Cybersecurity Lead Analyst

Global Cybersecurity Operations (GCO) provides coordinated "Network Defense" services responsible for detecting and responding to information and cybersecurity threats globally, managed by the Head of Global Cybersecurity Operations. The role is within HSBC Technology Poland, located in Kraków, Poland.

• Understanding of organisational mission, values, and goals with consistent application and highest ethical standards.
• Experience defining and refining operational procedures, workflows, and processes for monitoring and detection.
• Good understanding of cyber security frameworks, standards, and methodologies including OWASP, ISO2700x, CIST, NIST.
• Knowledge of network protocols such as TCP, UDP, DNS, DHCP, IPSEC, HTTP.
• Technical expertise in analysing threat event data, evaluating malicious activity, and identifying attacker tactics.
• Experience with log management suites and Security Information and Event Management (SIEM) tools.
• Use of Big Data and Cloud-based solutions for real-time security information analysis.
• Knowledge of cybersecurity technologies including IDS/IPS/HIPS, anti-malware, firewalls, proxies, MSS.
• Experience with operating systems and platforms such as Windows, Linux, UNIX, Oracle, Citrix, GSX Server, iOS, OSX.
• Functional knowledge and technical experience with cloud platforms AWS, Azure, and Google.
• Basic knowledge of cybersecurity incident response and forensic investigation tools such as EnCase, FTK, Sleuthkit, Kali Linux, IDA Pro.

• Reviewing and approving new Use Cases and Playbooks created by Cybersecurity colleagues.
• Continuously reviewing the effectiveness of analysis playbooks, processes, and tooling.
• Applying structured analytical methodologies to maximise threat intelligence growth and service efficacy.
• Supporting the triage of potentially malicious events to determine severity and criticality.
• Providing expert-level advice and technical leadership to the team.
• Driving the evolution of hunting, monitoring, detection, analysis, and response capabilities and processes.
• Training, developing, mentoring, and inspiring cybersecurity colleagues in areas of specialism.
• Collaborating with wider Cybersecurity and IT teams to ensure technological capabilities remain fit for purpose.
• Identifying processes that can be automated and orchestrated to ensure maximum efficiency of Global Cybersecurity Operations resources.