Principal Security Researcher

If you’re looking for a career that will help you stand out, join HSBC, and fulfil your potential - whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.

We are currently seeking an experienced professional to join our team in the role of Principal Security Researcher.

The Security Research team, within the Global Offensive Security function, provides a specialist approach to assessing the security of systems and technology, identifying previously unknown vulnerabilities and new attack techniques.

As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK-based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.

In this role you will:

• Deliver security research projects focused on HSBC critical services, ensuring that design, quality and implementation of controls do not expose the bank to a significant level of risk.
• Identify previously unknown vulnerabilities and new attack techniques.
• Work with key stakeholders to proactively drive the reduction in Cybersecurity risks and improve the security risk posture of HSBC within the business risk appetite.
• Provide subject matter expertise and guidance to a broad range of stakeholders across global business and functions.
• Engage with relevant programmes that are critical to the bank.
• Understand the financial services industry security and threat landscape.
• Engage with a diverse set of stakeholders to achieve OffSec objectives, including Business and Functions, Cybersecurity leads, Head of Cybersecurity functions and Control Owners.
• Achieve excellence by driving performance, compliance and security.
• Develop tools and automation of processes to enhance security assessment.
• Present strong teamwork attitude with the global OffSec as well as all Global Businesses and Functions.
• Establish and maintain productive relationships across the bank in the client facing role.
• Identify new project opportunities and demonstrate innovative thinking.
• Analyse and interpret the evolving security threat landscape.
• Use innovation in security to address the needs of customers and stakeholders.

To be successful in this role you should meet the following requirements:

• Demonstrated experience in penetration testing
• 0-day discovery and vulnerability disclosure experience
• Understanding of analysis of common operating system, such as Linux, Windows, Google Android and iOS.
• Demonstrated experience in third party vulnerability disclosure
• Demonstrated experience in black box software security review techniques, including ‘fuzzing’ and reverse engineering
• Leadership skills and the ability to manage stakeholders and staff.

This role is based in Sheffield.