Principal Security Researcher

Join a digital first bank that's powered by people.

Our technology team builds innovative digital solutions rapidly and at scale to deliver the next generation of banking services for our customers around the world.

In our cybersecurity team you'll be helping to safeguard the financial system on which millions of people depend.

You'll be making banking more secure by designing, implementing, and operating controls to manage cybersecurity risk. You'll help define HSBC Group cyber security standards, deliver Global Security Operations ad Threat management services, provide round-the-clock monitoring and security incident response services, and oversee Network/Application/Infrastructure Security. The work you do will provide assurance of the adequacy and effectiveness of security controls to Business Risk Owners.

Offensive Security provides an independent challenge to HSBC's cybersecurity posture by bringing the attacker's mindset to find and exploit vulnerabilities and to simulate real-world attacks. Through this, OffSec discover weaknesses across people, process, and technology, enabling the Firm to better understand its exposure to cybersecurity attacks and to drive a proactive approach to protect itself and to manage risk more effectively.

The Security Research team, within the Global Offensive Security function, provides a specialist approach to assessing the security of systems and technology, identifying previously unknown vulnerabilities and new attack techniques.

As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK-based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.

In this role you will:
• Deliver security research projects focused on HSBC critical services, ensuring that design, quality and implementation of controls do not expose the bank to a significant level of risk.
• Identify previously unknown vulnerabilities and new attack techniques.
• Work with key stakeholders to proactively drive the reduction in Cybersecurity risks and improve the security risk posture of HSBC within the business risk appetite.
• Provide subject matter expertise and guidance to a broad range of stakeholders across global business and functions.
• Engage with relevant programmes that are critical to the bank.
• Understand the financial services industry security and threat landscape.
• Engage with a diverse set of stakeholders to achieve OffSec objectives, including Business and Functions, Cybersecurity leads, Head of Cybersecurity functions and Control Owners.
• Achieve excellence by driving performance, compliance and security.
• Develop tools and automation of processes to enhance security assessment.
• Engage with specialist technology functions such as, Cybersecurity Technology, Cybersecurity Operations and Security Architecture.
• Present strong teamwork attitude with the global OffSec as well as all Global Businesses and Functions.
• Establish and maintain productive relationships across the bank in the client facing role.
• Leadership skills and the ability to manage stakeholders and staff.
• Adhere to operational controls, as outlined in procedures and policies to ensure risks are identified and managed.
• Establish all necessary operational controls within the tools and systems used.
• Identify new project opportunities and demonstrate innovative thinking.
• Develop and maintain excellent relationships and receive positive feedback on interactions with clients and stakeholders.
• Demonstrate sensitivity to the realities and concerns of their stakeholders' situation.
• Analyse and interpret the evolving security threat landscape.
• Use innovation in security to address the needs of customers and stakeholders.

To be successful in this role you should meet the following requirements:
• Demonstrated experience in penetration testing
• 0-day discovery and vulnerability disclosure experience
• Understanding of analysis of common operating system, such as Linux, Windows, Google Android and iOS.
• Demonstrated experience in third party vulnerability disclosure
• Demonstrated experience in black box software security review techniques, including 'fuzzing' and reverse engineering

This role is based in Sheffield.

Opening up a world of opportunity

Being open to different points of view is important for our business and the communities we serve. At HSBC, we're dedicated to creating diverse and inclusive workplaces - no matter their gender, ethnicity, disability, religion, sexual orientation, or age. We are committed to removing barriers and ensuring careers at HSBC are inclusive and accessible for everyone to be at their best. We take pride in being a Disability Confident Leader and will offer an interview to people with disabilities, long term conditions or neurodivergent candidates who meet the minimum criteria for the role.

If you have a need that requires accommodations or changes during the recruitment process, please get in touch with our Recruitment Helpdesk:

Email: hsbc.recruitment@hsbc.com

Telephone: +44 207 832 8500