If you're looking for a career where you can make a real impression, join our global service center (gsc)- hsbc and discover how valued you'll be. Operating within the cybersecurity global defence function and under the management of the global head of cybersecurity operations, the global cybersecurity operations (gco) team provides a coordinated suite of "network defence" related services and are responsible for the detection and response to information and cybersecurity threats across the global hsbc assets and estate.monitoring & threat detection (mtd) – monitoring, detection, alerting and triage of initial cyber-threat events. Incident management & response (imr) – management and deep-dive investigation and response to cyber-incidents. Information protection & response (ipr) – management and response to information and data security incidents. Critical to the success of gco are its close partnerships with other cybersecurity global defence teams including cybersecurity engineering, service reliability engineering, cyber intelligence & threat analysis teams and the wider hsbc businesses and functions.the overall gco mission is placed under the purview of the cybersecurity chief technology officer / head of cybersecurity global defence.monitoring and threat detection analysts are responsible for monitoring multiple hsbc networks simultaneously using the latest threat detection technologies to detect, analyse and respond to cyber security incidents. The analyst will follow detailed processes and procedures to identify and analyse these incidents, escalating to and supporting more senior analysts based on the severity and potential impact of the incident. Monitoring the entire global hsbc technology and information estate for new attacks and log them to appropriate systems. Responding to alerts from the various monitoring/detection systems and platforms within defined slas. Following detailed processes and procedures to analyse, respond to and/or escalate cyber security incidents. Supporting cyber security incidents through to eradication and feedback lessons learned, in to improved cyber resilience. Analysing network traffic using a variety of analysis tools. Monitoring security appliance health and perform basic troubleshooting of security devices; notify security engineering as necessary for malfunctioning equipment. Analysing malicious artefacts obtained from network monitoring with a focus on generation of threat intelligence and service improvement. Identifying and developing new ideas to enhance our detection capability (use cases) and mitigations (playbooks) across the security platforms. Supporting handovers to other teams and countries at the start and end of the working shift. Contributing to the continued evolution of hunting, monitoring, detection, analysis and response capabilities and processes. Training, developing and mentoring colleagues in area(s) of specialism. Experience analysing logs for indicators of compromise, collected from various network monitoring devices such as firewalls, ids/ips, web proxies, email filters, etc. Excellent knowledge and demonstrated experience of common log management suites, security information and event management (siem) tools, use of "big data" and cloud-based solution for the collection and real-time analysis of security information. Ids / ips / hips, advanced anti-malware prevention and analysis, firewalls, proxies, mss, etc. Good knowledge and demonstrated experience of common operating systems and platforms to include windows, linux, unix, oracle, citrix, gsx server, ios, osx, etc. Good knowledge of common network protocols such as tcp, udp, dns, dhcp, ipsec,etc. and network protocol analysis suites. Good knowledge of key information risk management and security related standards including owasp, iso2700x series, pci dss, glba, eu data security and privacy acts, ffiec guidelines and nist standards functional knowledge and technical experience of 3rd party cloud computing platforms such as aws, azure and google, ali cloud basic knowledge and demonstrated experience in common cybersecurity incident response and forensic investigation tools such as: encase, ftk, sleuthkit, kali linux, ida pro, etc.we take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., personal data held by the bank relating to employment applications will be used in accordance with our privacy statement, which is available on our website. *issued by hsbc electronic data processing (méxico) private ltd*