Cyber Security SOC lead/ Senior Consultant Specialist

Some careers shine brighter than others.

If you’re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.

We are currently seeking an experienced professional to join our team in the role of Cyber Security SOC lead/ Senior Consultant Specialist.

In this role, you will:

• Work as a senior member of the Monitoring and Threat Detection team within an “Analysis POD” tasked with triage of threat detection events from across the entire global HSBC technology estate.
• Collaborate with colleagues across Threat Detection and Incident Management areas to ensure a rapid and focussed identification and escalation of potential threat events.
• Provide support into Incident Response actions, providing SME knowledge to ensure continuity and depth of investigation.
• Involvement in “Purple Team” and Threat Simulation activities, ensuring that the detection capability is accurately assessed and validated.
• Collaborate with the Threat Hunters on hypothesis driven threat hunt and advanced data analysis.
• Apply structured analytical techniques and critical thinking to ensure consistent triage of threat events.
• Contribute to post-incident reviews, ensuring that output is captured and use to continually improve detection posture.
• Provide quality assurance and oversight to investigation tickets, ensuring that ideas for improvement and training are captured in an objective manner.
• Provide expert-level advice and technical leadership to the team, driving the continued evolution of hunting, monitoring, detection, analysis and response capabilities and processes.
• Train, develop, mentor, and inspire cybersecurity colleagues in area(s) of specialism.
• Review technical threat intelligence reports and apply detailed analysis of Indicators of Attack to ensure that we are able to defend against similar threats.
• Identifying new SIEM detection use cases, taking end-to-end ownership of the delivery including testing, triage documentation and training requirements.
• Identify processes that can be automated and orchestrated to ensure maximum efficiency of Global Cybersecurity Operations resources, reducing manual repetitive tasks where possible.

To be successful in this role, you should meet the following requirements:

• Excellent investigative skills, insatiable curiosity, and an innate drive to win.
• Good understanding and knowledge of common industry cyber security frameworks, standards and methodologies, including MITRE ATT&CK, OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards.
• Expert level knowledge and demonstrated experience in analysis and dissection of advanced attacker tactics, techniques, and procedures to inform adjustments to the control plane.
• Expert level of knowledge and demonstrated experience of common Security Information and Event Management (SIEM) platforms for the collection and real-time analysis of security information.
• Expert level knowledge of Enterprise Detect and Response (EDR) tooling for the identification, prevention, and detection of cyber-threats and for use in triage, investigation, and threat hunting.
• Detailed knowledge and demonstrated experience of common cybersecurity technologies such as IDS / IPS / HIPS, Advanced Anti-malware prevention and analysis, Firewalls, Proxies, MSS, etc.
• Excellent knowledge and demonstrated experience of common operating systems and end user platforms to include Windows, Linux, Citrix, ESX, OSX, etc.
• Excellent knowledge of common network protocols such as TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc. and network protocol analysis suits.
• Good knowledge and demonstrated experience in incident response tools, techniques and process for effective threat containment, mitigation, and remediation.
• Functional knowledge of Security Orchestration Automation and Response (SOAR) platforms including development and implementation of automation routines.
• Functional knowledge and technical experience of cloud computing platforms such as AWS, Azure, and Google.

You’ll achieve more when you join HSBC.

www.hsbc.com/careers

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Issued by – HSBC Software Development India