Head of Crowd-sourced Security Testing

Some careers shine brighter than others.

If you’re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

Your career opportunity

Offensive Security provides an independent challenge to HSBC’s cybersecurity posture by bringing the attacker’s mindset to find and exploit vulnerabilities and to simulate real-world attacks. Through this, OffSec discover weaknesses across people, process, and technology, enabling the Firm to better understand its exposure to cybersecurity attacks and to drive a proactive approach to protect itself and to manage risk more effectively.

What you’ll do

• Accountable for the delivery of the Bug Bounty to meet the requirements of HSBC’s cybersecurity controls, auditors, and global regulators.
• Responsible for ensuring the crowd is leveraged with well scoped with clearly defined objectives, and delivered on time through an approach that scales and minimises operational risk.
• Responsible for identifying thematic findings in line with threat actor techniques and procedures, and the shifting technology landscape within HSBC, and driving the crowd to target these areas.
• Accountable for the delivery of the change and continuous uplift across crowd-sourced testing.
• Global Control Operator for Crowd-sourced Security Testing under VIAO.3 (Offensive Security) control and protecting the bank’s technology, information, and customers.
• Leadership of a small team to manage operation of the Bug Bounty.

What you need to have to succeed in this role

• Proven experience in identifying and communicating security vulnerabilities across Web, APIs, Infrastructure, and Mobile (e.g., penetration testing).
• Experience in identifying vulnerabilities by leveraging “the crowd” (e.g., Bug Bounty)
• Experience working in highly sensitive projects and a highly regulated environment.
• Excellent communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external stakeholders.
• Excellent understanding of cybersecurity principles, global financial services business models, regional regulations and applicable laws.
• Formal education and advanced degree in Information Security, Cybersecurity, Computer Science or similar and/or commensurate demonstrated work experience in the same.

What we offer

• Competitive salary
• Annual performance-based bonus
• Additional bonuses for recognition awards
• Multisport card
• Private medical care
• Life insurance
• One-time reimbursement of home office set-up (up to 800 PLN).
• Corporate parties & events
• CSR initiatives
• Nursery discounts
• Financial support with trainings and education
• Social fund
• Flexible working hours 
• Free parking

If your CV meets our criteria, you should expect the following steps in the recruitment process:

• Online behavioural test 
• Telephone screen 
• Interview with the hiring manager. 

We are looking to hire as soon as possible so don’t wait and apply now!

You'll achieve more when you join HSBC.