Red Team Senior Analyst, Cybersecurity Assurance & Testing

This job has now expired please search on the home page to find live IT Jobs.

Some careers grow faster than others.

If you're looking for a career that will give you plenty of opportunities to develop, join HSBC and your future will be rich with potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

The IT Security team at HSBC are engaged to transform the way information security is accomplished at the bank and we are set to enable the business to do more, as securely as we want, or need to be. In short, in line with the Bank's strategy, we are to be Simpler, Better, Faster and of course - More Secure.

To achieve this we have many exciting challenges ahead and are looking for people with a real passion for what they would like to do. Working with some of the best technology talent we are searching for technologists and enablers that will help support us on this journey.

As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK-based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.

We are currently seeking an experienced individual to join this team in the role of Red Team Senior Analyst.

This job role is responsible for operating as part of a global team within the Cybersecurity organisation, to analyse and execute activities around Cybersecurity process, controls, standards and regulatory requirements.

The role will carry out some or all of the following activities:

* Ensure adherence to the three lines of defence organisational model with clear lines of responsibility, accountability and segregation of duties

* Ensure compliance with internal audit and external regulators that any organisational changes are fit for purpose and meet their expectations

* Analyse and execute activities to ensure compliance with HSBC Cybersecurity policies and standards

* Lead, design, execute intelligence-led Red Team operations utilising tactics, techniques and procedures (TTP's) which are aimed at achieving specific objectives set out at the start of the engagement

* Act as a role model to more junior members of the team

* Engagement with other Cybersecurity teams, senior management and members of the Business when confronted with potential security issues

* Expand their skills, knowledge and experience to enhance the overall capability of the function

The Red Team Senior Analyst is part of a global Cybersecurity team delivering Red Team assessments. The role will be required to perform hands on offensive activities as part of red team engagements against critical HSBC assets. This is an exciting role as the successful candidate will be exposed to the latest advanced industry technologies used to protect an organisation from external and internal threats.

The candidate will relish technical challenges and have an appetite for continuous learning and application of knowledge to achieve robust and effective assessments. In addition, the candidate must be able to demonstrate in-depth knowledge and experience around computer networking fundamentals, modern threats and vulnerabilities, attack methodologies and penetration testing tools.

The successful candidate will have a proven track record in conducting advanced network exploitation based engagements, application penetration tests and Red Team assessments.

To be successful in this role, the candidate should have expertise and strong experience in at least two of the following areas:

* Network based penetration testing.

* Application (web, mobile, etc.) penetration testing.

* Social engineering (email phishing, phone, physical, etc.)

* Red Team operations.

You will need to meet the following requirements:

* A solid understanding of networking fundamentals (all OSI layers, protocols, etc.)

* An understanding of Windows/Linux/UNIX operating systems

* Experience of operating system and software vulnerabilities and exploitation techniques

* An understanding of web application vulnerabilities and exploitation techniques, covering the OWASP Top 10 as a minimum

* Knowledge of and experience with commercial or open-source offensive security tools for reconnaissance, scanning, exploitation and post-exploitation (e.g. Burp Suite, Cobalt Strike, Metasploit, Nessus, Nmap, etc.)

* Ability to deliver high quality reporting on technical issues identified and providing remediation guidelines

* Familiarity with interpreting log output from networking devices, operating systems and infrastructure services

* Excellent written and verbal communication skills

* CREST Certified Tester (Application/Infrastructure) certifications or SANS (GPEN, GXPN, GWAPT) or Offensive Security (OSCP, OSCE) or other equivalent qualifications strongly desired.

The base location for this role is Sheffield

You'll achieve more when you join HSBC.

At HSBC we look to enable our employees to better balance their work / life priorities and have the flexibility required to meet challenging needs as they progress through different life stages. Where possible we will consider the following flexible working options: part-time working, job sharing, term-time working, and working from home and staggered hours. If in considering a role with HSBC you have a need for some flexibility in your working arrangements please discuss this with the recruitment team in the early stages of the application process.

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.