Cybersecurity Analysis
Hang Seng
Azcapotzalco, Ciudad de México, Mexico, North America
hace 3 días

Descripción de puesto - Cybersecurity Analysis (0000FH6H)

Descripción de puesto


The health and safety of our employees and candidates is very important to us. Due to the current situation related to the Novel Coronavirus (2019-nCoV), we’re leveraging our digital capabilities to ensure we can continue to recruit top talent at the HSBC Group.

As your application progresses, you may be asked to use one of our digital tools to help you through your recruitment journey.

If so, one of our Resourcing colleagues will explain how our video-interviewing technology will be used throughout the recruitment process and will be on hand to answer any questions you might have.

Some careers have more impact than others.

If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be.

HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories.

We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.

We are currently seeking an experienced professional to join our team in the role of Analyst (GCO.

Principal responsibilities

Global Cybersecurity Operations (GCO) provides a coordinated suite of Network Defence services responsible for

detecting and responding to information and cybersecurity threats to HSBC assets across the globe and is under the

management of the Head of Global Cybersecurity Operations. This includes dedicated functions for the monitoring and

detection of threats within the global estate as well as Cybersecurity Incident Management and Response activities.

These two principal functions are supported by additional internal GCO capabilities in; Cyber Intelligence and Threat

Analysis, Security Sciences and Client Engagement and Support Services. Critical to the success of GCO is it close

partnership with sister Cybersecurity teams, IT Infrastructure Delivery and Global Business and Function clients. The

overall GCO mission is placed under the purview of the Group Chief Information Security Officer (CISO).

The Cybersecurity Monitoring and Threat Detection Team are charged with efficiently and effectively monitoring the HSBC

global technology and information estate 24x7. The team’s mission is to detect the presence of any adversary within the

estate, quickly analyse the severity and scope of the issue and work with the Cybersecurity Incident Management and

Response Team to contain, mitigate and remediate the incursion. In addition, the team is responsible for constantly

improving its detection capability through attack analysis and ensuring that the appropriate security event information is

being fed into the team and that the alerting rules are tuned for maximum effectiveness. This mission is critical to the

protection of HSBC customers, the HSBC brand, shareholder value, as well as HSBC information and financial assets.

Analysts are responsible for monitoring multiple HSBC networks simultaneously using the latest threat detection

technologies to detect, analyse and respond to cyber security incidents. The Analyst will follow detailed processes and

procedures to identify and analyse these incidents, escalating to and supporting more senior analysts based on the

severity and potential impact of the incident.

The primary responsibilities of the Analyst are :

Monitoring the entire global HSBC technology and information estate for new attacks and log them to appropriate


Triaging potentially malicious events to determine severity and criticality of the event.

Responding to alerts from the various monitoring / detection systems and platforms within defined SLAs.

Following detailed processes and procedures to analyse, respond to and / or escalate cyber security incidents.

Supporting cyber security incidents through to eradication and feedback lessons learned, in to improved cyber


Analysing network traffic using a variety of analysis tools.

Monitoring security appliance health and perform basic troubleshooting of security devices; notify security engineering

as necessary for malfunctioning equipment.

Analysing malicious artefacts obtained from network monitoring with a focus on generation of threat intelligence and

service improvement.

Identifying and developing new ideas to enhance our detection capability (Use cases) and mitigations (Playbooks)

across the security platforms.

Reviewing and validating new Use Cases and Playbooks created by Cybersecurity colleagues.

Researching emerging threats and vulnerabilities to aid in the identification of cyber incidents.

Applying structured analytical methodologies to maximise threat intelligence growth and service efficacy.

Supporting handovers to other teams and countries at the start and end of the working shift.

Contributing to the continued evolution of hunting, monitoring, detection, analysis and response capabilities and


Training, developing and mentoring colleagues in area(s) of specialism.

Collaborating with the wider Cybersecurity (and IT) teams to ensure that the core, underlying technological

capabilities that underpin an effective and efficient operational response to current and anticipated threats and trends

remain fit for purpose.

Identifying processes that can be automated and orchestrated to ensure maximum efficiency of Global Cybersecurity

Operations resources.

Promoting a self-critical and continuous assessment and improvement culture whereby identification of weaknesses

in the bank’s control plane (people, process and technology) are brought to light and addressed in an effective and

timely manner.

