Job Advert Details



Some careers shine brighter than others
If you’re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.


Your career opportunity:
The Cybersecurity Monitoring and Threat Detection Team are charged with efficiently and effectively monitoring the HSBC global technology and information estate 24x7.  The team’s mission is to detect the presence of any adversary within the estate, quickly analyse the severity and scope of the issue and work with the Cybersecurity Incident Management and Response Team to contain, mitigate and remediate the incursion.  In addition, the team is responsible for constantly improving its detection capability through attack analysis and ensuring that the appropriate security event information is being fed into the team and that the alerting rules are tuned for maximum effectiveness.  This mission is critical to the protection of HSBC customers, the HSBC brand, shareholder value, as well as HSBC information and financial assets.
Lead Cloud Security Analysts report into the Cloud Security Manager or Operations Manager and are responsible for leading the identification, analysis and response to cyber security incidents within HSBC, using the latest technologies to detect, analyse and respond


What you’ll do:
    • Developing, managing and maintaining intelligence and risk led threat detection capabilities across the entire global HSBC Cloud hosted technology and information estate to quickly detect and respond to harmful behaviours and events in coordination with the Cybersecurity Incident Management and Response Team, effectively containing, mitigating and remediating more serious incidents.
    • Identifying, developing and implementing new detections (Use cases) and mitigations (Playbooks) across the Cloud focused security platforms and prioritising the use automation and orchestration opportunities.
    • Managing and owning the relationship with the HSBC Cloud platform teams to support a collaborative and effective security focused partnership.
    • Reviewing and approving new Use Cases and Playbooks created by Cybersecurity colleagues.
    • Continuously reviewing the effectiveness of analysis playbooks, processes, and tooling.
    • Communicating new use cases (go-live, demise, tuning), to the cybersecurity operations teams, supporting the Cybersecurity Cloud Security Manager in ensuring all teams are prepared to take on the additional workload and have sufficient tools, training and the capability to do so effectively. 
    • Proactively researching emerging threats and vulnerabilities to aid in the identification of cyber incidents.
    • Supporting the Crew Lead and Watch Commander during shift handovers, ensuring all team members are ready to manage ongoing incidents.


What you need to have to succeed in this role:
    • Technical expertise in analysing threat event data, evaluating malicious activity, documenting unusual files and data and identifying tactics, techniques and procedures used by attackers.
    • Experience in analysis and dissection of advanced attacker tactics, techniques and procedures in order to inform adjustments to the control plane.
    • Expert level of knowledge and demonstrated experience of common log management suites, Security Information and Event Management (SIEM) tools for the collection and real-time analysis of security information.
    • Expert level knowledge of Splunk and specifically writing spl queries.
    • Expert level knowledge of one of more leading Cloud platforms including Microsoft Azure, Amazon Web Services, Google Cloud Platform and Alibaba Cloud. 
    • Strong knowledge of security event logging, monitoring, detection and response on one or more of the leading Cloud platforms using tools and native capabilities such as AWS GuardDuty, Azure Sentinel, Google Security Command Center and Alibaba Cloud Security Center. Experience in writing KQL queries would be advantageous. 
    • Experience of common cybersecurity technologies such as; IDS / IPS / HIPS, EDR, Advanced Anti-malware prevention and analysis, Firewalls, Proxies, WAF, etc.
    • Excellent knowledge and demonstrated experience of common operating systems and platforms to include Windows, Linux, UNIX, Citrix, GSX Server, iOS, OSX, etc


What we offer:
    • Competitive salary
    • Annual performance-based bonus
    • Additional bonuses for recognition awards
    • Multisport card
    • Private medical care
    • Life insurance
    • One-time reimbursement of home office set-up (up to 800 PLN).
    • Corporate parties & events
    • CSR initiatives
    • Nursery discounts
    • Financial support with trainings and education
    • Social fund
    • Flexible working hours
    • Free parking


If your CV meets our criteria, you should expect the following steps in the recruitment process: 
    • Online behavioural test (for external candidates only) 
    • Telephone screen (for external candidates only) 
    • Job Interviews with the hiring manager


We are looking to hire as soon as possible so don’t wait and apply now! 
You'll achieve more when you join HSBC. 


We thank all interested candidates for their applications. We reserve the right to contact only selected candidates.


In case you would like to resign from participation in recruitment process or withdraw previously sent to us application, please email us at: krakow.recruitment@hsbc.com