CybersecurityOpen positions:1Role Title: Lead AnalystGlobal Career Band: 5Location : Hyderabad /IndiaRecruiter Name : DilipSome careers have more impact than others.
If you're looking for a career where you can make a real impression, join HSBC and discover how valued you'll be.
HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.
We are currently seeking an experienced professional to join our team in the role of Lead AnalystPrincipal responsibilitiesJob Purpose
Global Cybersecurity Operations (GCO) provides a coordinated suite of 'Network Defence' services responsible for detecting and responding to information and cybersecurity threats to HSBC assets across the globe and is under the management of the Head of Global Cybersecurity Operations. This includes dedicated functions for the monitoring and detection of threats within the global estate as well as Cybersecurity Incident Management and Response activities. These two principal functions are supported by additional internal GCO capabilities in; Cyber Intelligence and Threat Analysis, Security Sciences and Client Engagement and Support Services. Critical to the success of GCO is it close partnership with sister Cybersecurity teams, IT Infrastructure Delivery and Global Business and Function clients. The overall GCO mission is placed under the purview of the Group Chief Information Security Officer (CISO).
The Cybersecurity Monitoring and Threat Detection Team are charged with efficiently and effectively monitoring the HSBC global technology and information estate 24x7. The team's mission is to detect the presence of any adversary within the estate, quickly analyse the severity and scope of the issue and work with the Cybersecurity Incident Management and Response Team to contain, mitigate and remediate the incursion. In addition, the team is responsible for constantly improving its detection capability through attack analysis and ensuring that the appropriate security event information is being fed into the team and that the alerting rules are tuned for maximum effectiveness. This mission is critical to the protection of HSBC customers, the HSBC brand, shareholder value, as well as HSBC information and financial assets.
Lead Analysts are responsible for leading the analysis of and supporting the response to cyber security incidents within HSBC, using the latest threat monitoring and detection technologies to detect, analyse and respond.
The Lead Analyst is accountable for:
- Responding to alerts from across the entire global HSBC technology and information estate to quickly detect harmful behaviours and events, containing, mitigating and remediating minor incidents and in coordination with the Cybersecurity Incident Management and Response Team, effectively containing, mitigating and remediating more serious events.
- Supporting cyber security incidents through to eradication and feed in to the Post Incident Review process that delivers detailed analysis on the root cause of incidents investigated and produces findings and recommendations that support control adjustments to better protect the bank.
- Identifying, developing and implementing new detections (Use cases) and mitigations (Playbooks) across the security platforms.
- Reviewing and approving new Use Cases and Playbooks created by Cybersecurity colleagues.
- Continuously reviewing the effectiveness of analysis playbooks, processes, and tooling.
- Communicating new use cases (go-live, demise, tuning), to the cybersecurity operations teams, supporting the Cybersecurity Operations Manager in ensuring all teams are prepared to take on the additional workload and have sufficient tools, training and capability to do so effectively.
- Researching emerging threats and vulnerabilities to aid in the identification of cyber incidents.
- Applying structured analytical methodologies to maximise threat intelligence growth and service efficacy.
- Supporting the Watch Commander during shift handovers, ensuring all team members are ready to manage ongoing incidents.
- Supporting the triage of potentially malicious events to determine severity and criticality of the event.
- Provide expert-level advice and technical leadership to the team, driving the continued evolution of hunting, monitoring, detection, analysis and response capabilities and processes.
- Train, develop, mentor and inspire cybersecurity colleagues in area(s) of specialism.
- Collaborate with the wider Cybersecurity (and IT) teams to ensure that the core, underlying technological capabilities that underpin an effective and efficient operational response to current and anticipated threats and trends remain fit for purpose.
- Identify processes that can be automated and orchestrated to ensure maximum efficiency of Global Cybersecurity Operations resources.
- Promote a 'self-critical' and continuous assessment and improvement culture whereby identification of weaknesses in the bank's control plane (people, process and technology) are brought to light and addressed in an effective and timely manner.
- Support engagement in support of HSBC Global Businesses and Functions to drive a global up-lift in cyber-security awareness and help to evangelise HSBC Cybersecurity efforts and success.
Principal Accountabilities: key activities and decision making areasImpact on the Business/Function
Customers / Stakeholders
- Develop the Global Cybersecurity Operations monitoring and detection capability, engaging with colleagues across Cybersecurity, IT functions and the global businesses to drive and deliver sustainable threat monitoring and detection in line with accepted industry standards, best-practice and company strategies.
- Support business performance through clear thinking and the application of security focussed knowledge and experience whilst working under pressure in a time-critical, fast paced environment.
- Deliver sustainable business outcomes:
- Work closely with peers and business leads to build and implement controls in alignment with the threat-landscape, risk-posture, architectural constraints, company strategic direction and industry trends and best practices.
- Continually review processes and controls to ensure that when required, capability is re-factored to meet evolving security, compliance and business needs.
- Drive to deliver the highest standards and outcomes, inspiring others to do the same. Focus on medium and long term goals even when under pressure or facing uncertainty. Manage expectations, results and impact of agreed outcomes, thinking ahead to identify and overcome potential issues.
