QUALIFICATIONS AND JOB DESCRIPTION
Job Purpose
- Monitoring the entire HBTR technology and information estate for new attacks and log them to appropriate system
- Triaging potentially malicious events to determine severity and criticality of the event
- Responding to alerts from the various monitoring/detection systems and platforms within defined SLAs
- Following detailed processes and procedures to analyse, respond to and/or escalate cyber security incidents.
- Analysing network traffic using a variety of analysis tools.
- Monitoring security appliance health and perform basic troubleshooting of security devices; notify security engineering as necessary for malfunctioning equipment.
- Analysing malicious artefacts obtained from network monitoring with a focus on generation of threat intelligence and service improvement.
- Researching emerging threats and vulnerabilities to aid in the identification of cyber incidents.
- Acting as a member of HSBC SOME.
Certifications, Qualifications & ExperienceSkills
- Good investigative skills and curiosity.
- Instinctive and creative, with an ability to think like the enemy.
- Ability to learn quickly through hands on experience.
- Self-motivated and possessing of a high sense of urgency and personal integrity.
- Highest ethical standards and values.
- Ability to speak, read and write in English
Technical Skills- Experience analysing logs for indicators of compromise, collected from various network monitoring devices such as firewalls, IDS/IPS, web proxies, email filters, etc.
- Demonstrated experience of common log management suites, Security Information and Event Management (SIEM) tools, for the collection and real-time analysis of security information.
- Good knowledge and demonstrated experience of common cybersecurity technologies such as; IDS / IPS / HIPS, Advanced Anti-malware prevention and analysis, Firewalls, Proxies, MSS, etc.
- Good knowledge and demonstrated experience of common operating systems and platforms to include Windows, Linux, UNIX, Oracle, Citrixetc.
- Good knowledge of common network protocols such as TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc. and network protocol analysis suites.
- Good knowledge and demonstrated experience in incident response tools, techniques and process for effective threat containment, mitigation and remediation.
- Functional knowledge of scripting, programming and/or development of bespoke tooling or solutions to solve unique problems.
- Basic knowledge and demonstrated experience in common cybersecurity incident response and forensic investigation tools such as: EnCase, FTK, Sleuthkit, Kali Linux, IDA Pro, etc.
Industry Experience and Qualifications
- 3+ years of experience in similar cyber security analyst role
- Industry recognised cyber security related certifications including; CEH, EnCE, SANS GSEC, GCIH, GCIA and/or CISSP
- Formal education and degree in Information Security, Cyber-security, Computer Science, Engineering or similar