Talent.com
SOC Threat Lead
SOC Threat LeadHSBC • Ciudad de México, Mexico
SOC Threat Lead

SOC Threat Lead

HSBC • Ciudad de México, Mexico
Hace 18 días
Descripción del trabajo

If you’re looking for a career where you can make a real impression, join Global Service Center (GSC) HSBC and discover how valued you’ll be. HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.

SOC Threat Lead

Role Purpose

  • Operating within the Cybersecurity Global Defence function and under the management of the Global Head of Cybersecurity Operations, the Global Cybersecurity Operations (GCO) team provides a coordinated suite of “Network Defence” related services and are responsible for the detection and response to information and cybersecurity threats across the global HSBC assets and estate.
  • The GCO team is split into four distinct sub-functions :
  • Monitoring & Threat Detection (MTD) – Monitoring, detection, alerting and triage of initial cyber‑threat events.
  • Incident Management & Response (IMR) – Management and deep‑dive investigation and response to cyber‑incidents.
  • Information Protection & Response (IPR) – Management and response to information and data security incidents.
  • Strategic Innovation & Operations (SIO) – Continuous improvement of cyber‑threat detection capabilities and process automation.
  • Critical to the success of GCO are its close partnerships with other Cybersecurity Global Defence teams including Cybersecurity Engineering, Service Reliability Engineering, Cyber Intelligence & Threat Analysis teams and the wider HSBC businesses and functions.
  • The overall GCO mission is placed under the purview of the Cybersecurity Chief Technology Officer / Head of Cybersecurity Global Defence.

Main Activities

  • Lead Analyst (GCO)
  • Global Cybersecurity Operations (GCO) provides a coordinated suite of “Network Defence” services responsible for detecting and responding to information and cybersecurity threats to HSBC assets across the globe and is under the management of the Head of Global Cybersecurity Operations. This includes dedicated functions for the monitoring and detection of threats within the global estate as well as Cybersecurity Incident Management and Response activities. These two principal functions are supported by additional internal Global Defence (GD) capabilities in : Cyber Intelligence and Threat Analysis, Technical Director Office, Cybersecurity Engineering and Service Reliability Engineering. Critical to the success of GCO is its close partnership with sister Cybersecurity teams, IT Infrastructure Delivery and Global Business and Function clients. The overall GCO and GD mission is placed under the purview of the Cybersecurity Chief Technology Officer (CTO) and the Group Chief Information Security Officer (CISO).
  • The Cybersecurity Monitoring and Threat Detection Team are charged with efficiently and effectively monitoring the HSBC global technology and information estate 24x7. The team’s mission is to detect the presence of any adversary within the estate, quickly analyse the severity and scope of the issue and work with the Cybersecurity Incident Management and Response Team to contain, mitigate and remediate the incursion. In addition, the team is responsible for constantly improving its detection capability through attack analysis and ensuring that the appropriate security event information is being fed into the team and that the alerting rules are tuned for maximum effectiveness. This mission is critical to the protection of HSBC customers, the HSBC brand, shareholder value, as well as HSBC information and financial assets.
  • Lead Analysts are responsible for leading the analysis of and supporting the response to cyber security events within HSBC, using the latest threat monitoring and detection technologies to detect, analyse and respond.

    • The Lead Analyst Must

  • Work as a senior member of the Monitoring and Threat Detection team within an “Analysis POD” tasked with triage of threat detection events from across the entire global HSBC technology estate.

    • Skills

  • Excellent investigative skills, insatiable curiosity, and an innate drive to win.
  • Instinctive and creative, with an ability to think like the enemy.
  • Strong problem‑solving and trouble‑shooting skills.
  • Strong decision‑making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
  • An understanding of business needs and commitment to delivering high‑quality, prompt and efficient service to the business.
  • An understanding of organisational mission, values and goals and consistent application of this knowledge.
  • Self‑motivated and possessing a high sense of urgency and personal integrity.
  • Highest ethical standards and values.
  • Experience defining and refining operational procedures, workflows, and processes to support the team in consistent, quality execution of monitoring and detection.
  • Good understanding of HSBC cyber security principles, global financial services business models, regional compliance regulations and laws.
  • Good understanding and knowledge of common industry cyber security frameworks, standards, and methodologies, including MITRE ATT&CK, OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards.
  • Good communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external stakeholders.
  • Ability to speak, read and write in English, in addition to your local language.

