Security Consultant

Main Responsibilities and Key Deliverables:

• Provide security consultancy on specialist strategic topics
• Work closely with vendors, platform teams and subject matter experts (SMEs) where necessary in order to drive out architectural decisions, design statements and exceptions.
• Take the lead on solving security challenges and issues where the problem scenario is not covered by a pattern, standard or existing strategy.
• Surface strategic and architectural decisions through the approved governance or oversight channels as defined by the banks operating model.
• Where embedded within a project, act as a primary resource ensuring commitment to attend all appropriate calls and meetings in order to provide the level of support required.
• Acts as a buffer between the speed of continuous integration and the need for strategic security and managing overall business and security risks
• Act as the first point of contact for IT Security questions and queries
• Participate in IT Security engagement activities (e.g. risk assessment and threat modelling sessions, security risk review etc.);
• Identify security risks as they arise, communicate it as appropriate and ensure relevant stakeholders are involved for the adequate mitigation or remediation
• Provide guidance to the teams and stakeholders of IT Security by referring to policies and standards
• Promote the adoption of security tooling in line with the development lifecycle and HSBC approved toolset;
• Identify and make recommendations geared at increasing teams velocity through self-sufficiency in terms of IT Security
• Educate teams in terms of their security capabilities
• Identify, engage and establish relationships with key stakeholders
• Assess Dev team IT Security profile, controls, and level of engagement
• Provide advice and guidance to relevant stakeholders about the IT Security engagement model improvement

Technical Skills:

• Security Architecture or Security Solution Architecture experience
• Security solution design or security design document review and preparation
• Experience of cloud platforms (Azure, AWS and GCP) and experience in performing security review against applications deployed in cloud.
• Experience in container security, microservice security, API security and Kubernetes or other container orchestration products
• Have experience in application risk assessment, threat modelling
• Proficient in application security review of Web, Mobile and API.
• Ability to assess and identify any possible vulnerabilities/risks in technology being developed prior to implementation
• Experienced in web application, API Security, and mobile application security testing in conformance to various industry standards like OWASP top 10, SANS top 25 etc.
• Good to have knowledge on programming and scripting skills in languages like Java, JavaScript, Angular, Spring Boot etc.
• Good to have experience on app/API IAM/authentication/authorization products
• Strong understanding of the security threat landscape, awareness of major historical and recent vulnerabilities, awareness of security industry responses to significant threats
• Strong understanding of Zero Trust security including detailed knowledge of concepts, industry whitepapers and practical implementations
• Strong understanding of security industry trends, hot topics, commercial and vendor capability awareness
• Educated to degree level desirable but not essential