HSBC Group

• Supporting the technical development, implementation and maintenance of a technology and log ingestion framework that aligns to control requirements and supports a cyber-threat intelligence led approach to the detection, response and containment of cyber-threats.

• Supporting and maintaining the technical aspects of a flexible stakeholder engagement model that caters for both proactive and reactive collaboration and can rapidly adjust and reprioritise workloads in response to the changing threat-landscape.

• Contributing to the building and maintaining strong processes and collaborative working practices with supporting teams in Sustainable Cybersecurity Operations and the wider Global Cybersecurity Operations & Intelligence teams.

• Building relationships and engagements with the many technology and platform owner stakeholders.

• Successfully maintaining these relationships and delivering prioritised outcomes in an environment where relationships can be complex and priorities are often divergent.

• Maintaining governance across all Cyber Ops Integration activities and ensuring the creation, collection and processing of key data points to feed into relevant service reporting e.g. service delivery metrics, KPIs, KCIs, and performance dashboards.

• Supporting the development and maintenance of a functional strategy that supports continuous improvement and is aligned to the wider Sustainable Cybersecurity Operations and Global Cybersecurity Operations & Intelligence strategy and goals.

• Knowledge and demonstrated experience of common cybersecurity technologies such as; IDS / IPS / HIPS, AV, EDR, Firewalls, Proxies etc.

• Knowledge of common network protocols such as TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc. and network protocol analysis suits.

• Excellent knowledge of common enterprise technology infrastructure, platforms and tooling, including; Windows, Linux, infrastructure management and networking hardware.

• Some technical experience of 3rd party cloud computing platforms such as AWS, Azure and Google their associated security tooling/platforms.

• Knowledge and demonstrated experience in incident response tools, techniques and process for effective threat containment, mitigation and remediation.   

• Knowledge and demonstrated experience of common log management suites, Security Information and Event Management (SIEM) tools such as Splunk Enterprise Security or Microsoft Sentinel.  Knowledge of cloud based “data lake” solutions used for the collection and real-time advanced analysis of security information.

• Ability to identify, develop and track key performance indicator (KPI) and key control indicator (KCI) metrics for accurate and contextual evaluation of operational effectiveness as well as providing recommendations for control improvement and mitigating control adjustments.

• Good knowledge of intelligence analysis principles either though formal education / training or equivalent professional experience.  

• Competitive salary

• Annual performance-based bonus

• Additional bonuses for recognition awards

• Multisport card

• Private medical care

• Life insurance

• One-time reimbursement of home office set-up (up to 800 PLN).

• Corporate parties & events

• CSR initiatives

• Financial support with trainings and education

• Nursery discounts

• Social fund

• Flexible working hours 

• Free parking

• Online behavioural test (for external candidates)

• Telephone screen (for external candidates)

• Job interview with the hiring manager