Principal Penetration Tester

Some careers shine brighter than others.

If you’re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

Your career opportunity

Principal Penetration Tester is responsible for providing subject matter expertise in Penetration Testing to support wider Cyber Security efforts and organization. The successful candidate will operate as part of a global/regional team within the Cybersecurity organization to provide expertise, oversight and assurance around security process, controls, standards and regulatory requirements.

What you’ll do 

• Perform highly technical/analytical security assessments of custom mobile applications, widely understood infrastructure and networks, web services and APIs. This covers manual penetration testing, source code and configuration review. 
• Clearly and professionally document root cause and risk analysis of all findings 
• Adhere to the security testing process and raise any gaps or opportunities for improvement with manager. 
• Work closely with the DevOps teams to ensure that the security testing requirements are met and help automate repetitive tasks. 
• Develop understanding of business functionality and apply testing methodology as appropriate to technologies and risks 
• Code and demonstrate basic proof-of-concept exploits of vulnerabilities when required. 
• Assist with coordination of security testing projects according to a structured process, including writing test plans, test cases and test reports. 
• Advise on vulnerability remediation, control implementation and secure development practices.

What you need to have to succeed in this role 

• Solid hands on experience in penetration testing and senior overall experience in IT industry
• Solid understanding of the platform security models for iOS and Android platforms
• Ability of critical thinking, clearly articulating identified issues and their consequences and comfortably hold a conversation on cyber security aspects with both technical and non-technical audience. 
• Strong written and verbal communication skills in English language - used for all formal communication. 
• Maintain a wide breadth of penetration testing and/or leadership management skills to a significant degree of depth.
• Understand the business context/significance of technical penetration testing findings. 
• Consistently output superior quality of deliverables. 
• Poses an entrepreneurial attitude to excel in loosely defined scenarios. 

Nice to have:

• Strong grasp of common technologies, protocols and architectures commonly used by mobile application. (HTML, XML, JavaScript, JSON, REST, Micro-services etc.) 
• Strong understanding of software development lifecycles especially DevOps
• Experience with dynamic and static application security testing and associated tools. 
• Experience with performing security code reviews for Java, Objective C, Swift and Kotlin programming languages.

What we offer

• Competitive salary
• Annual performance-based bonus
• Additional bonuses for recognition awards
• Multisport card
• Private medical care
• Life insurance
• One-time reimbursement of home office set-up (up to 800 PLN).
• Corporate parties & events
• CSR initiatives
• Financial support with trainings and education
• Nursery discounts
• Social fund
• Flexible working hours 
• Free parking

If your CV meets our criteria, you should expect the following steps in the recruitment process:

• Online behavioural test
• Telephone screen
• Job interview with the hiring manager

We are looking to hire as soon as possible so don’t wait and apply now!

You'll achieve more when you join HSBC.