sharing the costs of sports activities
(Cybersecurity Operations) Senior Governance Lead – SIEM Technology
HSBC Service Delivery (Polska) Sp. z o.o.About the company
- Kapelanka 42a, KrakówKraków, Lesser Poland
- Offer expired 11 days ago
- Remote recruitment
- contract of employment
- manager / supervisor
Technologies we use
About the project
The Senior Governance lead will be a member of the Global Cybersecurity Operations team. This team is responsible for identifying, developing and deploying global cybersecurity controls across the estate leveraging the firm’s assets, network and data to identify threats. This role will partner heavily with Cyber Risk and Control governance teams, IT Infrastructure Delivery (ITID) and our 2nd line of defence to support the end to end governance and effectiveness of our Logging, Monitoring, and Alerting [LOGM] control.
Logging, Monitoring, and Alerting is an ongoing activity designed to detect and support treatment of risk events.
The objective of the control is to:
- identify and preserve log data that supports the provision of a resilient operating environment;
- monitor events and identify anomalies that require intervention;
- support retrospective analysis of events/system behaviour;
- escalate events and anomalies to enable timely remediation or further diagnostic work.
The logging and operations functions within Cyber Technology Operations has the responsibility of ensuring ingestion of various log types and data sources into our SIEM tool, 24/7 production support of the environment, capacity planning, patches and upgrades and use case development and ongoing upkeep per intel provided from various peer teams within the Cyber Security organization.
This role will participate in efforts to test the effectiveness of defined controls and ensure that critical processes in the firm are evaluated from a security perspective. The role requires a strong self-starter with a track record who can understand program objectives, create or modify controls using a logical and standardized approach, and independently and proactively engage internal partners to align on an agreed upon solution. The ideal candidate will have experience in various SIEM technologies and enterprise search tools (e.g. Splunk ES, QRadar LogRhythm, ELK, Sumologic, etc.).
Representing the Global Cybersecurity Operations team in various control forums
Working closely with various Global Businesses and Global functions on control effectiveness
Engineering support of existing and future SIEM platforms
Directly contributing to the continued technical enhancement of the security platforms
Supporting a “self-critical” culture whereby identification of weaknesses in the bank’s control plane (people, process and technology) are brought to light in an effective manner and addressed
Supporting a culture of individual self-improvement, whereby staff are expected to maintain subject matter expertise within their area of focus and within the realm of cybersecurity more broadly, for example remaining up to date on the latest Cyber techniques and tooling for strategically important platforms and technologies in use (and proposed for use) at HSBC
Supporting engagement of Global Businesses and Functions everywhere HSBC does business that drives a global up-lift in cybersecurity awareness helping to “tell the story” of HSBC Cybersecurity efforts
Collaborate with various layers of management across Cybersecurity and other IT teams to develop solutions that protect the organization
Must be able to represent the SIEM team to senior managers, business representatives and risk functions and discuss the issues, challenges and progress of the work at an appropriate level for the target population
Design and drive the implementation of service offerings, capability uplifts, and process improvements to protect the bank for a continuously changing threat landscape
The Governance Lead must review mechanisms used to feed system logs into the Command Center collection host(s) and ensure logs are transmitted using verified, secure industry methods and standards outlined within the Event Logging and Monitoring Operating Instructions
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
An ability to perform independent analysis of complex problems and distill relevant findings and root causes
Proven ability and experience of working in a high-pressure, fast paced environment where bold, time critical decision making is essential
Proven experience in Logging frameworks, Enterprise level support across a global function
Ability to orchestrate, manage and successfully implement major procedural and technological change within a complex, global organization
Configure and maintain heterogeneous Splunk environments and in-depth knowledge of log analysis generated by various systems including security products such as LDAP Directories, Application Servers, Web servers and HTTP methodologies
Architecture various components within Splunk (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, Parsing, Indexing, searching concepts, Hot, Warm, Cold, Frozen bucketing, License model
Helping application teams in on-boarding Splunk and creating dashboards, alerts, and reports
Develop custom app configurations (deployment-apps) within SPLUNK in order to parse, index multiple types of log format across all application environments
Deployment of Splunk family of software to support log retention, aggregation and analysis requirements, including: Splunk scalability, capacity planning, distributed setup, Search Head Clustering, Index Clustering and performance specifications
Perform installation, configuration management, capacity planning, license management, data integration, data transformation, field extraction, event parsing, data preview and application management of Splunk
Develop, implement and document configuration standards, policies, and procedures for operating, managing and ensuring the security of the Splunk infrastructure
Participate in incident, problem, and change management process related to Splunk
Work closely with Linux and Windows server administration teams to diagnose and resolve configuration issues
Be well versed in Splunk technology, implementation of best practices and have a working knowledge in the variety of architectural variations of the Splunk product
Experience with Splunk deployment in the cloud AWS, GCP or Azure
Hands on experience with Enterprise Applications
Hands on experience with Security Tools such as IDS/IPS, AV, Endpoint management
Hands on experience with Virtualization Technology such as VMWare
Scripting/Programming experience with Python, Perl, Powershell or Bash
Security Information Event Management (SIEM)
8+ years of experience with deep technical expertise and strong leadership supporting enterprise level SIEM technology and logging frameworks
Formal education and advanced degree in Information Security, Cyber-security, Computer Science or similar and/or commensurate demonstrated work experience in the same
What we offer
Contact with top IT technologies available in the market;
Employees’ benefits: Multisport Card, private medical and dental health care, life insurance;
Free parking space for our employees – few minutes from the office;
Internal training events and workshops;
Realistic career progression opportunities in an international organization;
Casual dress code;
Remote work possible after Covid-19 (up to individual discussion with hiring manager).
private medical care
sharing the costs of foreign language classes
sharing the costs of professional training & courses
remote work opportunities
flexible working time
corporate sports team
doctor’s duty hours in the office
retirement pension plan
no dress code
video games at work
coffee / tea
parking space for employees
extra social benefits
employee referral program
opportunity to obtain permits and licenses
Welcome to HSBC!
HSBC Service Delivery (Polska) Sp. z o.o.
HSBC is one of the world’s largest banking and financial services organisations. Our global businesses serve more than 40 million customers worldwide through a network that covers 64 countries and territories.
HSBC Service Delivery (Polska) Sp. z o.o. is HSBC's global finance, operations, risk and technology centre. We use our unique expertise and capabilities to provide specialised services – our people range from technologists transforming the banking experience to operations professionals managing 1.7 trillion payments a year.
Our Purpose – Opening up a world of opportunity – explains why we exist. We are bringing together the people, ideas and capital that nurture progress and growth, helping to create a better world – for our customers, our people, our investors, our communities and the planet we all share.