Principal Penetration Tester - Azcapotzalco, México - HSBC

HSBC

Empresa verificada

Azcapotzalco, México

hace 2 semanas

Publicado por:

Rodrigo Fernández

Reclutador de talento para beBee

Descripción

Some careers have more impact than others.

If you're looking for a career where you can make a real impression, join HSBC and discover how valued you'll be.

HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories.

We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.

- "At HSBC we offer our colleagues a greater number of days so that they can fully enjoy their wedding, take care of the new member of the family, or grieve the loss of a family member._

Our paid leave package is at the forefront in Mexico, now you have one more reason to be HSBC and proudly live a culture of wellbeing, balance and car care"_

We are currently seeking an experienced professional to join our team in the role of
Principal Penetration Tester**
Principal responsibilities

Manage the delivery of penetration tests across variety of technologies.
Ensure quality delivery of world class penetration testing.
Represent Cybersecurity function as technical penetration testing SME in internal and external discussions.
Drive and lead penetration tests and resulting deliverables, to aid in ensuring that the Bank operates within defined risk appetite.
Ensure that the penetration testing deliverables are met on time.
Lead/perform and own the design and delivery of penetration tests across variety of technologies.
Work within virtual teams of security and technical specialists to ensure quality delivery of world class security solutions to the business.
Lead penetration tests designed to highlight and clearly articulate risk to the business, in terms the business can understand.
Represent Cybersecurity function as technical SME in internal and external discussions.
Ensure adherence to the three lines of defense organizational model, with clear lines of responsibility, accountability and segregation of duties.
Collaborate with relevant stakeholders to enhances the delivery of a Cybersecurity strategy to secure the bank's technology, protecting and enhancing HSBC's values, reputation and stakeholder value.
Provide supervision, guidance and mentor less experienced members of a team

Support growth and engage with a diverse set of stakeholders

Requirements

Requeriments

Strong written and verbal communication skills in English language used for all formal communication.
Ability of critical thinking to form and clearly articulate identified issues and their consequences.
Ability to comfortably hold a conversation on cyber security aspects with both technical and nontechnical audience.
Maintain a wide breadth of penetration testing and/or leadership management skills to a significant degree of depth.
Understand the business context/significance of technical pentest findings.
Consistently output superior quality of deliverables.
Poses an entrepreneurial attitude to excel in loosely defined scenarios.
Ability to work independently or lead any size team of penetration testers.
Superior time management skills and selfdiscipline.
Demonstrated ability to solve complex technical problems.
At least 5 years of prior demonstrable handson experience in penetration testing.
Team management, leadership and team building skills
Experience leading highly sensitive projects
Experience managing large volumes of penetration tests
Experience dealing with penetration test regulatory requirements
Experience on Mobile security testing
Experience on Network/Infrastructure security testing
Solid understanding of the platform security models for iOS and Android platforms.
Practical knowledge of penetration testing of widely understood infrastructure, web and mobile technologies, using manual and automated testing methods.
Excellent TCP/IP knowledge and understanding of security implications/issues.
Proven programming/scripting skills.
Ability to explain security functionality from first principles.
Strong understanding of software development lifecycles especially DevOps
Experience with performing security code reviews for Java, Objective C, Swift and Kotlin programming Languages
Strong initiative, consensusbuilding and ability to collaborate directly with a variety of clients (business, development, compliance, etc.)
Experience with mobile security testing frameworks such as OWASP MASVS, OWASP MSTG.
Advanced knowledge of common security analysis tools and testing techniques especially for the mobile security space.
Handson experience with SAST, DAST, IAST tools and ways to supplement their limitations.
Knowledge of security verification of mechanisms & technologies such as SSL, Pinning, Biometric
Authentication, Out of Band Authentication, JWT, SAML, RASP, Oauth2 etc.
Prior software programming and development experience especially of iOS & Android platforms is a