Global Cybersecurity Operations (GCO) provides a coordinated suite of “Network Defence” services responsible for detecting and responding to information and cybersecurity threats to HSBC assets across the globe and is under the management of the Head of Global Cybersecurity Operations. This includes dedicated functions for the monitoring and detection of threats within the global estate as well as Cybersecurity Incident Management and Response activities. These two principal functions are supported by additional internal Global Defence (GD) capabilities in: Cyber Intelligence and Threat Analysis, Technical Director Office, Cybersecurity Engineering and Service Reliability Engineering. Critical to the success of GCO is its close partnership with sister Cybersecurity teams, IT Infrastructure Delivery and Global Business and Function clients. The overall GCO and GD mission is placed under the purview of the Cybersecurity Chief Technology Officer (CTO) and the Group Chief Information Security Officer (CISO).
The Cybersecurity Monitoring and Threat Detection Team are charged with efficiently and effectively monitoring the company's global technology and information estate 24x7. The team’s mission is to detect the presence of any adversary within the estate, quickly analyse the severity and scope of the issue and work with the Cybersecurity Incident Management and Response Team to contain, mitigate and remediate the incursion. In addition, the team is responsible for constantly improving its detection capability through attack analysis and ensuring that the appropriate security event information is being fed into the team and that the alerting rules are tuned for maximum effectiveness. This mission is critical to the protection of company's customers, the brand, shareholder value, as well as information and financial assets.

Lead Analysts are responsible for leading the analysis of and supporting the response to cybersecurity events within company, using the latest threat monitoring and detection technologies to detect, analyse and respond.

What you'll need to succeed

• Excellent investigative skills, insatiable curiosity and an innate drive to win.
• Instinctive and creative, with an ability to think like the enemy.
• Strong problem-solving and trouble-shooting skills.
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.
• An understanding of organisational mission, values and goals and consistent application of this knowledge.
• Self-motivated and possessing of a high sense of urgency and personal integrity.
• Highest ethical standards and values.
• Experience defining and refining operational procedures, workflows and processes to support the team in consistent, quality execution of monitoring and detection.
• Good understanding of HSBC cybersecurity principles, global financial services business models, regional compliance regulations and laws.
• Good understanding and knowledge of common industry cybersecurity frameworks, standards and methodologies, including; MITRE ATT&CK, OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards.
• Good communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external stakeholders.
• Ability to speak, read and write in English, in addition to your local language.

Technical skills
• Technical expertise in analysing threat event data, evaluating malicious activity, documenting unusual files and data and identifying tactics, techniques and procedures used by attackers.
• Expert level knowledge and demonstrated experience in analysis and dissection of advanced attacker tactics, techniques and procedures in order to inform adjustments to the control plane.
• Expert level of knowledge and demonstrated experience of common Security Information and Event Management (SIEM) platforms for the collection and real-time analysis of security information.
• Expert level knowledge of Enterprise Detect and Response (EDR) tooling for the identification, prevention and detection of cyber-threats and for use in triage, investigation and threat hunting.
• Detailed knowledge and demonstrated experience of common cybersecurity technologies such as; IDS / IPS / HIPS, Advanced Anti-malware prevention and analysis, Firewalls, Proxies, MSS, etc.
• Excellent knowledge and demonstrated experience of common operating systems and end user platforms to include Windows, Linux, Citrix, ESX, OSX, etc.
• Excellent knowledge of common network protocols such as TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc. and network protocol analysis suits.
• Good knowledge and demonstrated experience in incident response tools, techniques and process for effective threat containment, mitigation and remediation.
• Functional knowledge of scripting, programming and/or development of bespoke tooling or solutions to solve unique problems.
• Functional knowledge of Security Orchestration Automation and Response (SOAR) platforms including development and implementation of automation routines.
• Functional knowledge and technical experience of cloud computing platforms such as AWS, Azure and Google.
• Basic knowledge and demonstrated experience in common cybersecurity incident response and forensic investigation tools such as: EnCase, FTK, Sleuthkit, Kali Linux, IDA Pro, etc.

What you'll get in return

•Competitive Salary
•Annual performance- based bonus
•Additional bonuses for recognition awards
•Multisport Card
•Private medical care
•Life Insurance
•One-Time reimbursement of home office set up (up to 800 PLN)
•Corporate parties and events
•CSR Initiatives
•Nursery and Kindergarten discounts
•Financial support with trainings and education
•Social Fund
•Flexible working hours
•Free parking

If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.

Hays Poland sp. z o.o. is an employment agency registered in a registry kept by Marshal of the Mazowieckie Voivodeship under the number 361.

#LI-DNI