IOS and Android Malware Specialist/Associate Director, Software Engineering

Some careers shine brighter than others.

If you’re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.

We are currently seeking an experienced professional to join our team in the role of an Associate Director, Software Engineering

In this role, you will

• Perform analysis of mobile malware (both static and dynamic) to identify TTP and IoC.Guide on protection against mobile malware attack. Guide on protection against cyber and fraud attack against mobile applications
• Regularly gather threat intelligence and monitor threat landscape in mobile area.Work closely with vendors, platform teams and subject matter experts (SME’s) where necessary in order to drive out control decisions, statements and exceptions.
• Take the lead on solving security challenges and issues where the problem scenario is not covered by a pattern, standard or existing strategy. Surface strategic and architectural decisions through the approved governance or oversight channels as defined by the bank’s operating model.
• Where embedded within a project, act as a primary resource ensuring commitment to attend all appropriate calls and meetings in order to provide the level of support required.
• Act as the first point of contact for IT Security questions and queries. Identify security risks as they arise, communicate it as appropriate and ensure relevant stakeholders are involved for the adequate mitigation or remediation.
• Provide guidance to the teams and stakeholders of IT Security by referring to policies and standards.
• Educate teams in terms of security best practices.Identify, engage and establish relationships with key stakeholders.
• Assess Dev team IT Security profile, controls, and level of engagement

To be successful in this role, you should meet the following requirements:

• Mobile Malware (both Android and iOS) analysis experience. Experience in mapping attack vectors with mitigation control in mobile (iOS and Android) through coding, config,  RASP or any other means. Thorough knowledge of iOS and android security architecture model for different versions of releases

• Experience is explaining the working mechanism of malwares and its related risks to technical and non-technical audiences in clear and simplified way. Proficient in analysing malware (android/iOS) lifecycle and its Modus Operandi. Ability to extract IOC (Indicator of Compromise) of a malware

• Ability to perform static and dynamic analysis of mobile binaries to identify possible malicious activities.Ability to perform reverse engineering of malware including cases when the malware employs anti-debugging, anti- disassembly and other similar anti-detection or evasion mechanism
• Ability to set up own sandbox environment with all relevant tools to perform malware analysis. Ability to recreate attack scenarios (even in absence of malware binaries) to test the effectiveness of implemented controls
• Ability to create clear and concise malware report including evidence. Experience in identifying both file based and fileless malware and their MO analysis
• Experience with creating and testing of AI based attack like Deepfake and their mitigating controls.Experience in mobile malware threat intelligence gathering .Strong understanding of malware industry trends. Strong understanding of the security threat landscape, awareness of major historical and recent vulnerabilities, awareness of security industry responses to significant threats.
• Strong understanding on how to protect mobile app against zero day attacks. Good command on any programming language to write novel hooking scripts.Ability to interpret mobile app code written in Swift, Kotlin, Objective C, Java etc. Industry recognised Information Security and Cyber Security qualifications is an added advantage e.g. OSCP, GIAC GPEN, GIAC GMOB 
• Educated to degree level desirable but not essential 

Non-technical skills:

• Excellent communication skills are mandatory. The role demands a great deal of interaction with various global teams and clarity in thought and word is needed on a daily basis.
• Strong ability to prioritize tasks and ability to deliver a portfolio of testing assignments.
• Strong decision making skills and the ability to act independently without much direction
• Strong inter-personal and mentoring skills. A demonstrated ability of mentoring junior members in the team would be an asset.
• Strong ability to translate between business talk and technical details is a must. The role requires interaction with non-technical business staff.
• Experience with collaboration and knowledge management tools such as SharePoint, Teams, Confluence and JIRA 
• Hands on experience in working with DevOps and Agile teams following a secure software development lifecycle.

 You’ll achieve more when you join HSBC.

www.hsbc.com/careers

 HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

 Issued by – HSBC Software Development India