Job Description:
Job Description
Main Responsibilities and Key Deliverables:???????
· Provide security consultancy on specialist strategic topics
· Work closely with vendors, platform teams and subject matter experts (SME’s) where necessary in order to drive out architectural decisions, design statements and exceptions.
· Take the lead on solving security challenges and issues where the problem scenario is not covered by a patte
, standard or existing strategy.· Surface strategic and architectural decisions through the approved gove
ance or oversight channels as defined by the bank’s operating model.· Where embedded within a project, act as a primary resource ensuring commitment to attend all appropriate calls and meetings in order to provide the level of support required.
· Acts as a buffer between the speed of continuous integration and the need for strategic security and managing overall business and security risks
· Act as the first point of contact for IT Security questions and queries
· Participate in IT Security engagement activities (e.g. risk assessment and threat modelling sessions, security risk review etc.);
· Identify security risks as they arise, communicate it as appropriate and ensure relevant stakeholders are involved for the adequate mitigation or remediation
· Provide guidance to the teams and stakeholders of IT Security by referring to policies and standards
· Promote the adoption of security tooling in line with the development lifecycle and HSBC approved toolset;
· Identify and make recommendations geared at increasing teams’ velocity through self-sufficiency in terms of IT Security
· Educate teams in terms of their security capabilities
· Identify, engage and establish relationships with key stakeholders
· Assess Dev team IT Security profile, controls, and level of engagement
· Provide advice and guidance to relevant stakeholders about the IT Security engagement model improvement
Knowledge / Experience:
· Industry recognised Information Security and Cyber Security qualifications is essential e.g. CISSP, CISA, OSCP, GIAC GPEN, GIAC GMOB
· Strong understanding of security industry trends, hot topics, commercial and vendor capability awareness
· Strong understanding of the security threat landscape, awareness of major historical and recent vulnerabilities, awareness of security industry responses to significant threats
· Strong understanding of Zero Trust security including detailed knowledge of concepts, industry whitepapers and practical implementations
· Educated to degree level desirable but not essential
· Experience supporting major programmes and other project based activities
· Security Architecture or Security Solution Architecture experience
· Experience in creating, reviewing and approving security designs
· Consistently display positive leadership behaviours related to the management and mitigation of risk, including notification and escalation of any conce
s and ensuring timely action in relation to points raised by audit, 2LoD and exte
al regulators.· Experience with collaboration and knowledge management tools such as SharePoint, Teams, Confluence and JIRA
· Hands on experience in working with DevOps and Agile teams following a secure software development lifecycle. Should be able to provide hands on leadership in improving automation and incorporating security as part of the CI/CD pipeline.
· Good to have experience in application risk assessment, threat modelling
· Work closely with delivery teams to develop and monitor security risk remediation programme activities and actions to ensure delivery within acceptable timelines
Technical skillset:
· Proficient in application security review of Web, Mobile (Android and iOS), and API etc.
· Ability to assess and identify any possible vulnerabilities in technology being developed prior to implementation
· Good at application Security Testing like SAST, DAST and MAST experienced in web application, API Security, and mobile application security testing in conformance to various industry standards like OWASP top 10, SANS top 25 etc.
· Good to have knowledge on programming and scripting skills in languages like Java, JavaScript, Angular, Spring Boot, Kotlin, and Swift etc.
· Knowledge of tools like Burp Suite, Postman, SoapUI, Checkmarx, Netsparker, Nexus IQ, Kryptowire etc. to perform the security testing and analysing the scanned report
· Strong grasp of application security tooling, and experience of driving automation within the delivery environment
Non-technical skills:
· Excellent communication skills are mandatory. The role demands a great deal of interaction with various global teams and clarity in thought and word is needed on a daily basis.
· Strong ability to prioritize tasks and ability to deliver a portfolio of testing assignments.
· Strong decision making skills and the ability to act independently without much direction
· Strong inter-personal and mentoring skills. A demonstrated ability of mentoring junior members in the team would be an asset.
· Strong ability to translate between business talk and technical details is a must. The role requires interaction with non-technical business staff.
Purview is a leading Digital Cloud & Data Engineering company headquartered in Edinburgh, United Kingdom having a presence in 14 countries India (Hyderabad, Bangalore, Chennai and Pune), Poland, Germany, Finland, Netherlands, Ireland, USA, UAE, Oman, Singapore, Hong Kong, Malaysia and Australia.
We have a strong presence in UK, Europe and APEC, providing services to Captive Clients (HSBC, NatWest, Northern Trust, IDFC First Bank, Nordia Bank etc) in fully managed solutions and co-managed capacity models. Also, we support various top IT tier 1 organisations (Capgemini, Deloitte, Wipro, Virtusa, L&T, CoForge, TechM and more) to deliver solutions and workforce/resources.
Company Info:
3rd Floor, Sonthalia Mind Space
Near Westin Hotel, Gafoor Nagar
Hitechcity, Hyderabad
Phone: +91 40 48549120 / +91 8790177967
Gyleview House, 3 Redheughs Rigg,
South Gyle, Edinburgh, EH12 9DQ.
Phone: +44 7590230910