Perform highly technical/analytical security assessments of custom mobile applications, widely understood infrastructure and networks, web services and APIs. This covers manual penetration testing, source code and configuration review.
Clearly and professionally document root cause and risk analysis of all findings
Should know how to jailbreak and bypass root detection and use tools like, MobSf, JDGUI, Kali Linux, GenY Motion, Frida, etc.
Adhere to the security testing process and raise any gaps or opportunities for improvement with manager.
Work closely with the DevOps teams to ensure that the security testing requirements are met and help automate repetitive tasks.
Develop understanding of business functionality and apply testing methodology as appropriate to technologies and risks.
Code and demonstrate basic proof-of-concept exploits of vulnerabilities when required.
Assist with coordination of security testing projects according to a structured process, including writing test plans, test cases and test reports.
Advise on vulnerability remediation, control implementation and secure development practices.
Assess product release risk and complexity and identify potential misuse scenarios through review of business requirements and design specifications.
Assist with tracking, remediation, and risk acceptance for identified security vulnerabilities.
Assist in planning, test execution and vulnerability mitigation.
Assist in security incident response activities.
Run evaluations of new security testing technologies and provide recommendations.
Monitor security industry information sources and keep abreast of events, research, and developments.
Identify opportunities to improve our processes, quality of the work and efficiencies.
Minimum 12+ years of experience in IT.
Maintain a wide breadth of penetration testing and/or leadership management skills to a significant degree of depth.
Understand the business context/significance of technical penetration testing findings.
Consistently output superior quality of deliverables.
Poses an entrepreneurial attitude to excel in loosely defined scenarios.
Ability to work independently or lead any size team of penetration testers.
Superior time management skills and self-discipline.
Be subject matter expert in at least 2 of penetration testing domains (i.e. infrastructure/apps/mobile).
Demonstrated ability to solve complex technical problems.
At least 5 years of prior demonstrable hands-on experience in penetration testing.
Solid understanding of the platform security models for iOS and Android platforms.
Excellent understanding of platform-specific security risks, common vulnerabilities for mobile applications, common risks in financial applications.
Practical knowledge of penetration testing of widely understood infrastructure, web and mobile technologies, using manual and automated testing methods.
Excellent TCP/IP knowledge and understanding of security implications/issues.
Strong web application testing experience.
Proven programming/scripting skills.
Ability to explain security functionality from first principles.
Ability to adapt and apply information to new scenarios and technologies.
Strong understanding of applied use of cryptography in application development.
HSBCAL/GZ*
About HSBC Technology China