Job Description

The health and safety of our employees and candidates is very important to us. Due to the current situation related to the Novel Coronavirus (2019-nCoV), we’re leveraging our digital capabilities to ensure we can continue to recruit top talent at the HSBC Group.  As your application progresses, you may be asked to use one of our digital tools to help you through your recruitment journey.  If so, one of our Resourcing colleagues will explain how our video-interviewing technology will be used throughout the recruitment process and will be on hand to answer any questions you might have.   Some careers shine brighter than others.   If you’re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.   HSBC is one of the largest banking and financial services organizations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realize their ambitions.   We are currently seeking an experienced professional to join our team in the role of Secure Development Lifecycle senior consultant – SAST/DAST/MAST/etc.   In this role you will: - Contribute to develop and adopt security utilities and tools that will enable development teams to operate more efficiently and securely - Be "hands on" with technology and to contribute to the design, development and support development teams with security recommendations and adoption of tools. - Contribute to process, procedures, and tool identification/development.   - Liaison with Developers, Project Managers to understand the working of an application, how effectively they are implemented and where security mechanisms are employed. - Liaise with key stakeholders and peer teams within Technology to ensure key data points, such as accurate inventory data, are both appropriately defined and delivered. - Train Development teams on Security tooling platforms - Oversight of changes in the risk profile through development of metrics and analysis of risks and controls - Support the team with activities such as quality reviews, audit requirements and service desk management - Strong understanding of general security concepts and principles and application specific security concepts and principles. - Strong understanding of Software Development Life Cycle (SDLC) with a focus on security. - Excellent understanding of platform-specific security risks, common vulnerabilities for web and mobile applications, microservices (REST, SOAP) architecture and their mitigations - Good understanding of security flaws in Java, J2EE, Objective C, Swift and Kotlin programming languages - Strong security understanding of common public cloud environment (including AWS, GCP, Azure, Alicloud) - Knowledge of Common Vulnerability Scoring System (CVSS) - Proficiency with industry tooling, for example: Tenable.io, Nessus, Checkmarx, Netsparker, Kryptowire, IriusRisk, Aqua, etc. - Knowledge on integration & automation of various security technologies including SAST, DAST, MAST, IAST, container security tools within DevOps tooling pipeline (Jenkins, GitHub, Chef, Ansible, Nexus, etc)   You’ll achieve more when you join HSBC. www.hsbc.com/careers   HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.   Issued by – HSBC Software Development India