    • Technical Skills

  • Technical expertise in analysing threat event data, evaluating malicious activity, documenting unusual files and data, and identifying tactics, techniques and procedures used by attackers.
  • Expert level knowledge and demonstrated experience in analysis and dissection of advanced attacker tactics, techniques, and procedures to inform adjustments to the control plane.
  • Expert level of knowledge and demonstrated experience of common Security Information and Event Management (SIEM) platforms for the collection and real‑time analysis of security information.
  • Expert level knowledge of Enterprise Detect and Response (EDR) tooling for the identification, prevention, and detection of cyber‑threats and for use in triage, investigation, and threat hunting.
  • Detailed knowledge and demonstrated experience of common cybersecurity technologies such as; IDS / IPS / HIPS, Advanced Anti‑malware prevention and analysis, Firewalls, Proxies, MSS, etc.
  • Excellent knowledge and demonstrated experience of common operating systems and end user platforms to include Windows, Linux, Citrix, ESX, OSX, etc.
  • Excellent knowledge of common network protocols such as TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc. and network protocol analysis suits.
  • Good knowledge and demonstrated experience in incident response tools, techniques and process for effective threat containment, mitigation and remediation.
  • Functional knowledge of scripting, programming and / or development of bespoke tooling or solutions to solve unique problems.
  • Functional knowledge of Security Orchestration Automation and Response (SOAR) platforms including development and implementation of automation routines.
  • Functional knowledge and technical experience of cloud computing platforms such as AWS, Azure, and Google.
  • Basic knowledge and demonstrated experience in common cybersecurity incident response and forensic investigation tools such as : EnCase, FTK, Sleuthkit, Kali Linux, IDA Pro, etc.
  • Industry Experience and Qualifications
  • Candidates will be evaluated primarily upon their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in this role are as follows :
  • 5+ years of experience in cyber security senior analyst role or similar.
  • Experience within an enterprise‑scale organisation; including hands‑on experience of complex data centre environments, preferably in the finance or similarly regulated sector.
  • Industry recognised cyber security related certifications including CEH, OSCP, EnCE, SANS GSEC, GCIH, GCIA, and / or CISSP.
  • Formal education and advanced degree in Information Security, Cyber‑security, Computer Science or similar and / or commensurate demonstrated work experience in the same.

    • Competencies

  • Analytic Thinking
  • Effective Communication
  • Conflict Resolution
  • Strategic Vision
  • Conflict resolution

    • Due to the urgent hiring need, candidates with immediate right to work locally and no relocation need will be prioritised.

    At HSBC we offer our colleagues a greater number of leave days so that they can fully enjoy their wedding, take care of the new member of the family, or grieve the loss of a family member. Our paid leave package is at the forefront in Mexico, now you have one more reason to be HSBC and proudly live a culture of well‑being, balance, and care.

    HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.

    Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

  • Issued By HSBC Electronic Data Process Mexico Private LTD

    • #J-18808-Ljbffr

    Crear una alerta de empleo para esta búsqueda

    Lead • Ciudad de México, Mexico

    Ofertas relacionadas
    Cyber Risk & Compliance Associate

    Cyber Risk & Compliance Associate

    Deloitte • Mexico City, Mexico, Mexico
    Cyber Risk & Compliance Associate.Deloitte Americas Delivery Mexico.Global Delivery Network which has presence across the world with Delivery centers in the United States, Romania, India, Spain, Ch...Mostrar más
    Última actualización: hace más de 30 días • Oferta promocionada
    Strategic Security Manager, Mandiant Consulting, Google Cloud

    Strategic Security Manager, Mandiant Consulting, Google Cloud

    Google • Ciudad de México, Mexico
    Teletrabajo
    Strategic Security Manager, Mandiant Consulting, Google Cloud.Be among the first 25 applicants.Please submit your resume in English - we can only consider applications submitted in this language.On...Mostrar más
    Última actualización: hace 7 días • Oferta promocionada
    Especialista Jr Seguridad Cyber Ark

    Especialista Jr Seguridad Cyber Ark

    Grupo Salinas • Ciudad De Mexico, Mexico, Mexico
    Liderar y gestionar un laboratorio de investigación y desarrollo de tecnologías de ciberseguridad, asegurando la protección de los sistemas, infraestructuras y datos de la organización frente a ame...Mostrar más
    Última actualización: hace 3 horas • Oferta promocionada • Nueva oferta
    Sales Director - Security and Access Solutions

    Sales Director - Security and Access Solutions

    Honeywell • Ciudad de México, Ciudad de México, Mexico
    Sales Director - Security and Access Solutions.Sales Director - Security and Access Solutions.Sales Director - Security and Access Solutions. Sales Director - Security and Access Solutions.Get AI-po...Mostrar más
    Última actualización: hace más de 30 días • Oferta promocionada
    CISO - Mexico

    CISO - Mexico

    DolarApp • Ciudad de México, Mexico
    Chief Information Security Officer (CISO).Information Security function in Mexico.This role is accountable for defining, implementing, and continuously improving the organization’s information secu...Mostrar más
    Última actualización: hace 27 días • Oferta promocionada
    SOC Analyst

    SOC Analyst

    Temenos Headquarters SA • Ciudad de México, Ciudad de México, Mexico
    Temenos powers a world of banking that creates opportunities for billions of people and businesses everywhere.We have been doing this for over 30 years through the pioneering spirit of our Temenosi...Mostrar más
    Última actualización: hace más de 30 días • Oferta promocionada
    Senior PMO Project Leader — Identity Security Delivery

