sharing the costs of sports activities
(Cybersecurity) Cloud Lead Analyst
HSBC Service Delivery (Polska) Sp. z o.o.
- Kapelanka 42a, Dębniki, KrakówKraków, Lesser Poland
- offer expired 17 days ago
- contract of employment
- specialist (Mid / Regular)
- remote recruitment
- запрошуємо працівників з України
Technologies we use
About the project
The Cybersecurity Monitoring and Threat Detection Team are charged with efficiently and effectively monitoring the HSBC global technology and information estate 24x7. The team’s mission is to detect the presence of any adversary within the estate, quickly analyse the severity and scope of the issue and work with the Cybersecurity Incident Management and Response Team to contain, mitigate and remediate the incursion. In addition, the team is responsible for constantly improving its detection capability through attack analysis and ensuring that the appropriate security event information is being fed into the team and that the alerting rules are tuned for maximum effectiveness. This mission is critical to the protection of HSBC customers, the HSBC brand, shareholder value, as well as HSBC information and financial assets.
Developing, managing and maintaining intelligence and risk led threat detection capabilities across the entire global HSBC Cloud hosted technology and information estate to quickly detect and respond to harmful behaviours and events in coordination with the Cybersecurity Incident Management and Response Team, effectively containing, mitigating and remediating more serious incidents.
Identifying, developing and implementing new detections (Use cases) and mitigations (Playbooks) across the Cloud focussed security platforms and prioritising the use automation and orchestration opportunities.
Managing and owning the relationship with the HSBC Cloud platform teams to support a collaborative and effective security focussed partnership.
Reviewing and approving new Use Cases and Playbooks created by Cybersecurity colleagues.
Continuously reviewing the effectiveness of analysis playbooks, processes, and tooling.
Communicating new use cases (go-live, demise, tuning), to the cybersecurity operations teams, supporting the Cybersecurity Cloud Security Manager in ensuring all teams are prepared to take on the additional workload and have sufficient tools, training and the capability to do so effectively.
Proactively researching emerging threats and vulnerabilities to aid in the identification of cyber incidents.
Supporting the Crew Lead and Watch Commander during shift handovers, ensuring all team members are ready to manage ongoing incidents.
Performing and supporting the technical and forensic investigations into Cloud related cyber security events across the globe.
Provide expert-level advice and technical leadership to the team, driving the continued evolution of hunting, monitoring, detection, analysis and response capabilities and processes.
Train, develop, mentor and inspire cybersecurity colleagues in area(s) of specialism.
Collaborate with the wider Cybersecurity and IT teams to ensure that technological remain fit for purpose.
Promote a “self-critical” and continuous assessment and improvement culture whereby identification of weaknesses in the bank’s control plane (people, process and technology) are brought to light and addressed in an effective and timely manner.
Supporting and carrying out post-incident reviews, assessing the effectiveness of controls, detection and response capability and supporting the required improvements with the responsible owners.
Supporting a “self-critical” culture whereby identification of weaknesses in the bank’s control plane (people, process and technology) are brought to light in an effective manner and addressed.
Excellent investigative skills, insatiable curiosity and an innate drive to win.
Instinctive and creative, with an ability to think like the adversary.
Strong problem-solving and trouble-shooting skills.
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
Developed external peer network for sharing intelligence
An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.
An understanding of organisational mission, values and goals and consistent application of this knowledge.
Self-motivated and possessing of a high sense of urgency and personal integrity.
Highest ethical standards and values.
Experience defining and refining operational procedures, workflows and processes to support the team in consistent, quality execution of monitoring and detection.
Good understanding of HSBC cyber security principles, global financial services business models, regional compliance regulations and laws.
Good understanding and knowledge of common industry cyber security frameworks, standards and methodologies, including; OWASP, MITRE ATT&CK, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards.
Good communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external stakeholders.
Ability to speak, read and write in English, in addition to your local language.
Technical expertise in analysing threat event data, evaluating malicious activity, documenting unusual files and data and identifying tactics, techniques and procedures used by attackers.
Expert level knowledge and demonstrated experience in analysis and dissection of advanced attacker tactics, techniques and procedures in order to inform adjustments to the control plane.
Expert level of knowledge and demonstrated experience of common log management suites, Security Information and Event Management (SIEM) tools for the collection and real-time analysis of security information.
Expert level knowledge of one of more leading Cloud platforms including Microsoft Azure, Amazon Web Services, Google Cloud Platform and Alibaba Cloud.
Expert level knowledge of security event logging, monitoring, detection and response on one or more of the leading Cloud platforms using tools and native capabilities such as AWS GuardDuty, Azure Sentinel, Google Security Command Center and Alibaba Cloud Security Center.
Detailed knowledge and demonstrated experience of common cybersecurity technologies such as; IDS / IPS / HIPS, EDR, Advanced Anti-malware prevention and analysis, Firewalls, Proxies, WAF, etc.
Excellent knowledge and demonstrated experience of common operating systems and platforms to include Windows, Linux, UNIX, Citrix, GSX Server, iOS, OSX, etc.
Excellent knowledge of common network protocols such as TCP, UDP, DNS, DHCP, IP, HTTP, etc. and network protocol analysis suites.
Excellent knowledge and demonstrated experience in common cybersecurity incident response and forensic investigation tools such as: EnCase, BlackLight, Kali Linux, IDA Pro, etc.
Good knowledge and demonstrated experience in incident response tools, techniques and process for effective threat containment, mitigation and remediation.
Functional knowledge of scripting, programming and/or development of bespoke tooling or solutions to solve unique problems.
Experience within an enterprise scale organisation; including hands-on experience of complex data centre environments, preferably in the finance or similarly regulated sector.
Industry recognised cyber security related certifications including; CEH, EnCE, SANS GSEC, GCIH, GCIA and/or CISSP.
Cloud platform specific certifications relating to the major cloud providers.
Formal education and advanced degree in Information Security, Cybersecurity, Computer Science or similar and/or commensurate demonstrated work experience in the same.
What we offer
Stable job in professional team
Interesting path of career in an international organization
Consistent scope of responsibilities
Private health care, employees’ benefits
private medical care
sharing the costs of foreign language classes
sharing the costs of professional training & courses
remote work opportunities
flexible working time
corporate sports team
doctor’s duty hours in the office
retirement pension plan
no dress code
video games at work
coffee / tea
parking space for employees
extra social benefits
employee referral program
opportunity to obtain permits and licenses
Welcome to HSBC!
HSBC Service Delivery (Polska) Sp. z o.o.
HSBC is one of the world’s largest banking and financial services organisations. Our global businesses serve more than 40 million customers worldwide through a network that covers 64 countries and territories.
HSBC Service Delivery (Polska) Sp. z o.o. is HSBC's global finance, operations, risk and technology centre. We use our unique expertise and capabilities to provide specialised services – our people range from technologists transforming the banking experience to operations professionals managing 1.7 trillion payments a year.
Our Purpose – Opening up a world of opportunity – explains why we exist. We are bringing together the people, ideas and capital that nurture progress and growth, helping to create a better world – for our customers, our people, our investors, our communities and the planet we all share.