Principal SME Web Application Security Protection @ HSBC Technology Poland

Kraków

Nazwa pozycji Principal SME Web Application Security Protection @ HSBC Technology Poland

Lokalizacja Kraków, Kraków, Lesser Poland Voivodeship, Polska

Firma HSBC Technology Poland

Dodano 21. 10. 2025

Informacje o stanowisku

Some careers shine brighter than others.

If you’re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

Your career opportunity

The Cloud DevOps engineers will work within an agile team of Engineers and Operations personnel building highly resilient, scalable and performant AWS infrastructure in an automated and efficient manner. The engineers will work alongside the Application DevOps teams and cross-functional IT teams. The engineers will be required to use their initiative to innovate to achieve maximum performance and be prepared to investigate and use new products/services offered by AWS.

What you need to have to succeed in this role

Candidate MUST have experience in working in at least one Cloud Provider and have experience working with CSP native WAF solutions or equivalent - Akamai in use of WAF Rules and DDoS protection.
Candidate will have experience working at scale in the use at least one CSP native WAF solutions or equivalent - Akamai WAF and DDoS protection solutions.
Candidate SHALL be able to demonstrate use of WAF and the applying of common rule sets within their organisation. Candidate SHALL will have experience working in central functioning role and be able to demonstrate effectiveness in working cross an organisation in applying common security baseline configuration for protection of services.
Candidate SHALL have experience in producing guidance, procedural and process documentation for consumption by multiple teams on WAF or equivalent Security Configuration for protection of services.
Candidate should be familiar key Industry and OpenSource standards for WAF. Candidate MUST have basic level Web Security understanding and be able to guide Web Application / UI Developers on security aspects relating to non-compliance to Security baseline configuration.
Candidate SHALL be able demonstrate experience in responding and handling adequately of Cyber-attacks (Layer 7 / DDoS attacks). Candidate SHALL have direct experience in Monitoring and Alerting of attacks in at least one CSP - AWS, Azure, GCP or equivalent
Candidate SHAL have strong understanding of Web Applications / HTML / JS sufficient enough to demonstrate they are capable in reviewing of signatures and identification of false positives. Candidate MUST be able to demonstrate an affective ability working with multiple functions of the business in the defining of processes, procedures and in the responding to security incidents.
Candidate will have expected to upskill where required of the role on CSP Native technologies, where maybe required during an incident to respond rapidly in analysing of attack signatures in near-Realtime and performing appropriate mitigation actions. Candidate shall have one or more CSP basic certifications - AWS, GCP or Azure. Candidate SHOULD have experience working with Logging solutions such as Splunk in the filtering and alerting of issues.

Some careers shine brighter than others.

Your career opportunity

,[Support to coordinating migration of teams to WAF Central Rules in block mode for example. Development and realisation of new processes for new Operating Models. , Overseeing development and integration of central capabilities (Central SOC/SIEM) alerting and incident response etc. , Working with CSP Architecture and Core engineering DevOps Leads on enabling of WAF Rules on Internal facing services. Working with central ESP team to capture and define central security baseline rules / signatures. Working with application teams / support to migration of their services to new Central CSP Managed., Uses their networking and network security experience and knowledge to review Business and IT projects and provide advice and guidance, ensuring network security control requirements are satisfied., Identifies and drives opportunities to improve network security posture based on an understanding of current control and technology environment., Expert understanding of network security threats and risks, able to identify areas of network security risk and propose solutions., Excellent communication and interpersonal skills, with experience interacting with technical leaders and various layers of management considered a plus., Able to analyse network and cybersecurity data (e.g. system logs) to support decision making and evidence control effectiveness. Ability to build connections and work collaboratively across boundaries. Willingness to continuously learn and share learnings with others. Ability to coach and guide more junior team members as needed. Requirements: Cloud, CSP, WAF, Security, Web security, UI, AWS, Azure, GCP, Web applications, JavaScript, Splunk Additionally: Training budget, Private healthcare, Flat structure, International projects, Multisport card, Monthly remote work subsidy, Psychological support, Conferences, PPK option, Annual performance based bonus, Integration budget, International environment, Small teams, Employee referral bonus, Mentoring, Workstation reimbursement, Company share purchase plan, Childcare support programme, Bike parking, Playroom, Shower, Canteen, Free coffee, Free beverages, Free parking, In-house trainings, In-house hack days, No dress code, Modern office, Knowledge sharing, Garden, Massage chairs, Kitchen.

Praca Kraków

Technolog Kraków

Technolog żywności Kraków

Chief security officer Kraków