Cybersecurity Testing and Education Specialist

Some careers shine brighter than others.

If you’re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

Your career opportunity

Cybersecurity is responsible for enabling businesses and functions to manage their information security risks as well as ensuring risk and controls are assessed and implemented appropriately, objectively and independently through professional and specialized subject matter experts.

The Cybersecurity Education Specialist is an internal facing role that reports to the Non-Technical Service Delivery Lead. The team has the responsibility of managing social engineering tests across the Bank; identifying and executing remediation activities for gaps noted.

What you’ll do

• Support the management and execution of an annual Social Engineering Testing programme for Global Businesses (GB), Global Functions (GF), and Regions (R), including both general and targeted simulations.
• Conduct reconnaissance of testing targets to select the appropriate testing approach and strategy.
• Ensure the programme meets regulatory expectations for periodically testing staff awareness of social engineering threats.
• Enhance staff awareness and education on security threats from social engineering attacks against HSBC.
• Consider potential threat actors and the available attack surface, such as physical access, emails, phone, and social media.
• Employ a risk-based approach to running social engineering tests and campaigns, covering phishing, phone, and digital attacks.
• Collaborate with stakeholders across the bank to support the execution of social engineering tests and address gaps with targeted remediation plans.
• Maintain detailed records of testing, remediation plans, and reports for audits and continuously improve the programme through knowledge exchange with cybersecurity peers.

What you need to have to succeed in this role

• Extensive experience in information security and/or IT risk management with a focus on security, performance, and reliability.
• Strong expertise in cloud technologies and integration with on-prem data centres, particularly Kubernetes and GCP.
• Senior experience owning and developing application and service architectures including the processes, infrastructure layers and application layers and how to integrate through SDLC build services such as CI and CD pipelines.
• Extensive experience with microservice architecture in Kubernetes
• Solid understanding of security protocols, cryptography, authentication, authorisation, and security.
• Good understanding of the foundation of SDLC and software delivery including DevOps and DevSecOps culture.
• Knowledge of Security Scanning tools and platforms including Nessus, Nessus IQ, Checkmarx, Netsparker, Aquasec (desirable but not essential).
• Knowledge of Vulnerability Scanning Capabilities (MAST, DAST, SAST, IAC, FOSS/SCA, Cloud, Infrastructure).

What we offer

• Competitive salary
• Annual performance-based bonus
• Additional bonuses for recognition awards
• Multisport card
• Private medical care
• Life insurance
• One-time reimbursement of home office set-up (up to 800 PLN).
• Corporate parties & events
• CSR initiatives
• Nursery discounts
• Financial support with trainings and education
• Social fund
• Flexible working hours 
• Free parking

If your CV meets our criteria, you should expect the following steps in the recruitment process:

• Online behavioural test 
• Telephone screen 
• Job interview with the hiring manager

We are looking to hire as soon as possible so don’t wait and apply now!

You'll achieve more when you join HSBC.