Job description
Our technology teams work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world, to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world’s leading international bank.
Our multi-disciplined teams include DevOps engineers, IT architects, front and back-end developers, infrastructure specialists, cyber experts, as well as project and programme managers.
We work in small, agile DevOps teams with colleagues around the world from our global headquarters in London, China, India and Jersey City in the US.
Following extensive investment across our Technology and Digital domains and with plans for continued expansion throughout 2023 and beyond, we are currently seeking a Senior Splunk Engineer to join HSBC Technology.
Business area overview
Global Cybersecurity Operations (GCO) provides a coordinated suite of “Network Defense” services responsible for detecting and responding to information and cybersecurity threats to HSBC assets across the globe.
The organization includes dedicated functions for systems engineering, content management and automation, monitoring and threat detection, as well as cybersecurity incident management and response activities.
What you will be doing
The Senior Splunk Engineer will be a member of the Global Cybersecurity Engineering team, responsible for the Splunk SIEM and SOAR platforms, along with other technology supporting Global Cybersecurity Operations. The team partners with IT Infrastructure teams in end-to-end deployment of security technologies across the firm.
The role involves the architectural design and technical support for SIEM and SOAR platform infrastructure (Splunk, Phantom and AWS). This includes system integration and interoperability, application components, systems programming, ingestion and normalization of security log sources, patches and upgrades, capacity planning, performance management and use case development.
The role requires an experienced systems engineer with strong technical leadership and collaboration skills. The ideal candidate will have significant experience in SIEM technologies, Linux and/or Windows system administration and cloud infrastructure (e.g. Splunk ES, Splunk SOAR, RHEL/AL2, Windows Server, AWS platform services, etc.).
Responsibilities will include (But not limited to)
· Engineering leadership and support for existing and future SIEM and SOAR technology (Splunk ES, Phantom, etc.)
· Leading the continued technical enhancement of security platforms
· Supporting the identification, development and implementation of new detections (use cases)
· Leading the continued evolution of automation and orchestration across the platform
· Training and developing other members of the Logging and Operations team as well as other members of the engineering function.
· Supporting a culture of individual self-improvement, whereby staff are expected to maintain subject matter expertise within their area of focus and within the realm of cybersecurity more broadly, for example remaining up to date on the latest forensic techniques and tooling for strategically important platforms.
· Taking a leading role in the engagement of Global Businesses and Functions, driving global up-lift in cybersecurity awareness.
· Collaborating with various layers of management across Cybersecurity and other IT teams to develop solutions that protect the organisation.
· Designing and driving the implementation of new service offerings, capability uplifts and process improvements to protect the bank for a continuously changing threat landscape.
Requirements
To be successful in this role you should have proven experience within the Technology sector with knowledge of the following skills:
- Technical expertise of enterprise-level SIEM technology and logging frameworks.
- Extensive experience in deploying, configuring, upgrading and administering Splunk clusters at scale.
- An ability to perform installation, configuration management, capacity planning, license management, data integration, data transformation, field extraction, event parsing, data preview and application management of Splunk.
- Scripting/Programming experience with Python, Bash, Powershell.
· An ability to communicate complex and technical issues to diverse audiences.
· Self-motivated and possessing of a high sense of urgency and personal integrity.
- A team-focused mentality with the proven ability to work effectively with diverse stakeholders.
· Ability to orchestrate, manage and successfully implement major procedural and technological change within a complex, global organization.
· Formal education and advanced degree in Information Security, Cybersecurity, Computer Science or similar and/or commensurate demonstrated work experience in the same fields.
Bonus points for:
· Experience with Splunk deployment and management in AWS.
This role is based in Hyderabad, India.
Come Power a Business that Defines How to Power the World
As a business operating in markets all around the world, we believe diversity brings benefits for our customers, our business and our people. This is why HSBC UK is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of background, circumstances, age, disability, gender identity, ethnicity, religion or belief and sexual orientation.
We want everyone to be able to fulfil their potential which is why we provide a range of flexible working arrangements and family friendly policies.
As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK-based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.
Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.