1. Home
  2. IT development
  3. Lead IT Security Analyst

Offers “HSBC”

New
HSBC

Lead IT Security Analyst

  • Chine, Moçambique
  • IT development
Apply Now

Job description

Job description

Some careers have more impact than others.
If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be.

We are currently seeking an experienced professional to join our team in the role of Lead IT Security Analyst

Business: Cybersecurity

Principal responsibilities

The role will report to a CSAT Development lead working within an agile / DevSecOps environment. You will be involved in a varied range of engineering activities, including but not limited to developing integrations to 3rd party products, designing, developing, and deploying new REST API services used by internal end-users, building data pipelines and ETL jobs, creating CICD pipelines, bug fixing existing services raised via the service desk, developing automated test scripts, code peer reviews, to many other activities. Our preferred programming language is Python, and we follow microservice design principles to ensure services remain loosely coupled and scalable.  

The role will partner heavily with cybersecurity experts across CSAT to deliver solutions that help keep the bank secure. Such solutions can include the integration and automation of third-party scanning tools such that they periodically detect for vulnerabilities across the estate, and report these back to relevant stakeholders. Other solutions can include building in-house scanning capabilities that look for certain types of security weaknesses. 

As a Full Stack Engineer, your responsibilities will include the following: 

•    Work with and support your pod’s product owner and development lead in designing, developing and delivering software solutions that meet stakeholder requirements. 
•    Work with Cybersecurity experts in understanding and refining requirements, delivering on features iteratively, whilst also proposing new technologies and solutions to help keep the bank secure. 
•    Adhere to the team’s design and development patterns, and in collaboration with the development lead actively identify bottlenecks and improve software development efficiencies. 
•    Adhere to the team’s governance procedures surrounding requirements intake, release and incident management, and actively contribute towards further streamlining processes (through automation). 
•    Ensure the operability of existing services, including L2/L3 troubleshooting, bug fixing, and writing automated test cases and any further technical documentation needed to support delivered code. 
•    Undertake peer reviews and to lead by example junior developers in the team.

Requirements

•    Must be able to demonstrate extensive Python web development experience, using frameworks such as FastAPI (being the preference), Flask and/or Django. 
•    Must have experience developing data pipelines, primarily in Python, using libraries such as Pandas, Numpy, and tools such as Airflow, Luigi, etc.  
•    Must have experience working with Message Queue systems, such as Kafka, Rabbit, etc. 
•    Must have a strong understanding of microservice architectures and be knowledgeable on the implementation of concepts such as CQRS, SAGA and event sourcing. 
•    Must have experience building and deploying services to containers, using tools such as Docker and Kubernetes. 
•    Must have experience building and deploying services through CICD pipelines, with hands-on experience using tools such as Jenkins, Gitlab, etc. 
•    Must have strong sysadmin skills in Linux, coupled with a solid understanding of computer systems and networks in general, e.g. TCP/IP, DNS, Firewalls, Subnetting, etc. 
•    Must be proficient with Git and a working familiarity of several branching strategies such as GitFlow, Trunk based, etc. 
•    Must have a good understanding and reasonable experience in frontend development, at a minimum using languages such as HTML, CSS, JavaScript. 
•    Must have strong SQL programming skills and be able to construct complex queries. 
•    Must demonstrate a test-driven mindset, backed by experience developing automated tests cases, be it unit, integration, functional and non-functional tests. 
•    Must be knowledgeable of agile and DevSecOps delivery processes within the context of working in a highly regulated environment and be comfortable using tools such as Jira and Confluence. 
•    Must be articulate, with very good verbal and written communication skills. This is essential as you’ll be part of a global team consisting of engineers and non-engineers alike. 
•    Must be able to demonstrate an ability to work and lead in a fast paced, team focused environment with a proven track record of delivering and completing assigned tasks as an individual, and as a team. 
•    Must demonstrate a willingness to continuously learn and share learnings with others. Our architecture is constantly evolving in line with new technologies being introduced as well as emerging threats.

Nice to have:

•    Cybersecurity related experience would be highly advantageous, be it working with automated application security testing tools (e.g. SAST, DAST), performing Penetration Tests, Fuzz testing and/or any threat detection and exploitation techniques. 
•    Strong experience building, deploying and operating infrastructure to a major cloud platform, such as AWS, GCP, Azure and/or Ali, using tools such as Terraform to provision and manage infrastructure as code, operational monitoring tools such as Prometheus, and service mesh tools such as Anthos. 
•    Strong frontend development experience, preferably in a JavaScript based language/framework such as React. In addition, experience developing and/or integrating with customer analytics products such as Matomo, and any further design and/or UX experience would be highly advantageous. 
•    Strong database administration / architecture experience, working with several relational database systems such as MSSQL, Postgres, as well as non-relational such as Mongo. Coupled to this, you will also have experience managing databases in a loosely coupled environment, with very strong performance and tuning skills.

About HSBC Technology China

We develop, implement and support software and IT services and processes that allow HSBC to remain at the forefront of high-quality banking systems. 

You’ll achieve more when you join HSBC. 

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.” 

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website. 

***Issued By HSBC Software Development (GuangDong) Limited***

Make every future a success.
  • Job directory
  • Business directory
    •