Job
Description
Some careers shine brighter than others. If you re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions. We are currently seeking an experienced professional to join our team in the role of Secure Development Consultant Specialist In this role, you will: Contribute to develop and adopt security utilities and tools that will enable development teams to operate more efficiently and securely. Be "hands on" with technology and to contribute to the design, development and support development teams with security recommendations and adoption of tools. Contribute to process, procedures, and tool identification/development. Liaison with Developers, Project Managers to understand the working of an application, how effectively they are implemented and where security mechanisms are employed. Stay up to date within the industry of new trends, and best practices. Training and supporting developer and security champion activities to improve the quality of security scanning services to maximize the benefit for application teams. Oversight of changes in the risk profile through development of metrics and analysis of risks and controls Support the team with activities such as quality reviews, audit requirements and service desk management. Requirements To be successful in this role, you should meet the following requirements: Understanding of integration & automation of security technologies in at least two from SAST, DAST, MAST, container security tools within DevOps tooling pipeline (Jenkins, GitHub, Chef, Ansible, Nexus, etc). Proficiency in one or more industry security tooling (Checkmarx, Invicti(Netsparker), Quokka(Kryptowire), IriusRisk, Aquasec, etc. ) would be beneficial. Experience in DevSecOps with a focus on security. Knowledge of security flaws in different programming languages. Understanding of common public cloud environment (including AWS, GCP, Azure, Alicloud). Knowledge in implementing vulnerability identification tools within the development pipeline. Knowledge of Common Vulnerability Scoring System (CVSS). Knowledge of collaboration tools preferably JIRA and Confluence. Understanding of emerging technologies and its corresponding security threats would be beneficial. Strong analytical skills, including but not limited to attention to detail, research, data analysis, problem solving, evaluating and decision making.