    Senior PMO Project Leader — Identity Security Delivery

    SailPoint Technologies Holdings, Inc. • Ciudad de México, Mexico
    A leading technology firm in Mexico City is seeking a Project Delivery Leader to oversee the successful delivery of their identity security solutions. This role involves executing project management...Mostrar más
    Última actualización: hace 20 horas • Oferta promocionada • Nueva oferta
    Head of Risk and Compliance Technology MX and LAM

    Head of Risk and Compliance Technology MX and LAM

    HSBC • Ciudad de México, Mexico
    If you’re looking for a career where you can make a real impression, join Global Service Center (GSC) HSBC and discover how valued you’ll be. HSBC is one of the largest banking and financial service...Mostrar más
    Última actualización: hace 20 días • Oferta promocionada
    SOC Analyst

    SOC Analyst

    Temenos • Ciudad de México, Mexico
    Teletrabajo
    Temenos powers a world of banking that creates opportunities for billions of people and businesses everywhere.We have been doing this for over 30 years through the pioneering spirit of our Temenosi...Mostrar más
    Última actualización: hace 8 días • Oferta promocionada
    Security Review Manager

    Security Review Manager

    Deloitte • Mexico City, Mexico, Mexico
    Security Review Manager – Americas Delivery Mexico (ADMX).Are you an experienced, passionate pioneer in Security? A.Americas Delivery Mexico (ADMX) leverages scale and talent to provide high qualit...Mostrar más
    Última actualización: hace 23 días • Oferta promocionada
    Senior SOC Incident Responder — Global Cyber Defense

    Senior SOC Incident Responder — Global Cyber Defense

    Temenos Headquarters SA • Ciudad de México, Ciudad de México, Mexico
    A global banking technology firm is seeking a Security Incident Responder to join their SOC team in Mexico City.This role involves coordinating cyber incidents, providing security analyses, and req...Mostrar más
    Última actualización: hace 5 días • Oferta promocionada
    Sr Security Specialist

    Sr Security Specialist

    Logicalis Group (DE) • Ciudad de México, Mexico
    Conocimientos de CDN y cómo pueden afectar el rendimiento de las aplicaciones Web públicas.Poder entender y considerar en la seguridad aplicativa el manejo y la importancia de los certificados digi...Mostrar más
    Última actualización: hace más de 30 días • Oferta promocionada
    Senior Offensive Security Consultant - Remote (Mexico City)

    Senior Offensive Security Consultant - Remote (Mexico City)

    EmergencyMD • Ciudad de México, Ciudad de México, Mexico
    Teletrabajo
    About us : At Echelon Risk + Cyber, we believe in defending basic human rights to security and privacy.We seek a highly skilled and experienced. Senior Offensive Security Consultant.In this role, you...Mostrar más
    Última actualización: hace más de 30 días • Oferta promocionada
    Senior Incident Response Lead - 24 / 7 Ops & RCA

    Senior Incident Response Lead - 24 / 7 Ops & RCA

    BlackLine • Ciudad de México, Mexico
    A leading SaaS company in Ciudad de México is seeking a Senior Incident Management Analyst to ensure product reliability and improve incident response. Candidates should have over 5 years of experie...Mostrar más
    Última actualización: hace 8 días • Oferta promocionada
    Senior Offensive Security Lead — Red / Purple Team (Remote)

    Senior Offensive Security Lead — Red / Purple Team (Remote)

    EmergencyMD • Ciudad de México, Ciudad de México, Mexico
    Teletrabajo
    A cybersecurity firm is seeking a Senior Offensive Security Consultant in Mexico City.This role involves leading complex security assessments, mentoring team members, and translating technical find...Mostrar más
    Última actualización: hace 5 días • Oferta promocionada
    Senior CISO - Global Fintech Security Leader

    Senior CISO - Global Fintech Security Leader

    Edenred Finland Oy. • Ciudad de México, Mexico
    Una plataforma líder de servicios y pagos busca un CISO SR en Ciudad de México.La persona será responsable de asegurar el cumplimiento normativo en el ámbito de Seguridad Informática y manejar inci...Mostrar más
    Última actualización: hace 20 horas • Oferta promocionada • Nueva oferta
    Sr Security Specialist

    Sr Security Specialist

    Logicalis • Ciudad de México, Mexico
    Experiencia en posiciones relacionadas con Ciberseguridad (consultoría, operación, implementación, soporte).Experiencia en posiciones de preventa de soluciones de Ciberseguridad, cualquier rubro.Ex...Mostrar más
    Última actualización: hace más de 30 días • Oferta promocionada
    IT Lead Security Specialist

    IT Lead Security Specialist

    Marsh & McLennan Companies • Ciudad de México, Mexico
    Teletrabajo
    We are seeking an IT Lead Security Specialist to join our team at Oliver Wyman.This role will be based in Mexico City.This is a hybrid role that has a requirement of working at least three days a w...Mostrar más
    Última actualización: hace más de 30 días • Oferta promocionada