Supporting engagement in support of HSBC Global Businesses and Functions to drive a global up-lift in cybersecurity awareness and help to evangelise HSBC Cybersecurity efforts and success.


Good investigative skills and insatiable curiosity.

Instinctive and creative, with an ability to think like the enemy.

Strong problem-solving and trouble-shooting skills.

Strong communication and interpersonal skills, with proven ability to communicate technical topics to diverse


Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions

and identify the most appropriate one.

Ability to learn quickly through hands on experience.

Experience defining and refining operational procedures, workflows and processes to support the team in consistent,

quality execution of monitoring and detection

An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the


An understanding of organisational mission, values and goals and consistent application of this knowledge.

Self-motivated and possessing of a high sense of urgency and personal integrity.

Highest ethical standards and values.

Knowledge of cyber security principles, global financial services business models, regional compliance regulations

and laws.

Good understanding and knowledge of common industry cyber security frameworks, standards and methodologies,

including; OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and

NIST standards.

Ability to speak, read and write in English, in addition to your local language.

Technical Skills

Experience analysing logs for indicators of compromise, collected from various network monitoring devices such as

firewalls, IDS / IPS, web proxies, email filters, etc.

Excellent knowledge and demonstrated experience of common log management suites, Security Information and

Event Management (SIEM) tools, use of Big Data and Cloud-based solution for the collection and real-time analysis

of security information.

Good knowledge and demonstrated experience of common cybersecurity technologies such as; IDS / IPS / HIPS,

Advanced Anti-malware prevention and analysis, Firewalls, Proxies, MSS, etc.

Good knowledge and demonstrated experience of common operating systems and platforms to include Windows,

Linux, UNIX, Oracle, Citrix, GSX Server, iOS, OSX, etc.

Good knowledge of common network protocols such as TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc. and network

protocol analysis suites.

Good knowledge and demonstrated experience in incident response tools, techniques and process for effective threat

containment, mitigation and remediation.

Good knowledge of key information risk management and security related standards including OWASP, ISO2700x

series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines and NIST standards

Functional knowledge of scripting, programming and / or development of bespoke tooling or solutions to solve unique


Functional knowledge and technical experience of 3rd party cloud computing platforms such as AWS, Azure and


Basic knowledge and demonstrated experience in common cybersecurity incident response and forensic investigation

tools such as : EnCase, FTK, Sleuthkit, Kali Linux, IDA Pro, etc.

Industry Experience and Qualifications

Candidates will be evaluated primarily upon their ability to demonstrate the competencies required to be successful in the

role, as described above. For reference, the typical work experience and educational background of candidates in this role

are as follows :

3+ years of experience in similar cyber security analyst role

Experience within an enterprise scale organisation; including hands-on experience of complex data centre

environments, preferably in the finance or similarly regulated sector

Industry recognised cyber security related certifications including; CEH, EnCE, SANS GSEC, GCIH, GCIA and / or


Formal education and advanced degree in Information Security, Cyber-security, Computer Science or similar and / or

commensurate demonstrated work experience in the same.

Due to the urgent hiring need, candidates with immediate right to work locally and no relocation need will be prioritised.

The chosen candidate for this role will be required to undergo enhanced vetting. Subject to local laws, this will require the individual to satisfactorily pass a series of additional checks as part of the recruitment process and on an ongoing basis, if appointed to the role.

HSBC Group reserves its position with regard to any steps which it may take in relation to any material adverse findings which arise either when the checks are originally completed, and / or if relevant, on an ongoing basis.

For more information about the enhanced vetting for this role please contact the recruiter for this role.

You’ll achieve more when you join HSBC.

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count.

We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment.

We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc.

We consider all applications based on merit and suitability to the role.

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Issued By HSBC Electronic Data Processing (India) Private LTD

Ubicación principal

North America-Mexico-Ciudad de México-Azcapotzalco


Trabajo de díaTipo de vacante : Vacante del país

Anuncio de trabajo

07 / 04 / 2021, 20 : 33 : 40

Fecha de anulación de publicación

17 / 04 / 2021, 05 : 59 : 00

Reportar esta oferta

Thank you for reporting this job!

Your feedback will help us improve the quality of our services.

Mi Correo Electrónico
Al hacer clic en la opción "Continuar", doy mi consentimiento para que neuvoo procese mis datos de conformidad con lo establecido en su Política de privacidad . Puedo darme de baja o retirar mi autorización en cualquier momento.
Formulario de postulación