If you’re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.
Your career opportunity
Global Cybersecurity Operations (GCO) provides a coordinated suite of “Network Defense" services responsible for detecting and responding to information and cybersecurity threats to company assets across the globe and is under the management of the Head of Global Cybersecurity Operations. This includes dedicated functions for the monitoring and detection of threats within the global estate as well as Cybersecurity Incident Management and Response activities.
responsibilities :
Responding to alerts from across the entire global HSBC technology and information estate to quickly detect harmful behaviors and events, containing, mitigating and remediating minor incidents and in coordination with the Cybersecurity Incident Management and Response Team, effectively containing, mitigating and remediating more serious events.
Supporting cyber security incidents through to eradication and feed in to the Post Incident Review process that delivers detailed analysis on the root cause of incidents investigated and produces findings and recommendations that support control adjustments to better protect the bank.
Identifying, developing and implementing new detections (Use cases) and mitigations (Playbooks) across the security platforms.
Reviewing and approving new Use Cases and Playbooks created by Cybersecurity colleagues.
Continuously reviewing the effectiveness of analysis playbooks, processes, and tooling.
Applying structured analytical methodologies to maximise threat intelligence growth and service efficacy.
Supporting the triage of potentially malicious events to determine severity and criticality of the event.
Provide expert-level advice and technical leadership to the team, driving the continued evolution of hunting, monitoring, detection, analysis and response capabilities and processes.
Train, develop, mentor and inspire cybersecurity colleagues in area(s) of specialism.
Collaborate with the wider Cybersecurity (and IT) teams to ensure that the core, underlying technological capabilities that underpin an effective and efficient operational response to current and anticipated threats and trends remain fit for purpose.
Identify processes that can be automated and orchestrated to ensure maximum efficiency of Global Cybersecurity Operations resources.
requirements-expected :
Excellent investigative skills, insatiable curiosity and an innate drive to win. Instinctive and creative, with an ability to think like the enemy.
Strong problem-solving, trouble-shooting and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
Developed external peer network for sharing intelligence.
An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business. Self-motivated.
An understanding of organisational mission, values and goals and consistent application of this knowledge as well as highest ethical standards and values.
Experience defining and refining operational procedures, workflows and processes to support the team in consistent, quality execution of monitoring and detection.
Good understanding and knowledge of common industry cyber security frameworks, standards and methodologies, including; OWASP, ISO2700x series, CIST and NIST standards and network protocols such as TCP, UDP, DNS, DHCP, IPSEC, HTTP.
Technical expertise in analysing threat event data, evaluating malicious activity, documenting unusual files and data and identifying tactics used by attackers.
Demonstrated experience in analysis and dissection of advanced attacker tactics and of common log management suites, Security Information and Event Management (SIEM) tools,
use of “Big Data" and Cloud-based solution for the collection and real-time analysis of security information.
Knowledge of common cybersecurity technologies such as; IDS / IPS / HIPS, Advanced Anti-malware prevention and analysis, Firewalls, Proxies, MSS, etc. and experience with operating systems and platforms e.g. Windows, Linux, UNIX, Oracle, Citrix, GSX Server, iOS, OSX, etc.
Functional knowledge and technical experience of 3rd party cloud computing platforms such as AWS, Azure and Google.
Basic knowledge of common cybersecurity incident response and forensic investigation tools such as: EnCase, FTK, Sleuthkit, Kali Linux, IDA Pro, etc.
offered :
Competitive salary
Annual performance-based bonus
Additional bonuses for recognition awards
Multisport card
Private medical care
Life insurance
One-time reimbursement of home office set-up (up to 800 PLN)
Corporate parties & events
CSR initiatives
Nursery discounts
Financial support with trainings and education
Social fund
Flexible working hours
Free parking (Cracow office)
benefits :
sharing the costs of sports activities
private medical care
sharing the costs of professional training & courses
