Senior Penetration Tester

Job description

The Senior Penetration Tester role is based within the Security Testing team, part of Information Security Risk (ISR).  ISR's main objective is to protect HSBC’s assets (most importantly our brand), by assuring the confidentiality, integrity and availability of our information. This is achieved by ensuring that risks are fully understood and assessed and that appropriate Information Security controls are applied effectively and consistently across our organisation to mitigate them.
 
The role of a Senior Penetration Tester is to work on all aspects of security testing working closely with Cyber Intelligence, Development, Networks, Operations and Application Security teams within the HSBC Group to assist in the delivery of secure solutions to the business
 
Your responsibilities will include:
 
Designing and executing penetration tests against a variety of systems including web application, infrastructure, and mobile technologies
Identifying security weaknesses in HSBC developed applications and hosting environments
Delivering clear, concise, and technically detailed reports on security weaknesses of systems and applications 
Advising project teams of applicable remediation and/or mitigating controls
Collaborating with ISR colleagues globally to ensure quality delivery of security testing
Maintaining and developing areas of technical competence through advanced training to enhance penetration testing abilities
Ensuring the on-going security posture of HSBC applications and environments remain intact

Desired profile

The ideal candidate for this role will have:
Past working experience in a relevant role, i.e. knowledge of security testing methodologies and tools in application security testing and vulnerability scanning
Experience working in relevant environment/s, i.e. technical information security background
Role relevant qualifications, i.e. Security Testing Related Qualifications, including university and/or commercial certifications (e.g. CEH, CREST) is desirable but not essential
Past working experience on relevant systems, i.e. Linux, Windows and Embeded & Mobile Systems
Relevant product knowledge including: Nessus, BackTrack and Web Technologies (i.e. HTML, JavaScript, JSP, PHP, Java & ASP.net)
Willingness to undertake the training/study required in this role, i.e. a willingness to learn and develop security knowledge is essential.
Experience working in relevant environment/s, i.e. Knowledge of HSBC network Infrastructure and system architecture is desirable but not essential
Both spoken and written communication skills with experience of adapting your style and approach to the audience and
message to be delivered
Experience of using relevant software packages, i.e. OpenVAS and Metasploit is desirable but not essential
A comprehensive understanding of the regulatory frameworks and compliance requirements associated with financial services and experience of working within these
In addition to the details listed above, the ideal candidate will be an experienced tester looking to take the first steps in a management career, will have specialist security skills (e.g. developing customised testing tools), experience managing multiple projects and delivering to tight deadlines, excellent verbal and written communication skills, an interest in security research (e.g. new technologies, vulnerabilities and exploits) and be able to work as part of a global team.
 
The base location for this role is Sheffield.
 
At HSBC we are open to different ideas and cultures, connected to our customers, communities and each other and dependable by doing the right thing. These are the values that guide us every day and we seek to recruit people who share these values. We are also committed to increasing opportunities for our employees to work flexibly and welcome job share or flexible working applications.
 
Key search words: ISR; Information Security; Application Security; Security Testing; Security Tester; Penetration Tester; Cyber; Cyber Security