Job description
Job Title: Principal Cloud Security Analyst
Big Bank Funding. FinTech Thinking.
Our technology teams in the UK work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world, to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world’s leading international bank.
Our multi-disciplined teams include: DevOps engineers, IT architects, front and back end developers, infrastructure specialists, cyber experts, as well as project and programme managers.
Role Description:
Sitting within the Monitoring and Threat Detection sub-function, the ‘Principal Cloud Security Analyst’ role is primarily charged with proactively leading the identification, development and implementation of intelligent led cyber-threat detection and incident response capabilities across the global cloud platforms and technologies utilised by the HSBC global businesses and functions.
Responsibilities:
- Supporting the Head of Cloud Security mission by leading the development, management and maintenance of intelligence and risk led threat detection capabilities across the entire global HSBC Cloud hosted technology and information estate.
- Defining and implementing processes to support the rapid detection and response of harmful behaviours and events in coordination with the Cybersecurity Incident Management and Response Team, effectively containing, mitigating and remediating more serious incidents
- Identifying, developing and implementing new cyber-threat detection rules (use cases) and mitigations (playbooks) across the Cloud focussed security platforms and prioritising the use automation and orchestration opportunities.
- Reviewing and approving new use cases and playbooks created by Cybersecurity colleagues.
- Continuously reviewing the effectiveness of analysis playbooks, processes, and tooling.
- Providing subject matter expert leadership, vision and technical direction to the team and driving the continued evolution of hunting, monitoring, detection, analysis and response capabilities and processes.
- Communicating new use cases (go-live, demise, tuning), to the cybersecurity operations teams, supporting the Cybersecurity Cloud Security Manager in ensuring all teams are prepared to take on the additional workload and have sufficient tools, training and the capability to do so effectively.
- Proactively researching emerging threats and vulnerabilities to aid in the identification of cyber incidents.
- Supporting the Watch Commander during shift handovers, ensuring all global team members are ready to manage ongoing incidents.
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
- Developed external peer network for sharing intelligence
- An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.
- Experience defining and refining operational procedures, workflows and processes to support the team in consistent, quality execution of monitoring and detection.
- Good understanding of HSBC cyber security principles, global financial services business models, regional compliance regulations and laws.
- Technical expertise in analysing threat event data, evaluating malicious activity, documenting unusual files and data and identifying tactics, techniques and procedures used by attackers.
- Expert level knowledge and demonstrated experience in analysis and dissection of advanced attacker tactics, techniques and procedures in order to inform adjustments to the control plane.
- Expert level of knowledge and demonstrated experience of common log management suites, Security Information and Event Management (SIEM) tools for the collection and real-time analysis of security information.
- Expert level knowledge of one of more leading Cloud platforms including Microsoft Azure, Amazon Web Services, Google Cloud Platform and Alibaba Cloud.
- Experience within an enterprise scale organisation; including hands-on experience of complex data centre environments, preferably in the finance or similarly regulated sector
The role will be based in Sheffield. This role supports Hybrid working
Come Power a Business that Defines How to Power the World
HSBC is committed to being an inclusive employer and providing an inclusive and accessible recruitment process for all. We will provide reasonable adjustments to remove any disadvantage to you being considered for this role. We are proud members of the Disability Confident Scheme, and will offer an interview to disabled candidates who meet the minimum criteria for the role. If you would like to receive any information in a different way or would like us to do anything differently to help you