1. Home
  2. IT development
  3. Threat Hunter, Cybersecurity

Offers “HSBC”

Expires soon
HSBC

Threat Hunter, Cybersecurity

  • Sheffield (South Yorkshire)
  • IT development
Apply Now

Job description

Cybersecurity Threat Hunter

Some careers grow faster than others.

If you're looking for a career that will give you plenty of opportunities to develop, join HSBC and your future will be rich with potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

The Cybersecurity team at HSBC are engaged to transform the way information security is accomplished at the bank and we are set to enable the business to do more, as securely as we want, or need to be. In short, in line with the Bank's strategy, we are to be Simpler, Better, Faster and of course – More Secure.

To achieve this we have many exciting challenges ahead and are looking for people with a real passion for what they would like to do. Working with some of the best technology talent we are searching for technologists and enablers that will help support us on this journey.

As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK-based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.

We are currently seeking an experienced individual to join this team in the role of Threat Hunter.
The Threat Hunter will proactively search through the HSBC global estate for evidence of malicious activities in our systems and on our networks, and find ways to illuminate behaviours that have managed to evade current defences. Rather than relying primarily on static indicators and reacting to automatic rules and alerts, the Threat Hunter uses a deep knowledge of internal defences and the latest threat intelligence about advanced adversaries to develop hypotheses and anticipate how those attackers will seek to bypass existing controls.
In this role, you will be responsible for:

· Hunting for malicious or anomalous activity across the enterprise, using existing tools. Acting in co-ordination with GCO staff to lead the development and implementation of an advanced analysis and search capability focused on identifying potentially sophisticated APT and insider threat activities within the organisation.
· Researching new and existing threat actors and associated tactics, techniques and procedures (TTPs); developing a detailed understanding of their potential impact to the organisation, providing recommended solutions for improving our defensive and detective capability.
· Collaboration with the wider Cybersecurity functions, e.g. Red Team, to develop hypotheses for new attack techniques and evasion methods.
· Coordinating threat hunting activities, leveraging intelligence from multiple internal and external sources.
· Reviewing incident and penetration testing reports and corresponding logs, to identify gaps in our detection capability and provide recommendations to improve them.
· Providing expert analytic investigative support on large scale and complex security incidents.
· Contributing to the continued evolution of hunting, monitoring, detection, analysis and response capabilities and processes
· Training, developing, mentoring and inspiring colleagues across the function in area(s) of specialism, strengthening Cybersecurity Operations capabilities.
· Represent HSBC Global Cybersecurity Operations at internal awareness and external cybersecurity forums
· Collaborate with the wider Cybersecurity (and IT) teams to ensure that the core, underlying technological capabilities that underpin an effective and efficient operational response to current and anticipated threats and trends remain fit for purpose.
· Identify processes that can be automated and orchestrated to ensure maximum efficiency of Global Cybersecurity Operations resources.
· Promote a “self-critical” and continuous assessment and improvement culture whereby identification of weaknesses in the bank's control plane (people, process and technology) are brought to light and addressed in an effective and timely manner.
· Support engagement in support of HSBC Global Businesses and Functions to drive a global up-lift in cyber-security awareness and help to evangelise HSBC Cybersecurity efforts and success.

Desired profile

Qualifications :

To be successful in this role you should meet the following requirements:
·  Excellent investigative skills, insatiable curiosity, and an innate drive to win
·  Instinctive and creative, with an ability to think like the enemy
·  Strong problem-solving and trouble-shooting skills
·  Deep knowledge of hacker culture
·  Developed external peer network for sharing intelligence
·  Self-motivated and possessing of a high sense of urgency and personal integrity
·  Excellent understanding and knowledge of common industry cyber security frameworks, standards and methodologies, including; OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards.
·  Proven experience in identifying and responding to advanced attacker methodologies both within the corporate environment as well as external attack infrastructures, ideally with offensive experience and / or deception environment development (tripwire systems, honeypots, honey-token/accounts, etc.) using open source, vendor purchased and bespoke/in-house developed solutions.
·  Excellent communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external stakeholders.
·  Highest level of technical expertise in information security, including deep familiarity with relevant penetration and intrusion techniques and attack vectors
·  Expert level knowledge and demonstrated experience of common intelligence sharing platforms / protocols and experiencing operating within a collective defence environment with internal stakeholders and external partners.
·  Extensive knowledge of common enterprise technology infrastructure, platforms and tooling, including; Windows, Linux, infrastructure management and networking hardware.
·  Experience in analysis and dissection of advanced attacker tactics, techniques and procedures in order to inform adjustments to the control plane.
·  Expert level knowledge of scripting, programming and/or development of bespoke tooling or solutions to solve unique problems.
·  Technical experience of 3rd party cloud computing platforms such as AWS, Azure and Google.

The base location for this role is Sheffield, Griffin House.

You'll achieve more when you join HSBC.
At HSBC we look to enable our employees to better balance their work / life priorities and have the flexibility required to meet challenging needs as they progress through different life stages. Where possible we will consider the following flexible working options: part-time working, job sharing, term-time working, and working from home and staggered hours. If in considering a role with HSBC you have a need for some flexibility in your working arrangements please discuss this with the recruitment team in the early stages of the application process.

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment.
Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Make every future a success.
  • Job directory
  • Business directory
    •