HSBC Service Delivery (Polska) Sp. z o.o.

HSBC Service Delivery (Polska) Sp. z o.o.

(Cybersecurity) Cybersecurity Senior Security Researcher

Offer parameters
Kraków, Lesser Poland (Poland)
Kapelanka 42a
Набір відкритий для українців
Recruitment open to Ukrainians

Technologies we use



Operating system


About the project

In a rapidly changing technology landscape, security research and offensive security are important components in positioning HSBC to better protect itself and to manage risk more effectively. This is accomplished by analysing the most critical areas across the bank, simulating real-world attacks, performing regular penetration testing and innovating approaches to find vulnerabilities, that can materially drive a more thorough understanding of cybersecurity attacks and a proactive approach to enhance the security posture of the bank.
The role holder will be responsible for leading, managing and delivering CROS security research projects, on a wide range of technologies to ensure that HSBC is well positioned against a variety of Cybersecurity related advanced attack scenarios.

Your responsibilities

  • Deliver security research projects focused on HSBC critical services and projects to ensure that design, quality and implementation of controls do not expose the bank to a significant level of risk.
  • Achieve excellence by driving performance, compliance and security.
  • Identifying previously unknown vulnerabilities and new attack techniques.
  • Develop tools and automation of processes to enhance security assessment.
  • Work with key stakeholders to proactively drive the reduction in Cybersecurity risks and to improve the security risk posture of HSBC within the business risk appetite.
  • Provide subject matter expertise and guidance to a broad range of stakeholders across global business and functions.
  • Engage with relevant programmes that are critical to the bank.
  • Understand the financial services industry security and threat landscape.
  • Engage with a diverse set of stakeholders in order to achieve CROS objectives, including Business and Functions, Cybersecurity leads, Head of Cybersecurity functions and Control Owners.
  • Engage with specialist technology functions such as, Cybersecurity Technology, Cybersecurity Operations and Security Architecture.
  • Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.
  • The jobholder will also adhere to and be able to demonstrate adherence to internal controls. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by driving the timely implementation of internal and external audit points, including issues raised by external regulators, and internally identified Cybersecurity risks.
  • The jobholder will implement the group compliance policy by containing compliance risk in liaison with Global Head of Compliance, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term ‘compliance’ embraces all relevant financial services laws, rules and codes with which the business has to comply.
  • This will be achieved by adhering to all relevant processes/procedures and by liaising with compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources.
  • The jobholder will ensure the fair treatment (service excellence) of our customers is at the heart of everything we do, both personally and as an organisation.
  • The jobholder will also continually reassess the Cybersecurity and operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.
  • This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring. Also by addressing any areas of concern in conjunction with entity management and/or the appropriate department.

Our requirements

  • Education to degree level or above (Desirable) or relevant work experience
  • 0-day discovery and vulnerability disclosure
  • Exploit development
  • Mobile security
  • System architecture
  • Software development
  • Source code review
  • Hardware hacking
  • Wireless technology
  • Reverse Engineering
  • Penetration testing
  • English - Fluent written and spoken
  • Proven written and verbal communication skills
  • Ability to develop clear business impact and justification to drive investment in team capabilities
  • Demonstrable experience in vulnerability identification and exploitation.
  • Participation in the Cyber Security industry.
  • Demonstrated experience in network security.
  • Demonstrated experience in embedded systems & hardware hacking.
  • Understanding of analysis of mobile technologies.
  • Understanding of analysis of common operating system, such as Linux, Windows, Google Android and iOS.
  • Demonstrated experience in third party vulnerability disclosure.
  • Demonstrated experience in software development.
  • Demonstrable experience in tooling, automation and prototyping.
  • Demonstrated experience in source code review.
  • Demonstrated experience in penetration testing.
  • Demonstrated experience in black box software security review techniques, including ‘fuzzing’ and reverse engineering.

What we offer

  • Stable job in professional team,
  • Interesting path of career in an international organization,
  • Consistent scope of responsibilities,
  • Private health care, employees’ benefits.


  • sharing the costs of sports activities
  • private medical care
  • sharing the costs of foreign language classes
  • sharing the costs of professional training & courses
  • life insurance
  • remote work opportunities
  • flexible working time
  • integration events
  • corporate sports team
  • doctor’s duty hours in the office
  • retirement pension plan
  • corporate library
  • no dress code
  • video games at work
  • coffee / tea
  • parking space for employees
  • leisure zone
  • extra social benefits
  • employee referral program
  • opportunity to obtain permits and licenses
  • charity initiatives
  • family picnics
  • extra leave

Recruitment stages

  • 1.
    Phone interview
  • 2.
    Online assessment
  • 3.
    Zoom interview
  • 4.
    Welcome to HSBC!

HSBC Service Delivery (Polska) Sp. z o.o.

HSBC is one of the world’s largest banking and financial services organisations. Our global businesses serve more than 40 million customers worldwide through a network that covers 63 countries and territories.
HSBC Service Delivery (Polska) Sp. z o.o. is HSBC's global finance, operations, risk and technology centre. We use our unique expertise and capabilities to provide specialised services – our people range from technologists transforming the banking experience to operations professionals managing 1.7 trillion payments a year.
Our Purpose – Opening up a world of opportunity – explains why we exist. We are bringing together the people, ideas and capital that nurture progress and growth, helping to create a better world – for our customers, our people, our investors, our communities and the planet we all share.

This is how we work

I apply to:
HSBC Service Delivery (Polska) Sp. z o.o.
HSBC Service Delivery (Polska) Sp. z o.o.
Kraków, Lesser Poland (Poland)

Need more information?

You can ask the recruiter a casual question. You will receive a reply within three business days.

Check first if the answer to your question is not already in the body of the offer.
An employer may not respond to your question, particularly if there are less than 3 business days remaining before the offer ends.