If you're looking for a career where you can make a real impression, join our global service center (gsc)- hsbc and discover how valued you'll be.we are currently seeking an experienced professional to join our team in the role ofsoc analystrole purposeoperating within the cybersecurity global defence function and under the management of the global head of cybersecurity operations, the global cybersecurity operations (gco) team provides a coordinated suite of "network defence" related services and are responsible for the detection and response to information and cybersecurity threats across the global hsbc assets and estate.the gco team is split into four distinct sub-functions:monitoring & threat detection (mtd) – monitoring, detection, alerting and triage of initial cyber-threat events.incident management & response (imr) – management and deep-dive investigation and response to cyber-incidents.information protection & response (ipr) – management and response to information and data security incidents.strategic innovation & operations (sio) – continuous improvement of cyber-threat detection capabilities and process automation.critical to the success of gco are its close partnerships with other cybersecurity global defence teams including cybersecurity engineering, service reliability engineering, cyber intelligence & threat analysis teams and the wider hsbc businesses and functions.the overall gco mission is placed under the purview of the cybersecurity chief technology officer / head of cybersecurity global defence.main activities:monitoring and threat detection analysts are responsible for monitoring multiple hsbc networks simultaneously using the latest threat detection technologies to detect, analyse and respond to cyber security incidents. The analyst will follow detailed processes and procedures to identify and analyse these incidents, escalating to and supporting more senior analysts based on the severity and potential impact of the incident.the primary responsibilities of the analyst are:monitoring the entire global hsbc technology and information estate for new attacks and log them to appropriate systems.triaging potentially malicious events to determine severity and criticality of the event.responding to alerts from the various monitoring/detection systems and platforms within defined slas.following detailed processes and procedures to analyse, respond to and/or escalate cyber security incidents.supporting cyber security incidents through to eradication and feedback lessons learned, in to improved cyber resilience.analysing network traffic using a variety of analysis tools.monitoring security appliance health and perform basic troubleshooting of security devices; notify security engineering as necessary for malfunctioning equipment.analysing malicious artefacts obtained from network monitoring with a focus on generation of threat intelligence and service improvement.identifying and developing new ideas to enhance our detection capability (use cases) and mitigations (playbooks) across the security platforms.reviewing and validating new use cases and playbooks created by cybersecurity colleagues.researching emerging threats and vulnerabilities to aid in the identification of cyber incidents.applying structured analytical methodologies to maximise threat intelligence growth and service efficacy.supporting handovers to other teams and countries at the start and end of the working shift.contributing to the continued evolution of hunting, monitoring, detection, analysis and response capabilities and processes.training, developing and mentoring colleagues in area(s) of specialism.collaborating with the wider cybersecurity (and it) teams to ensure that the core, underlying technological capabilities that underpin an effective and efficient operational response to current and anticipated threats and trends remain fit for purposerequirementstechnical skillsexperience analysing logs for indicators of compromise, collected from various network monitoring devices such as firewalls, ids/ips, web proxies, email filters, etc. Socexcellent knowledge and demonstrated experience of common log management suites, security information and event management (siem) tools, use of "big data" and cloud-based solution for the collection and real-time analysis of security information.good knowledge and demonstrated experience of common cybersecurity technologies such as; ids / ips / hips, advanced anti-malware prevention and analysis, firewalls, proxies, mss, etc.good knowledge and demonstrated experience of common operating systems and platforms to include windows, linux, unix, oracle, citrix, gsx server, i os, osx, etc.good knowledge of common network protocols such as tcp, udp, dns, dhcp, ipsec,etc. and network protocol analysis suites.good knowledge and demonstrated experience in incident response tools, techniques and process for effective threat containment, mitigation and remediation.good knowledge of key information risk management and security related standards including owasp, iso2700x series, pci dss, glba, eu data security and privacy acts, ffiec guidelines and nist standardsfunctional knowledge of scripting, programming and/or development of bespoke tooling or solutions to solve unique problems.functional knowledge and technical experience of 3rd party cloud computing platforms such as aws, azure and google, ali cloudbasic knowledge and demonstrated experience in common cybersecurity incident response and forensic investigation tools such as: en case, ftk, sleuthkit, kali linux, ida pro, etc.