Cybersecurity SME | 6 to 12 years of Experience | Pune, Bengaluru & Mumbai Locations

Your role

Work closely with vendors, platform teams and subject matter experts (SME’s) where necessary in order to drive out architectural decisions, design statements and exceptions. 

• Take the lead on solving security challenges and issues where the problem scenario is not covered by a pattern, standard or existing strategy.
• Surface strategic and architectural decisions through the approved governance or oversight channels as defined by the bank’s operating model. 

• Where embedded within a project, act as a primary resource ensuring commitment to attend all appropriate calls and meetings in order to provide the level of support required. 
• Acts as a buffer between the speed of continuous integration and the need for strategic security and managing overall business and security risks

• Act as the first point of contact for IT Security questions and queries
• Participate in IT Security engagement activities (e.g. risk assessment and threat modelling sessions, security risk review etc.);
• Identify security risks as they arise, communicate it as appropriate and ensure relevant stakeholders are involved for the adequate mitigation or remediation
• Provide guidance to the teams and stakeholders of IT Security by referring to policies and standards
• Promote the adoption of security tooling in line with the development lifecycle and HSBC approved toolset;
• Identify and make recommendations geared at increasing teams’ velocity through self-sufficiency in terms of IT Security
• Educate teams in terms of their security capabilities
• Identify, engage and establish relationships with key stakeholders
• Assess Dev team IT Security profile, controls, and level of engagement
• Provide advice and guidance to relevant stakeholders about the IT Security engagement model improvement

Your profile

• Industry recognised Information Security and Cyber Security qualifications is essential e.g. CISSP, CISA, OSCP, GIAC GPEN, GIAC GMOB 
• Strong understanding of security industry trends, hot topics, commercial and vendor capability awareness 
• Strong understanding of the security threat landscape, awareness of major historical and recent vulnerabilities, awareness of security industry responses to significant threats 
• Strong understanding of Zero Trust security including detailed knowledge of concepts, industry whitepapers and practical implementations 
• Educated to degree level desirable but not essential 
• Experience supporting major programmes and other project based activities 
• Security Architecture or Security Solution Architecture experience 
• Experience in creating, reviewing and approving security designs
• Experience with collaboration and knowledge management tools such as SharePoint, Teams, Confluence and JIRA 
• Hands on experience in working with DevOps and Agile teams following a secure software development lifecycle. Should be able to provide hands on leadership in improving automation and incorporating security as part of the CI/CD pipeline.
• Good to have experience in application risk assessment, threat modelling.
• Work closely with delivery teams to develop and monitor security risk remediation programme activities and actions to ensure delivery within acceptable timelines
• Proficient in application security review of Web, Mobile (Android and iOS), and API etc.
• Ability to assess and identify any possible vulnerabilities in technology being developed prior to implementation
• Good at application Security Testing like SAST, DAST and MAST experienced in web application, API Security, and mobile application security testing in conformance to various industry standards like OWASP top 10, SANS top 25 etc.

What you will love about working here

· We recognize the significance of flexible work arrangements to provide support. Be it remote work, or flexible work hours, you will get an environment to maintain healthy work life balance.

· At the heart of our mission is your career growth. Our array of career growth programs and diverse professions are crafted to support you in exploring a world of opportunities.

· Equip yourself with valuable certifications in the latest technologies such as Generative AI.