Watch Commander
Sheffield (South Yorkshire) IT development
Job description
Cybersecurity Watch Commander
Some careers grow faster than others.
If you're looking for a career that will give you plenty of opportunities to develop, join HSBC and your future will be rich with potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.
The Cybersecurity team at HSBC are engaged to transform the way information security is accomplished at the bank and we are set to enable the business to do more, as securely as we want, or need to be. In short, in line with the Bank's strategy, we are to be Simpler, Better, Faster and of course – More Secure.
To achieve this we have many exciting challenges ahead and are looking for people with a real passion for what they would like to do. Working with some of the best technology talent we are searching for technologists and enablers that will help support us on this journey.
As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK-based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.
We are currently seeking an experienced individual to join this team in the role of Watch Commander.
The Watch Commander is charged with leading one of a number of Cybersecurity Operations Teams made up of analysts from across the multiple Cybersecurity Operations service lines, providing 24x7 global protection for the bank and its customers.
In this role, you will be responsible for:
· Managing and maintaining a highly skilled, efficient and effective local team across a number of Cybersecurity Operations service lines. Including supporting the definition, management and continuous improvement of the core functions and processes that underpin a successful, effective and globally scaled monitoring, alerting and security incident response capability.
· Ensuring a comprehensive and smooth hand-over between the global teams as shifts end and begin.
· Maintaining an up to date awareness and intelligence-led understanding of the current and predicted threat landscape so that impact to HSBC businesses or services can be anticipated and where possible, pre-emptive monitoring, alerting and response capabilities can be deployed.
· Collaboration with the wider GCO (and IT) teams to ensure that the core, underlying technological capabilities that underpin an effective and efficient operational response to current and anticipated threats and trends remain fit for purpose.
· Identification of processes that can be automated and orchestrated to ensure maximum efficiency of global Cybersecurity Operations resources.
· Ensuring analysis time is efficiently focused on the more challenging and potentially higher risk problems and tasks, not on high-volume/low risk, repetitive tasks or processes, thus helping to effectively reduce false positive and false negative events.
· Managing the collaboration with the wider GCO teams (and wider business/function teams where applicable) in the production and maintenance of efficient and effective incident response playbooks.
· Supporting the Identification, development and implementation of new detections (Use cases).
· Maintaining a global view of the GCO mission and work with local stakeholders in region and country to bring together both the global perspective as well as the more local message to in a clear and effective way that demonstrated the team's commitment and value.
· Promoting a “self-critical” and continuous assessment and improvement culture whereby identification of weaknesses in the bank's control plane (people, process and technology) are brought to light and addressed in an effective and timely manner.
· Embedding a culture of individual self-improvement, development and self-directed learning whereby staff are expected to maintain subject matter expertise within their area of focus and within the realm of cyber security more broadly.
· Supporting engagement of HSBC Global Businesses and Functions to drive a global up-lift in cyber-security awareness and help to evangelise HSBC Cybersecurity efforts and success.
· Ensuring operation within a post mortem framework that delivers detailed analysis on the root cause of incidents and produce findings and recommendations that support control adjustments to better protect the bank.
· Production of Management Information related to the CSIRT mission that is appropriate to the target audience, supported by data and experienced analysis enabling informed decisions.
· Engagement within the Lines of Defence Risk Management framework adopted by HSBC to ensure complete transparency and effective working relationship across all lines of defence.
Desired profile
Qualifications :
To be successful in this role you should meet the following requirements:
· Extensive knowledge and demonstrated experience of common cybersecurity technologies such as; IDS / IPS / HIPS, Advanced Anti-malware prevention and analysis, Firewalls, Proxies, MSS, etc.
· Extensive knowledge of common network protocols such as TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc. and network protocol analysis suits.
· Knowledge of common enterprise technology infrastructure, platforms and tooling, including; Windows, Linux, infrastructure management and networking hardware.
· Extensive knowledge and demonstrated experience in analysis and dissection of advanced attacker tactics, techniques and procedures in order to inform adjustments to the control plane.
· Technical experience of 3 rd party cloud computing platforms such as AWS, Azure and Google and demonstrated experience in incident response tools, techniques and process for effective threat containment, mitigation and remediation.
· Experience of common log management suites, Security Information and Event Management (SIEM) tools, use of “Big Data” and Cloud-based solution for the collection and real-time analysis of security information.
· Ability to identify, develop and track key performance indicator (KPI) metrics for accurate and contextual evaluation of operational effectiveness as well as providing recommendations for control improvement and mitigating control adjustments.
· Excellent understanding and knowledge of common industry cyber security frameworks, standards and methodologies, including; OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards.
· Proven experience in identifying and responding to advanced attacker methodologies both within the corporate environment as well as external attack infrastructures, ideally with offensive experience and / or deception environment development (tripwire systems, honeypots, honey-token/accounts, etc.) using open source, vendor purchased and bespoke/in-house developed solutions.
· Experience in a leadership position within a cyber-security operations team to include team and capability development, staff development, career management, and recruitment.
The base location for this role is Sheffield.
You'll achieve more when you join HSBC.
At HSBC we look to enable our employees to better balance their work / life priorities and have the flexibility required to meet challenging needs as they progress through different life stages. Where possible we will consider the following flexible working options: part-time working, job sharing, term-time working, and working from home and staggered hours. If in considering a role with HSBC you have a need for some flexibility in your working arrangements please discuss this with the recruitment team in the early stages of the application process.
HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment.
Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.