The Cybersecurity Technology team is responsible for identifying, developing, and deploying global cybersecurity controls and solutions at HSBC- across all bank entities, Global Businesses (GB), and Global Functions (GF), and is under the management of the Cybersecurity CTO. Within this team includes dedicated functions for Vulnerability Management (VM) Engineering. Critical to the success of this team are their close partnerships with sister Cybersecurity teams, IT Infrastructure Delivery and Global Business and Function clients. The overall Cybersecurity Technology mission is placed under the purview of the Group Chief Information Security Officer (CISO).
The function of the Senior Python Developer will be to design and build software in support of the Vulnerability Management mission- and in other cases, work to integrate commercial off the shelf (COTS) solution into existing workflows and systems. The ability to turn requirements into reality using a strong scripting/programming/integrations background will be required. Additionally, familiarity with Cybersecurity concepts, tooling, and processes (including an understanding of the typical vulnerability management lifecycle) will make this candidate successful. Finally, the role will also be expected to guide, assist, and mentor junior members of the team while assisting in the setting of deadlines, expectation setting, and defining objectives.
As a Senior Python Developer, we expect that you'd be comfortable answering the below questions:
* Can you take a complex problem and break it down to workable pieces, in order to code a solution?
* Can you deploy and build servers and applications in isolated environments?
* Can you automate the installation of software from the command line (Bash)?
* Can you automate the pulling and putting of data from / to an API?
* Can you integrate with the SDLC (Git, Jenkins, JIRA)?
* Can you create clear and useful documentation (Confluence / Sharepoint)?
* Can you design a secure system?
* Can you parse and process different data formats (XML, JSON, etc)
* Can you create a resilient and scalable solution?
* Can you explain the different factors of a CVSS score?
* It is expected that this role will require some travel to meet with team members in different regions on occasion.
Impact on the Business/Function
* Supports the development of the Global Cybersecurity Technology function, engaging with colleagues across Cybersecurity and other IT functions to drive and deliver sustainable operational plans in line with department strategy.
* Leads and facilitates change through clear strategy, operational planning and effective communication and stakeholder management.
* Drives business performance, clear thinking and utilises experience whilst under pressure.
* Delivers sustainable business outcomes.
* Responsible for building effective technology and process control capability that is continuously re-factoring to meet evolving security and compliance needs
* Works closely with peers and business leads to build and implement controls in adlignment with risk-posture, architectural constraints, company strategic direction and industry trends and best practices.
* Drives delivery of the highest standards and outcomes, inspiring others to do the same. Focuses on medium and long term goals even when under pressure or facing uncertainty. Manages expectations, results and impact of agreed outcomes, thinking ahead to identify and overcome potential issues.
* Strategically drives innovation to gain competitive advantage, taking calculated, entrepreneurial risks to achieve business outcomes. Generates an environment in which innovation is seamlessly embedded into working practices.
Customers / Stakeholders
* Leads a customer-focused and collaborative culture by championing customer and stake-holder engagement throughout the team.
* Demonstrates an understanding of customer and stakeholder requirements by providing specialist input and knowledge and having a detailed understanding of the different short and long term shifts in business/function patterns of activity and demand.
* Understands and interprets developments and changes in future business requirement and ensures the appropriate reaction and response through discourse and the implementation of relevant, security focused, technical and procedural solutions.
* Strengthens stakeholder relationships and enhances key relationships using rapport-building expertise and appropriate influencing skills to add and increase stakeholder advocacy. Key relationships to include Functional heads across the other HOST functions and external account managers for third party suppliers and vendors, along with other regional counterparts across the globe, Cultivate strong relationships with organisationally important global and/or high value stakeholders with a tailored approach.
Leadership & Teamwork
* Supports the development of the Cybersecurity Technology teams, making sustainable decisions that protects and enhances HSBC's values, reputation and stakeholder value.
* Actively encourages a learning culture, encouraging collaboration and cross-functional working to develop and nurture teams and identify talent.
* Authentically engages a diverse group of stakeholders internally and externally to influence the achievement of best outcomes for all stakeholders.
* Builds rapport and mutual understanding to communicate and create opportunities for cross-business and/or international working, encouraging debate and open discussion. Encourages people to build sustainable relationships beyond transactional levels and use empathy and insight to build better understanding of mutual benefits.
* Advanced coach / mentor contributes to the establishment of good coaching and mentoring practices. Demonstrates alternative techniques for diagnosing and coaching individuals and teams.
