9 days ago




Big BankFunding. FinTech Thinking.

Our technology teams in theUK work closely with HSBC’s global businesses to help design and build digitalservices that allow our millions of customers around the world, to bankquickly, simply and securely. We also run and manage our IT infrastructure,data centres and core banking systems that power the world’s leadinginternational bank.

Our multi-disciplined teamsinclude: DevOps engineers, IT architects, front and back end developers,infrastructure specialists, cyber experts, as well as project and programmemanagers.

We work in small, agileDevOps teams with colleagues around the world from our offices at the BluefinBuilding in Southwark, our global headquarters in Canary Wharf, and multipleother locations around the UK including Sheffield, Leeds, Barnsley andBirmingham.

Following extensiveinvestment across our Technology and Digital domains and with plans forcontinued expansion throughout 2020 and beyond, we are currently seeking anumber of Security Analysts to join HSBC Technology.

Business Area Overview
  • Global Cybersecurity Operations (GCO) provides a coordinated suite of“Network Defence” services responsible for detecting and responding toinformation and cybersecurity threats to HSBC assets across the globe and isunder the management of the Head of Global Cybersecurity Operations. Thisincludes dedicated functions for the monitoring and detection of threats withinthe global estate as well as Cybersecurity Incident Management and Responseactivities. These two principalfunctions are supported by additional internal GCO capabilities in; CyberIntelligence and Threat Analysis, Security Sciences and Client Engagement andSupport Services. Critical to the successof GCO is it close partnership with sister Cybersecurity teams, ITInfrastructure Delivery and Global Business and Function clients. The overallGCO mission is placed under the purview of the Group Chief Information SecurityOfficer (CISO).
  • The Cybersecurity Monitoring and Threat Detection Team are charged withefficiently and effectively monitoring the HSBC global technology andinformation estate 24x7. The team’smission is to detect the presence of any adversary within the estate, quicklyanalyse the severity and scope of the issue and work with the CybersecurityIncident Management and Response Team to contain, mitigate and remediate theincursion. In addition, the team isresponsible for constantly improving its detection capability through attackanalysis and ensuring that the appropriate security event information is beingfed into the team and that the alerting rules are tuned for maximumeffectiveness. This mission is criticalto the protection of HSBC customers, the HSBC brand, shareholder value, as wellas HSBC information and financial assets.
  • Analysts are responsible for monitoring multiple HSBC networkssimultaneously using the latest threat detection technologies to detect,analyse and respond to cyber security incidents. The Analyst will followdetailed processes and procedures to identify and analyse these incidents,escalating to and supporting more senior analysts based on the severity andpotential impact of the incident.
What you will be doing;
  • Monitoring the entire global HSBC technology and information estate fornew attacks and log them to appropriate systems.
  • Triaging potentially malicious events to determine severity andcriticality of the event.
  • Responding to alerts from the various monitoring/detection systems and platformswithin defined SLAs.
  • Following detailed processes and procedures to analyse, respond toand/or escalate cyber security incidents.
  • Supporting cyber security incidents through to eradication and feedbacklessons learned, in to improved cyber resilience.
  • Analysing network traffic using a variety of analysis tools.
  • Monitoring security appliance health and perform basic troubleshootingof security devices; notify security engineering as necessary formalfunctioning equipment.
  • Analysing malicious artefacts obtained from network monitoring with afocus on generation of threat intelligence and service improvement.
  • Identifying and developing new ideas to enhance our detectioncapability (Use cases) and mitigations (Playbooks) across the securityplatforms.
  • Reviewing and validating new Use Cases and Playbooks created byCybersecurity colleagues.
  • Researching emerging threats and vulnerabilities to aid in theidentification of cyber incidents.
  • Applying structured analytical methodologies to maximise threat intelligencegrowth and service efficacy.
  • Supporting handovers to other teams and countries at the start and endof the working shift.
  • Contributing to the continued evolution of hunting, monitoring,detection, analysis and response capabilities and processes.
  • Training, developing and mentoring colleagues in area(s) of specialism.
  • Collaborating with the wider Cybersecurity (and IT) teams to ensurethat the core, underlying technological capabilities that underpin an effectiveand efficient operational response to current and anticipated threats andtrends remain fit for purpose.
  • Identifying processes that can be automated and orchestrated to ensuremaximum efficiency of Global Cybersecurity Operations resources.
  • Promoting a “self-critical” and continuous assessment and improvementculture whereby identification of weaknesses in the bank’s control plane(people, process and technology) are brought to light and addressed in aneffective and timely manner.
  • Supporting engagement in support of HSBC Global Businesses andFunctions to drive a global up-lift in cyber-security awareness and help toevangelise HSBC Cybersecurity efforts and success.


Whatyou will bring to the role;

  • Knowledge of cyber security principles, global financial servicesbusiness models, regional compliance regulations and laws.
  • Good understanding and knowledge of common industry cyber securityframeworks, standards and methodologies, including; OWASP, ISO2700x series, PCIDSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NISTstandards.
  • Experience analysing logs for indicators of compromise, collected fromvarious network monitoring devices such as firewalls, IDS/IPS, web proxies,email filters, etc.
  • Excellent knowledge and demonstrated experience of common log managementsuites, Security Information and Event Management (SIEM) tools, use of “BigData” and Cloud-based solution for the collection and real-time analysis ofsecurity information.
  • Good knowledge and demonstrated experience of common cybersecuritytechnologies such as; IDS / IPS / HIPS, Advanced Anti-malware prevention andanalysis, Firewalls, Proxies, MSS, etc.
  • Good knowledge and demonstrated experience of common operating systemsand platforms to include Windows, Linux, UNIX, Oracle, Citrix, GSX Server, iOS,OSX, etc.
  • Good knowledge of common network protocols such as TCP, UDP, DNS, DHCP,IPSEC, HTTP, etc. and network protocol analysis suites.
  • Good knowledge and demonstrated experience in incident response tools,techniques and process for effective threat containment, mitigation andremediation.
  • Good knowledge of key information risk management and security relatedstandards including OWASP, ISO2700x series, PCI DSS, GLBA, EU data security andprivacy acts, FFIEC guidelines and NIST standards
  • Functional knowledge of scripting, programming and/or development ofbespoke tooling or solutions to solve unique problems.
  • Functional knowledge and technical experience of 3rd party cloudcomputing platforms such as AWS, Azure and Google.
  • Basic knowledge and demonstrated experience in common cybersecurityincident response and forensic investigation tools such as: EnCase, FTK,Sleuthkit, Kali Linux, IDA Pro, etc.

This role will be Sheffieldbased but some travel may be required.

Come Power aBusiness that Defines How to Power the World

As a business operating inmarkets all around the world, we believe diversity brings benefits for ourcustomers, our business and our people. This is why HSBC UK is committed tobeing an inclusive employer and encourages applications from all suitablyqualified applicants irrespective of background, circumstances, age,disability, gender identity, ethnicity, religion or belief and sexualorientation.

We want everyone to be able to fulfil theirpotential which is why we provide a range of flexible working arrangements andfamily friendly policies.

As an HSBC employee in the UK, you will haveaccess to tailored professional development opportunities and a competitive payand benefits package. This includes private healthcare for all UK-basedemployees, enhanced maternity and adoption pay and support when you return towork, and a contributory pension scheme with a generous employer contribution.

Personal data held by the Bank relating toemployment applications will be used in accordance with our Privacy Statement,which is available on our website.