Senior Red Teamer – Cybersecurity Research and Offensive Security (CROS)
Big Bank Funding. FinTech Thinking.
Our technology teams in the UK work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world, to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world’s leading international bank.
Our multi-disciplined teams include: DevOps engineers, IT architects, front and back end developers, infrastructure specialists, cyber experts, as well as project and programme managers.
We work in small, agile DevOps teams with colleagues around the world from our offices at the in Southwark, our global headquarters in Canary Wharf, and multiple other locations around the UK including Sheffield, Leeds, Barnsley and Birmingham.
Business area overview
In a rapidly changing technology landscape, security research and offensive security are important components in positioning HSBC to better protect itself and to manage risk more effectively. This is accomplished by analysing the most critical areas across the bank, simulating real-world attacks, performing regular penetration testing and innovating approaches to find vulnerabilities, that can materially drive a more thorough understanding of cybersecurity attacks and a proactive approach to enhance the security posture of the bank.
The Cybersecurity Research and Offensive Security (CROS) function is building up its capabilities to form a global team of highly skilled red teamers
The Red Team, within the Global CROS function, conducts targeted assessments against critical areas of the Bank, designed to simulate real-world attacks; focusing on people, process and technology.
What you will be doing;
The role holder will be responsible for managing and executing threat intelligence led Red Team engagements and leading a team of highly skilled red teamers. Additionally, the role holder will be responsible for managing stakeholders (including regulators) to clearly scope Red Team engagements, define objectives and direct a delivery approach that minimises operational risk.
This individual will support growth and engage with a diverse set of stakeholders in order to achieve CROS objectives, including Business and Functions, Cybersecurity leads, Head of Cybersecurity functions, Control Owners and Regulators.
What you will bring to the role;
The successful candidate will have a proven track record on delivering red team assessments. Additionally, the to be successful in this role the candidate should meet the following requirements:
- Experience leading highly sensitive projects
- Experience dealing with Red Team regulatory requirements
- Exploit development
- Purple teaming
- Attack simulation
- Penetration testing
Education to degree level or above (Desirable) or relevant work experience
Experience / Skills
- English – Fluent written and spoken
- Proven written and verbal communication skills
- Strong team management, leadership and team building skills.
- Ability to develop clear business impact and justification to drive investment in team capabilities
- Demonstrated experience running highly sensitive projects.
- Demonstrated experience in meeting red team regulatory requirements.
- Demonstrable experience in vulnerability identification and exploitation.
- Participation in the Cyber Security industry.
- Knowledge of malware packing, obfuscation, persistence, exfiltration techniques
- Knowledge on bypassing security controls such as DLP, Endpoint Protection, Firewalls, IDS/IPS and Web Proxies.
- Demonstrable experience in tooling, automation and prototyping.
- Demonstrated experience in source code review.
- Demonstrated experience in penetration testing.
This role will primarily be London based ,other UK base locations maybe considered but some travel may be required.
Come Power a Business that Defines How to Power the World
As a business operating in markets all around the world, we believe diversity brings benefits for our customers, our business and our people. This is why HSBC is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of ethnicity, religion, age, physical or mental disability/long term health condition, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, and any other characteristic protected by local law in the jurisdictions in which we operate.
Within the work place you will have access to various employee resource groups which aim to promote and achieve a healthy work / life balance and support our diversity ambitions.
HSBC has in place processes in order to avoid nepotism, which means to avoid creating circumstances in which the appearance or possibility of conflicts of interest may exist within the hiring process.
Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.
Email: [email protected]
Tel: +44 (0) 207 832 8500