Senior Penetration Testing Coordinator

If you’re looking for a career where you can make a real impression, join our Global Service Center (GSC)- HSBC and discover how valued you’ll be.

We are currently seeking an experienced professional to join our team in the role of

Senior Penetration Testing Coordinator

Role purpose

The Senior Penetration Testing Coordinator is responsible for operating as part of a global/regional team within Cybersecurity to define and implement an industry-leading Cybersecurity Service that supersedes our constantly changing information security threats. This role is responsible for supporting Senior Managers in building a team and/or managing regional relationships. An Offensive Security Penetration Testing Coordinator manages and facilitates penetration testing engagements by coordinating with technical teams and stakeholders, ensuring compliance, and maintaining project documentation. Key responsibilities include gathering requirements, working closely with application owners, liaising with vendors, facilitating test environment setup, communicating findings to technical staff and leadership, tracking progress, and supporting the remediation process by retesting vulnerabilities. This role bridges the gap between the offensive security team's technical execution and the broader business objectives, ensuring effective and efficient penetration testing operations. This role is pivotal in ensuring that testing activities are well-managed, results are clearly communicated, and remediation efforts are tracked across the organization.

Main activities:

An Offensive Security Penetration Testing Coordinator manages and facilitates penetration testing engagements by coordinating with technical teams and stakeholders, ensuring compliance, and maintaining project documentation. Key responsibilities include gathering requirements, working closely with application owners, liaising with vendors, facilitating test environment setup, communicating findings to technical staff and leadership, tracking progress, and supporting the remediation process by retesting vulnerabilities.

Requirements:

Project Management: Overseeing the entire penetration testing lifecycle, from initial planning and scoping to execution and remediation. Strong organizational and project management skills to manage multiple engagements simultaneously. 

Stakeholder Management: Serving as the primary point of contact for internal teams, external vendors, and clients to ensure project goals are met.  

Vendor Coordination: Managing relationships with third-party penetration testing vendors, help in processing Statements of Work (SOWs), and ensuring deliverables meet expectations.  

Communication: Excellent written and verbal communication skills to effectively interact with diverse audiences, from technical experts to executive leadership. Effectively convey technical information to non-technical stakeholders. Presenting test results, risks, and recommendations to both technical staff and executive management in clear and concise reports and presentations.  

Problem-Solving: A resourceful and creative approach to resolving challenges that arise during the testing process. 

Technical Liaison: Collaborating with technical teams to ensure the availability of test environments and to support the remediation efforts of identified vulnerabilities.  

Compliance & Reporting: Ensuring all testing and findings adhere to internal audit requirements and external regulations and tracking key project metrics and documentation.  

Process Improvement: Contributing to the development and implementation of standardized processes, tools, and best practices to improve the efficiency and consistency of penetration testing services. Continuous learning ensures that penetration testers adapt to change. 

Tools knowledge: Proficiency in project management tools (e.g. Jira, Confluence, MS Project, or similar), SNOW, Power BI, Microsoft Excel 

Nice to have Skills & Knowledge: 

Cybersecurity Fundamentals: A solid understanding of penetration testing principles, methodologies, and common vulnerabilities. Experience working in regulated environments or with compliance frameworks (e.g. ISO 27001, NIST, etc.), any additional certifications would be an asset. 

Technical Aptitude: Familiarity with various technologies, including networks, web applications, and cloud infrastructures.  

Risk Management: The ability to understand and convey the business impact of identified security vulnerabilities.  

You’ll achieve more when you join HSBC!

At HSBC we offer our colleagues a greater number of days so that they can fully enjoy their wedding, take care of the new member of the family, or grieve the loss of a family member. Our paid leave package is at the forefront in Mexico, now you have one more reason to be HSBC and proudly live a culture of well-being, balance and care

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

***Issued by HSBC Electronic Data Processing (México) Private LTD***