HSBC Service Delivery (Polska) Sp. z o.o. is a part of HSBC Holdings plc, the parent company of the HSBC Group, headquartered in London. The Group serves customers worldwide from over 6,300 offices in over 75 countries and territories in Europe, Asia, North and Latin America, and the Middle East and North Africa. HSBC is one of the world’s largest banking and financial services organisations. Currently, we are looking for a candidate for the position of:
Cyber Intelligence Lead Analyst
Ref No: HTK/Cybersecurity/CILA/06/2018
Global Cybersecurity Operations (GCO) provides a coordinated suite of “Network Defence” services responsible for detecting and responding to information and cybersecurity threats to HSBC assets across the globe and is under the management of the Head of Global Cybersecurity Operations. This includes dedicated functions for the Monitoring and Detection of threats within the global estate as well as Cybersecurity Incident Management and Response activities. These two principal functions are supported by additional internal GCO capabilities in; Cyber Intelligence and Threat Analysis, Security Sciences and Client Engagement and Support Services. Critical to the success of GCO is it close partnership with sister Cybersecurity teams, IT Infrastructure Delivery and Global Business and Function clients. The overall GCO mission is placed under the purview of the Group Chief Information Security Officer (CISO).
The Cybersecurity Intelligence and Threat Analysis Team is charged with maintaining a clear and constant view of the cyber threat landscape across industry verticals and government to ensure key stakeholders across the Group are informed of any shifts in the landscape. In addition, the team is responsible for the proactive and detailed analysis of threats identified through landscape reporting as well as internally developed capabilities and instrumentation in order to proactively enhance “Network Defence” capabilities. This mission is critical to the protection of HSBC customers, the HSBC brand, shareholder value as well as HSBC information and financial assets.
- Monitoring the global cyber threat landscape through; open source channels, vendor feeds, participation in industry/government information sharing organizations/platforms and cultivated personal relationships.
- Supporting the development and implementation of mitigation strategies to prevent the potential materialization of the threat.
- Identification of processes that can be automated and orchestrated to ensure maximum efficiency of collection and dissemination of consolidated threat intelligence feeds to internal stakeholders and external partners.
- Supporting the maintenance of a global capability for collection that takes into account market and business requirements and fully leverages the HSBC global footprint around location, culture, language and proximity to high value partners.
- Supporting the establishment of HSBC as a valued contributor to information sharing efforts across the industry that helps to drive a positive image of the bank with our peers and regulators in the markets we serve.
- Supporting the establishment of HSBC as a leader in information security through, collaborative analysis and contributions across multiple sectors in industry, academia and government.
- Supporting the development of internal HSBC capabilities, leveraging the global HSBC footprint that enables the team to fully understand the latest tactics, techniques and procedures of advanced adversaries through direct observation and manipulation.
- Participation in and support of external offensive engagements with industry partners, law enforcement and the wider security community, that projects HSBC expertise in protecting the bank and its customers against systemic threats.
- Developing processes and engaging in active cyber defense to move HSBC beyond a reactive posture to a proactive posture against cyber threats.
- Supporting a “self-critical” culture whereby identification of weaknesses in the bank’s control plane (people, process and technology) are brought to light in an effective manner and addressed.
- Supporting a culture of individual self-improvement, whereby staff are expected to maintain subject matter expertise within their area of focus and within the realm of cybersecurity more broadly.
- Supporting engagement of Global Businesses and Functions everywhere HSBC does business, that drives a global up-lift in cybersecurity awareness, helping to “tell the story” of HSBC Cybersecurity efforts.
- Supporting the provision of advice to HSBC leadership on the latest trends in cyber intelligence and best practices through close collaboration and engagement with industry, academia and government.
- Supporting the production of Management Information related to the Cyber Intelligence and Threat Analysis mission that is appropriate to the target audience, supported by data and experienced analysis enabling informed decisions.
- Supporting engagement within the Lines of Defense Risk Management framework adopted by HSBC, to ensure complete transparency and effective working relationships across all lines of defense.
- Train, develop and mentor less experienced analysts.
- 5+ years of experience in a cyber-intelligence role or similar.
- Extensive experience within an enterprise scale organisation, preferably in the finance or similarly regulated sector.
- Industry recognized cyber security related certifications including; CEH, EnCE, CRISC, SANS GSEC, GCIH, GCIA, GIAC, GCFA, GNFA and/or CISSP.
- Formal education and advanced degree in Information Security, Cybersecurity, Computer Science or similar and/or commensurate demonstrated work experience in the same.
- Excellent knowledge and demonstrated experience of common intelligence sharing platforms/protocols and experience operating within a collective defense environment with internal stakeholders and external partners.
- Excellent knowledge of intelligence analysis principles either through formal education/training or equivalent professional experience.
- Excellent knowledge and demonstrated experience in analysis and dissecting advanced attacker tactics, techniques and procedures that informs adjustments to the cybersecurity control plane.
- Ability to develop and track key performance indicators (KPIs) and metrics for evaluation of operational effectiveness as well as providing recommendations for control improvement and mitigating control adjustments.
- Excellent knowledge of the thought processes, methodologies and techniques used by advanced criminal and nation state adversaries spanning multiple aspects of the security domain.
- Highly developed research and analytical skillset, so you can work with large volumes of data and pinpoint statistically significant patterns related to cyber threats.
- Excellent investigative skills, insatiable curiosity and an innate drive to win.
- Instinctive and creative, with an ability to think like the enemy.
- Deep knowledge of hacker culture.
- Developed external peer network for sharing intelligence.
- Self-motivated and possessing of a high sense of urgency and personal integrity.
- Highest ethical standards and values.
- Good understanding of HSBC cyber security principles, global financial services business models, regional compliance regulations and laws.
- Good understanding and knowledge of common industry cyber security frameworks, standards and methodologies, including; OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards.
- Proven experience in identifying and responding to advanced attacker methodologies both within the corporate environment as well as external attack infrastructures, ideally with offensive experience and/or deception environment development (tripwire systems, honeypots, honey-token/accounts, etc.) using open source, vendor purchased and bespoke/in-house developed solutions.
- Excellent communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external stakeholders.
- Proven ability to collaborate across industry, academia and government to solve complex cyber security problems.
- Ability to speak, read and write in English, in addition to your local language.
- Stable job in professional team,
- Interesting path of career in an international organization,
- Consistent scope of responsibilities,
- Private health care, employees’ benefits.