Penetration Tester Expert

As a seasoned Penetration Tester at HSBC Technology Poland, you will leverage your expertise in penetration testing to support our Cyber Security efforts.

This is an exceptional opportunity to operate as part of a global/regional team within our Cybersecurity organization, providing subject matter expertise and assurance around security process, controls, standards, and regulatory requirements.

• Perform highly technical/analytical security assessments of custom mobile applications, widely understood infrastructure and networks, web services, and APIs.
• Collaborate closely with DevOps teams to ensure that security testing requirements are met and help automate repetitive tasks.
• Develop a deep understanding of business functionality and apply testing methodology as appropriate to technologies and risks.
• Code and demonstrate basic proof-of-concept exploits of vulnerabilities when required.
• Assist with coordination of security testing projects according to a structured process, including writing test plans, test cases, and test reports.
• Evaluate product release risk and complexity and identify potential misuse scenarios through review of business requirements and design specifications.
• Assist with tracking, remediation, and risk acceptance for identified security vulnerabilities.
• Participate in planning, test execution, and vulnerability mitigation.
• Run evaluations of new security testing technologies and provide recommendations.
• Maintain awareness of security industry information sources and stay up-to-date on events, research, and developments.

• Subject matter expert in at least one penetration testing domain (e.g., infrastructure, apps, mobile).
• Minimum 5 years of prior demonstrable hands-on experience in penetration testing.
• Solid understanding of platform security models for iOS and Android platforms.
• Excellent understanding of platform-specific security risks, common vulnerabilities for mobile applications, and common risks in financial applications.
• Practical knowledge of penetration testing of widely understood infrastructure, web, and mobile technologies using manual and automated testing methods.
• Strong TCP/IP knowledge and understanding of security implications/issues.
• Proven programming/scripting skills.
• Ability to explain security functionality from first principles.
• Capacity to adapt and apply information to new scenarios and technologies.
• Strong understanding of applied use of cryptography in application development.

We offer a range of benefits and opportunities for growth and development:

• Training budget
• Private healthcare
• Flat structure
• International projects
• Multisport card
• Monthly remote work subsidy
• Psychological support
• Conferences
• PPK option
• Annual performance-based bonus
• Integration budget
• International environment
• Small teams
• Employee referral bonus
• Mentoring
• Workstation reimbursement
• Company share purchase plan
• Childcare support program
• Bike parking
• Playroom
• Shower
• Canteen
• Free coffee
• Free beverages
• Free parking
• In-house trainings
• In-house hack days
• No dress code
• Modern office
• Knowledge sharing
• Garden
• Massage chairs
• Kitchen