- Strategically develop and adopt innovative approaches to problem solving in order to gain performance and efficiency advantage, taking calculated, entrepreneurial risks to achieve security-aware, business and strategy aligned outcomes.
- Contributes to a customer-focused and collaborative culture by championing customer and stake-holder engagement throughout the team.
- Demonstrates an understanding of customer and stakeholder requirements by providing specialist input and knowledge and having a detailed understanding of the different short and long term shifts in business/function patterns of activity and demand.
- Understands and interprets developments and changes in future business requirement and ensures the appropriate reaction and response through discourse and the implementation of relevant, security focussed, technical and procedural solutions.
Strengthens stakeholder relationships and enhances key relationships using rapport-building expertise and appropriate influencing skills to add and increase stakeholder advocacy. Key relationships to include colleagues across the other Cybersecurity functions and external peers in the cyber security community, along with other regional counterparts across the globe, Cultivate strong relationships with organisationally important global and/or high value stakeholders with a tailored approach.Leadership & Teamwork
- Actively promotes and participates in a learning culture, encouraging collaboration and cross-functional working to assist in the development and nurturing of teams and to assist in the identification and growth of talent.
- Actively seeks to engage a diverse group of stakeholders internally and externally to ensure a balanced influence and achievement of best outcomes for all.
- Builds rapport and mutual understanding to communicate and create opportunities for cross-business and global working. Encourages debate and open discussion. Builds sustainable relationships beyond transactional levels to build better understanding of mutual benefits.
Acts as an effective coach and mentor. Contributes to the establishment of good coaching and mentoring practices throughout the team and across the wider GCO department.Operational Effectiveness & Control:
- Governs risk responsibly. Promotes effective, efficient and proportionate management of risk across regions, business areas and within their area of responsibility.
- Implements changes in policy and governance effectively, reinforcing risk processes within their area of responsibility.
- Maintains a risk aware culture. Shows integrity whilst promoting and managing relevant threat hunting requirements within their team.
- Embeds efficient risk and compliance processes and procedures into business as usual practices.
- Builds collaborative relationships, defines and articulates to stakeholders the targeted benefits for a change intervention.
- Demonstrates effective financial skills to develop a detailed business case, including investments, detailed benefits (financial, non-financial and strategic) and link to overall finances of the business.
- Excellent investigative skills, insatiable curiosity and an innate drive to win.
- Instinctive and creative, with an ability to think like the enemy.
- Strong problem-solving and trouble-shooting skills.
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
- Developed external peer network for sharing intelligence
- An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.
- An understanding of organisational mission, values and goals and consistent application of this knowledge.
- Self-motivated and possessing of a high sense of urgency and personal integrity.
- Highest ethical standards and values.
- Experience defining and refining operational procedures, workflows and processes to support the team in consistent, quality execution of monitoring and detection.
- Good understanding of HSBC cyber security principles, global financial services business models, regional compliance regulations and laws.
- Good understanding and knowledge of common industry cyber security frameworks, standards and methodologies, including; OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards.
- Good communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external stakeholders.
- Ability to speak, read and write in English, in addition to your local language.
Industry Experience and Qualifications
- Technical expertise in analysing threat event data, evaluating malicious activity, documenting unusual files and data and identifying tactics, techniques and procedures used by attackers.
- Expert level knowledge and demonstrated experience in analysis and dissection of advanced attacker tactics, techniques and procedures in order to inform adjustments to the control plane.
- Expert level of knowledge and demonstrated experience of common log management suites, Security Information and Event Management (SIEM) tools, use of 'Big Data' and Cloud-based solution for the collection and real-time analysis of security information.
- Detailed knowledge and demonstrated experience of common cybersecurity technologies such as; IDS / IPS / HIPS, Advanced Anti-malware prevention and analysis, Firewalls, Proxies, MSS, etc.
- Excellent knowledge and demonstrated experience of common operating systems and platforms to include Windows, Linux, UNIX, Oracle, Citrix, GSX Server, iOS, OSX, etc.
- Excellent knowledge of common network protocols such as TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc. and network protocol analysis suits.
- Good knowledge and demonstrated experience in incident response tools, techniques and process for effective threat containment, mitigation and remediation.
- Good knowledge of key information risk management and security related standards including OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines and NIST standards.
- Functional knowledge of scripting, programming and/or development of bespoke tooling or solutions to solve unique problems.
- Functional knowledge and technical experience of 3rd party cloud computing platforms such as AWS, Azure and Google.
- Basic knowledge and demonstrated experience in common cybersecurity incident response and forensic investigation tools such as: EnCase, FTK, Sleuthkit, Kali Linux, IDA Pro, etc.
Candidates will be evaluated primarily upon their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in this role are as follows:
You'll achieve more when you join HSBC.
- 5+ years of experience in cyber security senior analyst role or similar.
- Experience within an enterprise scale organisation; including hands-on experience of complex data centre environments, preferably in the finance or similarly regulated sector.
- Industry recognised cyber security related certifications including; CEH, EnCE, SANS GSEC, GCIH, GCIA and/or CISSP.
- Formal education and advanced degree in Information Security, Cyber-security, Computer Science or similar and/or commensurate demonstrated work experience in the same.
HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.'
Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.***Issued By HSBC Software Development Centre***