Threat Hunter

5 dni temu

Kraków, małopolskie, Polska HSBC Service Delivery Pełny etat

Threat Hunter


Some careers shine brighter than others.


If you’re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a

career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities,

support and rewards that will take you further.


Your career opportunity


Sitting within the Monitoring and Threat Detection sub-function, the ‘Cybersecurity Threat Hunter’ role is primarily

charged with proactively searching through the HSBC global estate for evidence of malicious activities in our

systems and on our networks and finding ways to illuminate behaviours that have managed to evade current

defences. Rather than relying primarily on static indicators and reacting to automatic rules and alerts, the Threat

Hunter uses a deep knowledge of internal defences, cyber-security expertise and the latest cyber-threat

intelligence to develop hypotheses and anticipate how those attackers will seek to bypass existing controls to

continuously improve our cyber-defences.


What you’ll do


  • Hunt for malicious or anomalous activity across the enterprise, using the various cybersecurity tools, platforms, and capabilities available. Act in co-ordination with GCO staff to lead the development and implementation of an advanced analysis and search capability focused on identifying potentially sophisticated APT and insider threat activities within the organisation.
  • Leverage a ‘cyber intelligence led approach’ to researching new and existing threat actors and associated tactics, techniques, and procedures (TTPs); develop a detailed understanding of their potential impact to the organisation, provide, develop and implement recommended solutions for improving our defensive and detective capability.
  • Collaborate with Cybersecurity functions, e.g., Red Team, Cyber-threat Intelligence to develop hypotheses for the detection and/or presence of new attack techniques and evasion methods; collaborate with the wider Cybersecurity (and IT) teams to ensure that the core, underlying technological capabilities that underpin an effective and efficient operational response to current and anticipated threats and trends remain fit for purpose.
  • Coordinate threat hunting activities, leveraging intelligence from multiple internal and external sources.
  • Review incident and penetration testing reports and corresponding logs, to identify gaps in our detection capability and provide recommendations to improve them.
  • Provide expert analytic investigative support on large scale and complex security incidents.
  • Contribute to the continued evolution of hunting, monitoring, detection, analysis and response capabilities and processes and identify processes that can be automated and orchestrated to ensure maximum efficiency of Global Cybersecurity Operations resources.
  • Train, mentor and inspire colleagues across the function and strengthening Cybersecurity Operations capabilities and represent HSBC Global Cybersecurity Operations at internal awareness and external cybersecurity forums.


What you need to have to succeed in this role


  • 8+ years of experience in computer forensics, vulnerability analysis, cyber security analysis, penetration testing and/or network engineering.
  • Extensive experience within an enterprise scale organisation; including hands-on experience of complex data centre environments, preferably in the finance or similarly regulated sector.
  • Industry recognised cyber security related certifications including CEH, EnCE, SANS GSEC, GCIH, GCIA and/or CISSP.
  • Formal education and advanced degree in Information Security, Cyber-security, Computer Science or similar and/or commensurate demonstrated work experience in the same.
  • Expert level knowledge of intelligence analysis principles either though formal education / training or equivalent professional experience.
  • Expert level knowledge and demonstrated experience in analysis and dissection of advanced attacker tactics, techniques, and procedures in order to inform adjustments to the control plane.
  • Expert level knowledge of scripting, programming and/or development of bespoke tooling or solutions and technical experience of 3rd party cloud computing platforms such as AWS, Azure, and Google.
  • Fluent English and excellent communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external stakeholders.



What we offer


  • Competitive salary
  • Annual performance-based bonus
  • Additional bonuses for recognition awards
  • Multisport card
  • Private medical care
  • Life insurance
  • One-time reimbursement of home office set-up (up to 800 PLN).
  • Corporate parties & events
  • CSR initiatives
  • Nursery discounts
  • Financial support with trainings and education
  • Social fund
  • Flexible working hours
  • Free parking


If your CV meets our criteria, you should expect the following steps in the recruitment process:

  • Online behavioural test
  • Telephone screen
  • Job interview with the hiring manager


We are looking to hire as soon as possible so don’t wait and apply now

You'll achieve more when you join HSBC.