sharing the costs of sports activities
(Cybersecurity) Penetration Testing Team Lead
HSBC Service Delivery (Polska) Sp. z o.o.About the company
- Kapelanka 42a, KrakówKraków, Lesser Poland
- Valid for 3 daysuntil: 16 Jun 2021
- Remote recruitment
- Remote work
- contract of employment
- manager / supervisor
Technologies we use
About the project
This job role is responsible for providing subject matter expertise in Penetration Testing to support wider Cyber Security efforts and organization. The successful candidate will operate as part of a global/regional team within the Cybersecurity organization to provide expertise, oversight and assurance around security process, controls, standards and regulatory requirements.
Perform highly technical/analytical security assessments of custom mobile applications, widely understood infrastructure and networks, web services and APIs. This covers manual penetration testing, source code and configuration review
Clearly and professionally document root cause and risk analysis of all findings
Adhere to the security testing process and raise any gaps or opportunities for improvement with manager
Work closely with the DevOps teams to ensure that the security testing requirements are met and help automate repetitive tasks
Develop understanding of business functionality and apply testing methodology as appropriate to technologies and risks
Code and demonstrate basic proof-of-concept exploits of vulnerabilities when required
Assist with coordination of security testing projects according to a structured process, including writing test plans, test cases and test reports
Advise on vulnerability remediation, control implementation and secure development practices
Assess product release risk and complexity and identify potential misuse scenarios through review of business requirements and design specifications
Assist with tracking, remediation, and risk acceptance for identified security vulnerabilities
Assist in planning, test execution and vulnerability mitigation
Ensure that company security policies are implemented, enforced, and enhanced when appropriate
Participate in team discussions to formulate new or enhance existing processes and standards
Assist in security incident response activities
Adhere strictly to compliance and operational risk controls in accordance with company and regulatory standards, policies and practices; report control weaknesses, compliance breaches and operational loss events
Run evaluations of new security testing technologies and provide recommendations
Monitor security industry information sources and keep abreast of events, research, and developments.
Identify opportunities to improve our processes, quality of the work and efficiencies
Mentor junior team members
Strong understanding of software development lifecycles especially DevOps
Experience with dynamic and static application security testing and associated tools
Experience with performing security code reviews for Java, Objective C, Swift and Kotlin programming languages
Strong initiative, consensus-building and ability to collaborate directly with a variety of clients (business, development, compliance, etc.)
Experience with mobile security testing frameworks such as OWASP MASVS, OWASP MSTG
Knowledge of enterprise application design & common security issues associated with it
Advanced knowledge of common security analysis tools and testing techniques especially for the mobile security space
Hands-on experience with SAST, DAST, IAST tools and ways to supplement their limitations
Knowledge of security verification of mechanisms & technologies such as SSL, Pinning, Biometric Authentication, Out of Band Authentication, JWT, SAML, RASP, Oauth2 etc.
Prior software programming and development experience especially of iOS & Android platforms is a plus
Prior programming experience with Java, Kotlin, Objective C & Swift programming languages would be a plus
Prior experience with security testing or secure application development for a large enterprise would be a plus
Prior experience with cloud-hosted applications & services would be a plus.
Experience in reverse engineering or disassembly considered a plus
Professional certifications, but any relevant certification is a bonus
What we offer
Stable job in professional team,
Interesting path of career in an international organization,
Consistent scope of responsibilities,
Private health care, employees’ benefits.
private medical care
sharing the costs of foreign language classes
sharing the costs of professional training & courses
remote work opportunities
flexible working time
corporate sports team
doctor’s duty hours in the office
retirement pension plan
no dress code
video games at work
coffee / tea
parking space for employees
extra social benefits
employee referral program
opportunity to obtain permits and licenses
HSBC Service Delivery (Polska) Sp. z o.o.
HSBC is one of the world’s largest banking and financial services organisations. Our global businesses serve more than 40 million customers worldwide through a network that covers 64 countries and territories.
HSBC Service Delivery (Polska) Sp. z o.o. is HSBC's global finance, operations, risk and technology centre. We use our unique expertise and capabilities to provide specialised services – our people range from technologists transforming the banking experience to operations professionals managing 1.7 trillion payments a year.
Our Purpose – Opening up a world of opportunity – explains why we exist. We are bringing together the people, ideas and capital that nurture progress and growth, helping to create a better world – for our customers, our people, our investors, our communities and the planet we all share.