Cybersecurity Lead Analyst

HSBC Service Delivery (Polska) Sp. z o.o. is HSBC's global finance, operations, risk and technology centre. We use our unique expertise and capabilities to provide specialised services – our people range from technologists transforming the banking experience to operations professionals managing 1.7 trillion payments a year.

Our Purpose – Opening up a world of opportunity – explains why we exist. We are bringing together the people, ideas and capital that nurture progress and growth, helping to create a better world – for our customers, our people, our investors, our communities and the planet we all share.

What you’ll be doing:

• Work as a senior member of the Monitoring and Threat Detection team within an “Analysis POD” tasked with triage of threat detection events from across the entire global HSBC technology estate.
• Collaborate with colleagues across Threat Detection and Incident Management areas to ensure a rapid and focussed identification and escalation of potential threat events.
• Provide support into Incident Response actions, providing SME knowledge to ensure continuity and depth of investigation.
• Involvement in “Purple Team” and Threat Simulation activities, ensuring that the detection capability is accurately assessed and validated.
• Collaborate with the Threat Hunters on hypothesis driven threat hunt and advanced data analysis.
• Apply structured analytical techniques and critical thinking to ensure consistent triage of threat events.
• Contribute to Post-Incident reviews, ensuring that output is captured and use to continually improve detection posture.
• Provide quality assurance and oversight to investigation tickets, ensuring that ideas for improvement and training are captured in an objective manner.
• Support the Crew Lead during shift handovers, ensuring the effective operations 24x7x365.
• Provide expert-level advice and technical leadership to the team, driving the continued evolution of hunting, monitoring, detection, analysis and response capabilities and processes.
• Train, develop, mentor and inspire cybersecurity colleagues in area(s) of specialism.
• Review technical threat intelligence reports and apply detailed analysis of Indicators of Attack to ensure that we are able to defend against similar threats.
• Identifying new SIEM detection use cases, taking end-to-end ownership of the delivery including testing, triage documentation and training requirements.
• Identify processes that can be automated and orchestrated to ensure maximum efficiency of Global Cybersecurity Operations resources, reducing manual repetitive tasks where possible.

You’re a great candidate if you have these:

• 5+ years of experience in cyber security senior analyst role or similar.
• Experience within an enterprise scale organisation; including hands-on experience of complex data centre environments, preferably in the finance or similarly regulated sector.
• Industry recognised cyber security related certifications including; CEH, OSCP, EnCE, SANS GSEC, GCIH, GCIA, and/or CISSP.
• Technical expertise in analysing threat event data, evaluating malicious activity, documenting unusual files and data and identifying tactics, techniques and procedures used by attackers.
• Expert level knowledge and demonstrated experience in analysis and dissection of advanced attacker tactics, techniques and procedures in order to inform adjustments to the control plane.
• Expert level of knowledge and demonstrated experience of common Security Information and Event Management (SIEM) platforms for the collection and real-time analysis of security information.
• Expert level knowledge of Enterprise Detect and Response (EDR) tooling for the identification, prevention and detection of cyber-threats and for use in triage, investigation and threat hunting.
• Detailed knowledge and demonstrated experience of common cybersecurity technologies such as; IDS / IPS / HIPS, Advanced Anti-malware prevention and analysis, Firewalls, Proxies, MSS, etc.
• Excellent knowledge and demonstrated experience of common operating systems and end user platforms to include Windows, Linux, Citrix, ESX, OSX, etc.
• Excellent knowledge of common network protocols such as TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc. and network protocol analysis suits.
• Good knowledge and demonstrated experience in incident response tools, techniques and process for effective threat containment, mitigation and remediation.
• Functional knowledge of scripting, programming and/or development of bespoke tooling or solutions to solve unique problems.
• Functional knowledge of Security Orchestration Automation and Response (SOAR) platforms including development and implementation of automation routines.
• Functional knowledge and technical experience of cloud computing platforms such as AWS, Azure and Google.
• Basic knowledge and demonstrated experience in common cybersecurity incident response and forensic investigation tools such as: EnCase, FTK, Sleuthkit, Kali Linux, IDA Pro, etc.
• Formal education and advanced degree in Information Security, Cyber-security, Computer Science or similar and/or commensurate demonstrated work experience in the same.
• Good understanding and knowledge of common industry cyber security frameworks, standards and methodologies, including; MITRE ATT&CK, OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards.

What you’ll get with us:

• Competitive salary
• Annual performance-based bonus
• Additional bonuses for recognition awards
• Multisport card
• Private medical care
• Life insurance
• One-time reimbursement of home office set-up (up to 800 PLN)
• Corporate parties & events
• CSR initiatives
• Nursery discounts
• Financial support with trainings and education
• Social fund
• Flexible working hours
• Free parking

You'll achieve more when you join HSBC.

If your CV meets our criteria, you should expect the following steps in the recruitment process:

• Online behavioural test
• Telephone screen
• Job interviews with the hiring managers

In case you would like to resign from participation in recruitment process or withdraw previously sent to us application, please email us at: [email protected].