Oferta pracy

Pracodawca zakończył zbieranie zgłoszeń na tę ofertę

Aktualne oferty pracodawcy

Pracodawca zakończył zbieranie zgłoszeń na tę ofertę

Aktualne oferty pracodawcy
Oferta z szybkim aplikowaniem 
co to?
Na oferty z aktywnym „Aplikuj szybko” zaaplikujesz jednym kliknięciem. Korzystają one z danych używanych przez Ciebie przy ostatnim aplikowaniu. Jeśli jeszcze tego nie robiłaś/eś, nie przejmuj się. Za pierwszym razem trafisz na pełny formularz aplikowania.

(Cybersecurity Operations) Senior Governance Lead – SIEM Technology

HSBC Service Delivery (Polska) Sp. z o.o.About the company

  • Kapelanka 42a, Kraków
    Kraków, Lesser Poland
  • Offer expired 11 days ago
  • Remote recruitment
  • contract of employment
  • full-time
  • manager / supervisor

HSBC Service Delivery (Polska) Sp. z o.o.

Kapelanka 42a


Technologies we use


  • AWS

  • GCP

  • Azure


  • AV

  • Endpoint management

  • VMWare

  • Python

  • Perl

  • PowerShell

  • Bash

  • SIEM

About the project

The Senior Governance lead will be a member of the Global Cybersecurity Operations team. This team is responsible for identifying, developing and deploying global cybersecurity controls across the estate leveraging the firm’s assets, network and data to identify threats. This role will partner heavily with Cyber Risk and Control governance teams, IT Infrastructure Delivery (ITID) and our 2nd line of defence to support the end to end governance and effectiveness of our Logging, Monitoring, and Alerting [LOGM] control.

Logging, Monitoring, and Alerting is an ongoing activity designed to detect and support treatment of risk events.

The objective of the control is to:

- identify and preserve log data that supports the provision of a resilient operating environment;

- monitor events and identify anomalies that require intervention;

- support retrospective analysis of events/system behaviour;

- escalate events and anomalies to enable timely remediation or further diagnostic work.

The logging and operations functions within Cyber Technology Operations has the responsibility of ensuring ingestion of various log types and data sources into our SIEM tool, 24/7 production support of the environment, capacity planning, patches and upgrades and use case development and ongoing upkeep per intel provided from various peer teams within the Cyber Security organization.

This role will participate in efforts to test the effectiveness of defined controls and ensure that critical processes in the firm are evaluated from a security perspective. The role requires a strong self-starter with a track record who can understand program objectives, create or modify controls using a logical and standardized approach, and independently and proactively engage internal partners to align on an agreed upon solution. The ideal candidate will have experience in various SIEM technologies and enterprise search tools (e.g. Splunk ES, QRadar LogRhythm, ELK, Sumologic, etc.).

Your responsibilities

  • Representing the Global Cybersecurity Operations team in various control forums

  • Working closely with various Global Businesses and Global functions on control effectiveness

  • Engineering support of existing and future SIEM platforms

  • Directly contributing to the continued technical enhancement of the security platforms

  • Supporting a “self-critical” culture whereby identification of weaknesses in the bank’s control plane (people, process and technology) are brought to light in an effective manner and addressed

  • Supporting a culture of individual self-improvement, whereby staff are expected to maintain subject matter expertise within their area of focus and within the realm of cybersecurity more broadly, for example remaining up to date on the latest Cyber techniques and tooling for strategically important platforms and technologies in use (and proposed for use) at HSBC

  • Supporting engagement of Global Businesses and Functions everywhere HSBC does business that drives a global up-lift in cybersecurity awareness helping to “tell the story” of HSBC Cybersecurity efforts

  • Collaborate with various layers of management across Cybersecurity and other IT teams to develop solutions that protect the organization

  • Must be able to represent the SIEM team to senior managers, business representatives and risk functions and discuss the issues, challenges and progress of the work at an appropriate level for the target population

  • Design and drive the implementation of service offerings, capability uplifts, and process improvements to protect the bank for a continuously changing threat landscape

