北京招聘

Role Title: Cyber Security Specialist

Description

As a Cyber Security specialist, you will be part of our Agile cross functional teams, as an embedded Security expert. Within the team you will play a critical role, introducing and promoting Security best practise right from the software design phase.

We are committed to an environment of Continuous Deployment and Integration and our Cyber Security specialists identify and challenge security risks and issues throughout the process. The right candidate will have a proven background in IT security within modern Agile cloud based architecture and development environments.

The successful candidate will be a critical link between the IT Security and DevOps team, closely managing the rate of deployment against strategic security and business risks. You will be providing expertise and undertaking risk assessments on numerous sprints/projects, prioritising and managing multiple projects at any one time. You will work with the wider IT security team and engage their knowledge where appropriate.

Key Accountabilities

· Provide guidance and help to IT delivery teams in regards to security solutions to enable faster delivery of IT Systems

· Collaborating with IT development teams and other HSBC teams working closely in a DevOps and agile development process. Support the Secure SDLC ensuring developers are coding in-line with security standards, practices and industry best-practice

· Interface between the development teams and relevant IT Security teams

· Integrate into the development process, attending scrums and owning security use cases and stories

· Advise appropriate teams (IT Security/IT Risk) on residual risk on completion of projects

· Supporting initial risk assessment process and providing consultancy and guidance

· Responsible for undertaking application security risk assessments as part of development projects. This entails using a threat modeling methodology to identify threats which could affect the Confidentiality, Integrity and Availability of the data and components in scope.

· Own driving the remediation of security issues (defects), or supporting other risk treatment methods as needed (e.g. risk acceptance)

· Providing support for automated application security tooling working with IT Security as necessary

· Work as a Global team and collaborate with IT Security colleagues in other regions when undertaking security risk assessments to share knowledge and working practices

· Challenge and create new ways to meet security controls which are more effective in dev ops and agile working.

· Interpret and advise on the results from security testing to both technical and non-technical audiences

· Delivering the right customer outcomes for the product/service provided related to

o Succesful/Failed/frequency of releases

o Shortest possible time from Idea to Live

o Number of incidences caused by Change and the mean time to recover from incidents,

· Providing support and expertise across multiple DevOps teams

· Maintain Platform stability

· Ensure defects in Dev are minimal and controlled

· Overseeing effectiveness of controls to ensure compliance with HSBC Information Security policies and standards.

Qualifications and experience

· Strong experience within IT and in particular proven IT Security and/or IT audit or controls experience

· Experience working in a DevOps or Agile environment

· Experience of IT architecture and how it fits together to deliver an enterprise IT System.

· Role relevant qualifications, i.e. professional certifications in Information Security (CRISC, CISSP, CISA) is desirable but not essential

· Strong grasp of tooling, driving automation within the environment

· Strong interpersonal skills and ability to build and maintain relationships

· Good communication skills, self-motivated and adaptive to change

· Monitor complex dependencies and respond accordingly to ensure on-going delivery in line with customers goals.

华钦科技集团公司
华钦科技（纳斯达克股票代码：CLPS）成立于2005年，总部位于中国香港，是一家专注于银行、保险和金融领域的全球领先的信息技术（“IT”）咨询和解决方案服务提供商。
十多年来，华钦科技已将服务网络扩展至全球金融行业的客户，包括来自美国、欧洲、澳大利亚和中国香港的大型金融机构及其设在中国大陆的IT中心。华钦科技目前拥有技术人才超三千名，有19所交付和研发中心来服务于不同地区的客户，中国大陆的交付和研发中心位于上海、北京、大连、天津、保定、西安、成都、广州、深圳、杭州和海南，国际交付和研发中心分别位于中国香港、美国、英国、日本、新加坡、马来西亚、澳大利亚和印度。
华钦科技将现场支持咨询与可扩展的离岸服务相结合，以低成本的方式快速满足客户的需求，同时保留了业务灵活性，通过提供一站式金融解决方案，满足客户对于人才创造和发展的需求，打造出独特的市场优势。
华钦科技为客户提供全方位的金融技术服务和解决方案，在信用卡、银行核心系统、网上银行等金融科技领域的经验尤为丰富，所拥有的信用卡产品（Vision Plus）技术团队、IBM大型机技术培训及实施团队在国内同行中是最具规模的团队之一。
华钦科技通过ISO9001（金融业软件开发和设计）、ISO14001、ISO27001、CMMI 5认证，获“双软”企业、高新技术企业、科技小巨人培育企业、上海市服务外包重点企业、上海服务外包人才实训基地等认证。
华钦科技秉承“以人为本、坦诚勤奋、认真负责”的团队精神，尤为重视IT人才的发掘和培养。公司实施成熟的培训计划，包括技术领域、管理领域、英文口语、职业规划等方面培训课程，帮助员工快速融入到项目中，在实际项目中也不间断提供给员工出国学习和国外项目实施的机会，提升员工自身能力，增加公司竞争力。

CLPS Incorporation
Headquartered in Hong Kong SAR, CLPS is a NASDAQ-listed (Nasdaq: CLPS) and global information technology, consulting and solutions service provider focused on delivering services to global institutions in banking, insurance and the financial sectors, both in China and globally.
For more than ten years as an IT, business know-how and talent solutions provider for such clients, CLPS has expanded its service network to clients in the global financial industry, including large financial institutions from the US, Europe, Australia and Hong Kong and their PRC-based IT centers. We have more than 3,000 employees and maintain 19 delivery and R&D centers, of which eleven are located in mainland China and eight globally, to serve different customers in various geographic locations.
By combining onsite and onshore support and consulting with scalable and high-efficiency offsite and offshore services and processing, we are able to meet client demands in a cost-effective manner while retaining significant operational flexibility. CLPS has created and developed a particular market niche by providing turn-key financial solutions as well as supplying its clients’ needs for talent creation and development.
CLPS is dedicated to providing a full range of services and solutions across technology needs in finance. In recent years, we have both one of the largest IBM mainframe teams, and the largest VisionPLUS team in China, providing both development and implementation of core banking, credit card, online and e-commerce systems, as well as expertise across technology stacks.
We are ISO9001, ISO14001, ISO27001 and CMMI 5 certified, and have been granted certificates of recognition by the Shanghai government, including Enterprise Software Certification, High-tech Enterprise, Little Giant Company for Science and Technology and Professional Talent Development Training Camp.
We strive to foster a spirit of openness, diligence, sense of responsibility and a people-oriented attitude. Our growth is created by our people, creating a win not just for clients, but a win-win for clients and us all, through training and opportunities for development at every stage in our staffs’ career - new and deeper insight to technologies, business, management, language, university cooperation, certification and international opportunities.