based attendance in Sheffield.

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment.

Key search words: Cyber Security, CREST, CHECK, CHECK Team Leader, Red Team, OSINT, Pen Tester, Penetration testing, pen-tester, CTL, CTM, CCT, CRT, CCSAM, CCSAS, OSCP, CSSLP, Sheffield

Make every future a success.
  • Job directory
  • Business directory
    •