  • The Governance Lead must review mechanisms used to feed system logs into the Command Center collection host(s) and ensure logs are transmitted using verified, secure industry methods and standards outlined within the Event Logging and Monitoring Operating Instructions

Our requirements

  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one

  • An ability to perform independent analysis of complex problems and distill relevant findings and root causes

  • Proven ability and experience of working in a high-pressure, fast paced environment where bold, time critical decision making is essential

  • Proven experience in Logging frameworks, Enterprise level support across a global function

  • Ability to orchestrate, manage and successfully implement major procedural and technological change within a complex, global organization

  • Configure and maintain heterogeneous Splunk environments and in-depth knowledge of log analysis generated by various systems including security products such as LDAP Directories, Application Servers, Web servers and HTTP methodologies

  • Architecture various components within Splunk (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, Parsing, Indexing, searching concepts, Hot, Warm, Cold, Frozen bucketing, License model

  • Helping application teams in on-boarding Splunk and creating dashboards, alerts, and reports

  • Develop custom app configurations (deployment-apps) within SPLUNK in order to parse, index multiple types of log format across all application environments

  • Deployment of Splunk family of software to support log retention, aggregation and analysis requirements, including: Splunk scalability, capacity planning, distributed setup, Search Head Clustering, Index Clustering and performance specifications

  • Perform installation, configuration management, capacity planning, license management, data integration, data transformation, field extraction, event parsing, data preview and application management of Splunk

  • Develop, implement and document configuration standards, policies, and procedures for operating, managing and ensuring the security of the Splunk infrastructure

  • Participate in incident, problem, and change management process related to Splunk

  • Work closely with Linux and Windows server administration teams to diagnose and resolve configuration issues

  • Be well versed in Splunk technology, implementation of best practices and have a working knowledge in the variety of architectural variations of the Splunk product

  • Experience with Splunk deployment in the cloud AWS, GCP or Azure

  • Hands on experience with Enterprise Applications

  • Hands on experience with Security Tools such as IDS/IPS, AV, Endpoint management

  • Hands on experience with Virtualization Technology such as VMWare

  • Scripting/Programming experience with Python, Perl, Powershell or Bash

  • Security Information Event Management (SIEM)

  • 8+ years of experience with deep technical expertise and strong leadership supporting enterprise level SIEM technology and logging frameworks

  • Formal education and advanced degree in Information Security, Cyber-security, Computer Science or similar and/or commensurate demonstrated work experience in the same

What we offer

  • Contact with top IT technologies available in the market;

  • Employees’ benefits: Multisport Card, private medical and dental health care, life insurance;

  • Free parking space for our employees – few minutes from the office;

  • Internal training events and workshops;

  • Realistic career progression opportunities in an international organization;

  • Casual dress code;

  • Cultural exchange.

  • Remote work possible after Covid-19 (up to individual discussion with hiring manager).

  • Benefits

  • sharing the costs of sports activities

  • private medical care

  • sharing the costs of foreign language classes

  • sharing the costs of professional training & courses

  • life insurance

  • remote work opportunities

  • flexible working time

  • integration events

  • corporate sports team

  • doctor’s duty hours in the office

  • retirement pension plan

  • corporate library

  • no dress code

  • video games at work

  • coffee / tea

  • parking space for employees

  • leisure zone

  • extra social benefits

  • employee referral program

  • opportunity to obtain permits and licenses

  • charity initiatives

  • family picnics

  • extra leave

Recruitment stages

Phone interview


Online assessment


Zoom interview


Welcome to HSBC!

HSBC Service Delivery (Polska) Sp. z o.o.

HSBC is one of the world’s largest banking and financial services organisations. Our global businesses serve more than 40 million customers worldwide through a network that covers 64 countries and territories.

HSBC Service Delivery (Polska) Sp. z o.o. is HSBC's global finance, operations, risk and technology centre. We use our unique expertise and capabilities to provide specialised services – our people range from technologists transforming the banking experience to operations professionals managing 1.7 trillion payments a year.

Our Purpose – Opening up a world of opportunity – explains why we exist. We are bringing together the people, ideas and capital that nurture progress and growth, helping to create a better world – for our customers, our people, our investors, our communities and the planet we all share.

Scroll to the company’s profile