Cybersecurity Threat Hunter in HSBC

Closed job - No longer receiving applicants

We are currently seeking an experienced professional to join our team in the role of Cybersecurity Threat Hunter
Sitting within the Monitoring and Threat Detection sub-function, the ‘Cybersecurity Threat Hunter’ role is primarily charged with proactively searching through the HSBC global estate for evidence of malicious activities in our systems and on our networks and finding ways to illuminate behaviors that have managed to evade current defenses. Rather than relying primarily on static indicators and reacting to automatic rules and alerts, the Threat Hunter uses a deep knowledge of internal defenses, cyber-security expertise, and the latest cyber-threat intelligence to develop hypotheses and anticipate how those attackers will seek to bypass existing controls to continuously improve our cyber-defenses

The Threat Hunter is accountable for

  • Hunting for malicious or anomalous activity across the enterprise, using the various cybersecurity tools, platforms, and capabilities available. Acting in coordination with GCO staff to lead the development and implementation of an advanced analysis and search capability focused on identifying potentially sophisticated APT and insider threat activities within the organization.
  • Leveraging a ‘cyber intelligence-led approach’ to researching new and existing threat actors and associated tactics, techniques, and procedures (TTPs); developing a detailed understanding of their potential impact on the organization, providing, developing, and implementing recommended solutions for improving our defensive and detective capability.
  • Collaboration with Cybersecurity functions, e.g. Red Team, Cyber-threat Intelligence to develop hypotheses for the detection and/or presence of new attack techniques and evasion methods.
  • Coordinating threat-hunting activities, leveraging intelligence from multiple internal and external sources.
  • Reviewing incident and penetration testing reports and corresponding logs, to identify gaps in our detection capability and provide recommendations to improve them.
  • Providing expert analytic investigative support on large-scale and complex security incidents.
  • Contributing to the continued evolution of hunting, monitoring, detection, analysis, and response capabilities and processes
  • Training, mentoring, and inspiring colleagues across the function and strengthening Cybersecurity Operations capabilities.
  • Represent HSBC Global Cybersecurity Operations at internal awareness and external cybersecurity forums
  • Collaborate with the wider Cybersecurity (and IT) teams to ensure that the core, underlying technological capabilities that underpin an effective and efficient operational response to current and anticipated threats and trends remain fit for purpose.


  • Excellent investigative skills, intuitive and creative, with an ability to think like the enemy
  • Strong problem-solving and troubleshooting skills
  • Deep knowledge of hacker culture
  • Developed external peer network for sharing intelligence
  • Self-motivated and possessing a high sense of urgency and personal integrity
  • Highest ethical standards and values
  • Excellent understanding of cyber security principles, global financial services business models, regional compliance regulations and laws.
  • Excellent understanding and knowledge of common industry cyber security frameworks, standards, and methodologies, including; OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards.
  • Comprehensive knowledge of the MITRE ATT&CK framework.
  • Proven experience in identifying and responding to advanced attacker methodologies both within the corporate environment as well as external attack infrastructures, ideally with offensive experience and/or deception environment development (tripwire systems, honeypots, honey-token/accounts, etc.) using open source, vendor purchased and bespoke/in-house developed solutions.
  • Excellent communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external stakeholders.
  • Ability to speak, read, and write in English, in addition to your local language

Technical Skills

  • Highest level of technical expertise in information security, including deep familiarity with relevant penetration and intrusion techniques and attack vectors
  • Expert level knowledge and demonstrated experience of common intelligence sharing platforms/protocols and experience operating within a collective defense environment with internal stakeholders and external partners.
  • Expert-level knowledge of common enterprise technology infrastructure, platforms, and tooling, including; Windows, Linux, infrastructure management, and networking hardware.
  • Expert-level knowledge of intelligence analysis principles either through formal education/training or equivalent professional experience.
  • Expert-level knowledge and demonstrated experience in analysis and dissection of advanced attacker tactics, techniques, and procedures to inform adjustments to the control plane.
  • Expert-level knowledge of scripting, programming and/or development of bespoke tooling or solutions to solve unique problems.
  • Expert knowledge and technical experience with third-party cloud computing platforms such as AWS, Azure, and Google.

Industry Experience and Qualifications

Candidates will be evaluated primarily upon their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in this role are as follows:

  • 8+ years of experience in computer forensics, vulnerability analysis, cyber security analysis, penetration testing, and/or network engineering.
  • Extensive experience within an enterprise-scale organization; including hands-on experience in complex data center environments, preferably in the finance or similarly regulated sector
  • Industry-recognised cybersecurity-related certifications including; CEH, EnCE, SANS GSEC, GCIH, GCIA, and/or CISSP
  • Formal education and an advanced degree in Information Security, Cybersecurity, Computer Science, or similar and/or commensurate demonstrated work experience in the same.

Beneficios y condiciones

  • Contratación directa con el banco
  • Contratación 100% nómina
  • 20 días de vacaciones
  • 30 días de Aguinaldo
  • Prima vacacional de 15 días
  • Bono Anual por desempeño de 1 a 3 meses de sueldo
  • Créditos y productos que ofrece el banco con tasa preferencial
  • Cobertura médica GMM para ti y tus dependientes económicos
  • Seguro de vida
  • GYM
  • Subsidio IMSS
  • Seguro de Auto a precio de flotilla
  • Compra de acciones
  • Día de cumpleaños
  • Periodo Sabático
  • Plataforma de convenios y beneficios adicionales
  • Fondo de ahorro que se entrega al final de la relación
  • Fondo de ahorro Cares Médico
  • Seguro de auto a precio de flotilla

Life insurance HSBC pays or copays life insurance for employees.
Performance bonus Extra compensation is offered upon meeting performance goals.
Vacation on birthday Your birthday counts as an extra day of vacation.

Remote work policy


This job takes place some days from home and others at the office in Ciudad de México (Mexico).

Life's too short for bad jobs.
Sign up for free and find jobs that are truly your match.