About-project : Operating within the Cybersecurity Global Defence function and under the management of the Global Head of Cybersecurity Operations, the Global Cybersecurity Operations (GCO) team provides a coordinated suite of “Network Defence” related services and are responsible for the detection and response to information and cybersecurity threats across the global HSBC assets and estate. Critical to the success of GCO are its close partnerships with other Cybersecurity Global Defence teams including Cybersecurity Engineering, Service Reliability Engineering, Cyber Intelligence & Threat Analysis teams and the wider HSBC businesses and functions. The overall GCO mission is placed under the purview of the Cybersecurity Chief Technology Officer / Head of Cybersecurity Global Defence. Lead Cloud Security Analysts report into the Cloud Security Manager / Crew Lead and are responsible for leading the identification, analysis, and response to cyber security incidents within HSBC, using the latest technologies to detect, analyse and respond. responsibilities : Develop, manage, and maintain intelligence and risk led threat detection capabilities across the entire global HSBC Cloud hosted technology and information estate to quickly detect and respond to harmful behaviours and events in coordination with the Cybersecurity Incident Management and Response Team, effectively containing, mitigating, and remediating more serious incidents. Identify, develop, and implement new detections (Use cases) and mitigations (Playbooks) across the Cloud focussed security platforms and prioritising the use automation and orchestration opportunities. Review and approve new Use Cases and Playbooks created by Cybersecurity colleagues. Proactively research emerging threats and vulnerabilities to aid in the identification of cyber incidents. Perform and support the technical and forensic investigations into Cloud related cyber security events across the globe. Provide expert-level advice and technical leadership to the team, driving the continued evolution of hunting, monitoring, detection, analysis and response capabilities and processes. Train, develop, mentor, and inspire cybersecurity colleagues in area(s) of specialism. requirements-expected : 5+ years of experience in cyber security senior analyst role or similar within an enterprise scale organisation; including hands-on experience of complex data centre environments, preferably in the finance or similarly regulated sector. Formal education and advanced degree in Information Security, Cybersecurity, Computer Science or similar and/or commensurate demonstrated work experience in the same. Cloud platform specific certifications relating to the major cloud providers. Industry recognised cyber security related certifications (including CEH, En CE, SANS GSEC, GCIH, GCIA and/or CISSP) are nice to have. Excellent investigative skills, insatiable curiosity, and an innate drive to win. Instinctive and creative, with an ability to think like the adversary. Experience defining and refining operational procedures, workflows, and processes to support the team in consistent, quality execution of monitoring and detection. Good understanding and knowledge of common industry cyber security frameworks, standards, and methodologies, including OWASP, MITRE ATT&CK, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards. Intermediate level knowledge and demonstrated experience in analysis and dissection of advanced attacker tactics, techniques, and procedures to inform adjustments to the control plane. Intermediate level of knowledge and demonstrated experience of common log management suites, Security Information and Event Management (SIEM) tools for the collection and real-time analysis of security information. Intermediate level knowledge of one of more leading Cloud platforms including Microsoft Azure, Amazon Web Services, Google Cloud Platform and Alibaba Cloud. Intermediate level knowledge of security event logging, monitoring, detection, and response on one or more of the leading Cloud platforms using tools and native capabilities such as AWS Guard Duty, Azure Sentinel, Google Security Command Center and Alibaba Cloud Security Center. Detailed knowledge and demonstrated experience of common cybersecurity technologies such as IDS / IPS / HIPS, EDR, Advanced Anti-malware prevention and analysis, Firewalls, Proxies, WAF, etc. Excellent knowledge and demonstrated experience of common operating systems and platforms to include Windows, Linux, UNIX, Citrix, GSX Server, i OS, OSX, etc. Excellent knowledge of common network protocols such as TCP, UDP, DNS, DHCP, IP, HTTP, etc. and network protocol analysis suites. Good knowledge and demonstrated experience in common cybersecurity incident response and forensic investigation tools such as: En Case, Black Light, Kali Linux, IDA Pro, etc. Good knowledge and demonstrated experience in incident response tools, techniques and process for effective threat containment, mitigation, and remediation. Functional knowledge of scripting, programming and/or development of bespoke tooling or solutions to solve unique problems. offered : Competitive salary Annual performance-based bonus Additional bonuses for recognition awards Multisport card Private medical care Life insurance One-time reimbursement of home office set-up (up to 800 PLN) Corporate parties & events CSR initiatives Nursery discounts Financial support with trainings and education Social fund Flexible working hours Free parking (Cracow office) benefits : sharing the costs of sports activities private medical care sharing the costs of professional training & courses life insurance remote work opportunities flexible working time integration events corporate sports team doctor’s duty hours in the office retirement pension plan corporate library no dress code coffee / tea parking space for employees leisure zone extra social benefits employee referral program opportunity to obtain permits and licenses charity initiatives family picnics extra leave In-office gym