HSBC Group

If you’re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

We are currently seeking a high calibre professional to join our team, with skills primarily focused on Cybersecurity Operations, SIEM/SOAR and experience of IDPS specific solutions and tooling. This is an exciting opportunity to work within a dynamic, global team, and to support the banks ongoing transformation program to further build out an integrate the next-generation of Network Security tools and capabilities.

The role will be within the Global Cybersecurity Operations and Intelligence (GCO&I) function, primarily focussed on the integration of high-quality IDPS security policy alerts into the Global Security Centre (SOC) via the Security Information & Event Management (SIEM) platform

• Collaboration with the IDPS Network Security Engineering (policy development and tuning) team.

• Analysing, reviewing and validating the quality and efficacy of IDPS policy alerting prior to ingestion into the SIEM logging pipeline.

• Collaboration with the Global Cybersecurity Operations team SMEs to design and implement robust, accurate and high-fidelity SIEM event/alert triggers based on tuned IDPS policy alerts.

• Produce and maintain documentation of all process to support the establishment of an enduring capability and to aid the Threat Detection Analyst event triage.

• Perform gap analysis of the current baseline policy against the target policy and controls. 

• Provide consultation and subject matter expertise to the Cybersecurity teams as required. 

• Implement and maintain an effective KPI tracking process to demonstrate continued improvement and value in relation to the integration of IDPS alerting into the global SOC workflow.

• Remain up to date on current cyber-threats and vulnerabilities, especially network related issues that could have a direct influence on IDPS policies, rules and signatures. 

• 3+ years’ experience working with Splunk and/or the Splunk Enterprise Security SIEM platform.

• Experience working in an operational SOC and/or in developing cyber-threat detection rules / logic within a SIEM environment.

• Knowledge and experience working with SOAR platforms e.g. Phantom or Splunk SOAR advantageous.

• Demonstrable understanding of IDPS platforms and technologies (on-prem).  (Knowledge of cloud native IDPS offerings advantageous). 

• Knowledge and experience of working with WAF solutions (advantageous)

• Deep understanding of network protocols and traffic analysis: DNS/HTTP/SMB/FTP etc..

• Familiarity with regular expression and proficient in scripting skills like python (advantageous).

• Ability to build connections and work collaboratively across internal teams, external teams, and to proactively build successful and productive working relationships. Willingness to continuously learn and share learnings with others.

• Technical cybersecurity qualifications e.g. SANS GCIA an advantage.

• Competitive salary

• Annual performance-based bonus

• Additional bonuses for recognition awards

• Multisport card

• Private medical care

• Life insurance

• One-time reimbursement of home office set-up (up to 800 PLN).

• Corporate parties & events

• CSR initiatives

• Nursery discounts

• Financial support with trainings and education

• Social fund

• Flexible working hours 

• Free parking

If your CV meets our criteria, you should expect the following steps in the recruitment process:

• Online behavioural test (for external candidates only)

• Telephone screen (for external candidates only)

• Zoom interview with the hiring manager 

We are looking to hire as soon as possible so don’t wait and apply now!

You'll achieve more when you join HSBC.