Operational Effectiveness & Control
* Governs risk responsibly. Promotes ethical management of risk across regions and business areas within their area of responsibility.
* Communicates changes in policy and governance effectively, reinforcing risk processes within their area of responsibility.
* Builds and sustains a risk aware culture. Shows integrity whilst promoting and managing relevant monitoring and reporting requirements within their area of responsibility.
* Embeds efficient risk and compliance processes and procedures into business as usual practices.
* Builds collaborative relationships, defines and articulates to stakeholders the targeted benefits for a change intervention.
* Demonstrates effective financial skills to develop a detailed business case, including investments, detailed benefits (financial, non-financial and strategic) and link to overall finances of the business.
* Identifies and highlights financial implications of risks/issues, involves stakeholders and supports management of budget variation as appropriate.
Management of Risk
* The jobholder will ensure the fair treatment (service excellence) of our customers is at the heart of everything we do, both personally and as an organisation.
* The jobholder will also continually reassess the IT Security and operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.
* This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring. Also by addressing any areas of concern in conjunction with entity management and/or the appropriate department
Observation of Internal Controls
* Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.
* The jobholder will also adhere to and be able to demonstrate adherence to internal controls. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by driving the timely implementation of internal and external audit points, including issues raised by external regulators, and internally identified IT security risks.
* The jobholder will implement the group compliance policy by containing compliance risk in liaison with Global Head of Compliance, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term 'compliance' embraces all relevant financial services laws, rules and codes with which the business has to comply.
* This will be achieved by adhering to all relevant processes/procedures and by liaising with compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources
* Relationships - Key relationships include other Cybersecurity Service Lines, ITID, ADM and HOST and extends to peers across regions, other GB/GF and Security Function heads and generally up to 2 level higher in the organisation, as well audit, regulators and key government agencies and security forums. Will also include external relationships with vendors, acting as a subject matter expert.
* Regulatory & Risk Management - Working closely with Cybersecurity Functions and peers across the HOST function to deliver sustainable results, build strong relationships with internal and external stakeholders (risk, audit, government agencies, industry forums etc.) to understand the IT/Information Security risk profile, monitor compliance with policies and standards and identify and address any regional or country specific requirements.
* Strategic input - Providing influence and input to ensure alignment between Cybersecurity and GB/GF strategic outcomes and business goals. Uses extensive technical knowledge and experience to solve complex problems and propose implementable solutions, to deliver ongoing improvements in line with business strategy.
* Technology - The role holder will have exceptional knowledge of their technical environment and will have significant influence in setting the way forward in the types of technology they utilise. Forward thinking, making the right decisions based on strategy.
Expected Technical Skills
* Programming Skills (Python, Bash)
* Ability to interact with RESTful APIs and perform CRUD operations
* Networking skills (TCP/IP, Subnetting, Firewalls, etc)
* Experience with Test Driven Development (TDD)
* System Admin skills (Configuring / managing servers, mainly in Linux)
* Debugging skills (Stack traces, log files, and other system outputs)
* Any flavor SQL (MySQL, DB2, Oracle, etc)
* Automation and Orchestration driven mindset
* Excellent verbal and written communication skills
* Ability to work in and define a fast pace and team focused environment
* Proven record of delivering and completing assigned projects and initiatives
* Mentoring junior engineers
* Ability to deploy large scale solutions to an enterprise estate
* Coordination with support, operational, and customers to create product in line with goals
* Be comfortable working in an enterprise environment
Nice to Have Skills
* Familiarity with Tenable.io / Nessus / Security Center (or similar Vulnerability Scanning products)
* Configure and use a cloud environment for development on the major platforms (AWS, GCP, and Azure)
* Vulnerability Scanning / Pen Testing / Red or Blue Teaming Background
* Vulnerability Consolidation (Kenna, InsightVM, MetricStream, Archer, NetSpi Resolve, other)
* SAST / DAST (Fortify, IBM AppScan, etc)
* Governance, Risk & Compliance experience
* Patch Management
* Endpoint Security
* Machine Learning / Artificial Intelligence
Industry Experience and Qualifications
* Candidates will be evaluated primarily upon their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in this role are as follows:
* 5 years of Python development experience, preferably in a team setting.
* 10 years working in Software Development or equivalent role
* Formal education and advanced degree in Information Security, Cybersecurity, Computer Science or similar and/or commensurate demonstrated work experience in the same.