This is an archive of an expired job.
North America-United States-New Jersey-Jersey City
The Sr. Splunk Engineer lead will be a member of the Global Cybersecurity Technology team. This team is responsible for identifying, developing and deploying global cybersecurity controls across the estate leveraging the firm’s assets, network and data to identify threats. This role will partner heavily with IT Infrastructure Delivery (ITID) and support the end to end secure deployment of security technologies across the firm as well as leading and attracting talent to build a world class team.
The logging and operations functions within Cyber Technology has the responsibility of ensuring ingestion of various log types and data sources into our SIEM tool, 24/7 production support of the environment, capacity planning, patches and upgrades and use case development and ongoing upkeep per intel provided from various peer teams within the Cyber Security organization.
This role will participate in efforts to test the effectiveness of defined controls and ensure that critical processes in the firm are evaluated from a security perspective. The role requires a strong self-starter with a track record who can understand program objectives, create or modify controls using a logical and standardized approach, and independently and proactively engage internal partners to align on an agreed upon solution. The ideal candidate will have experience in various SIEM technologies and enterprise search tools (e.g. Splunk ES, QRadar LogRhythm, ELK, Sumologic, etc.)
The Centralized Logging Support Lead is primarily accountable for:
Supporting the Identification, development and implementation of new detections (Use cases)
Directly contributing to the continued technical enhancement of the security platforms
Leading the continued evolution of automation and orchestration across the platform
Training and developing other members of the Logging and Operations team as well as other members of the Global Cybersecurity Engineering function.
Supporting a “self-critical” culture whereby identification of weaknesses in the bank’s control plane (people, process and technology) are brought to light in an effective manner and addressed.
Supporting a culture of individual self-improvement, whereby staff are expected to maintain subject matter expertise within their area of focus and within the realm of cybersecurity more broadly, for example remaining up to date on the latest forensic techniques and tooling for strategically important platforms and technologies in use (and proposed for use) at HSBC.
Supporting engagement of Global Businesses and Functions everywhere HSBC does business that drives a global up-lift in cybersecurity awareness helping to “tell the story” of HSBC Cybersecurity efforts.
Collaborate with various layers of management across Cybersecurity and other IT teams to develop solutions that protect the organization.
Design and drive the implementation of service offerings, capability uplifts, and process improvements to protect the bank for a continuously changing threat landscape
Impact on the Business
Supports the development of the Global Cybersecurity Logging and Operations function, engaging with colleagues across the Cybersecurity and other IT functions to drive and deliver sustainable operational plans in line with department strategy.
Leads and facilitates change through clear strategy, operational planning and effective communication and stakeholder management.
Drives business performance, clear thinking and utilises experience whilst under pressure.
Delivers sustainable business outcomes.
Responsible for building effective technology and process control capability that is continuously re-factoring to meet evolving security and compliance needs
Works closely with peers and business leads to build and implement controls in adlignment with risk-posture, architectural constraints, company strategic direction and industry trends and best practices.
Drives delivery of the highest standards and outcomes, inspiring others to do the same. Focuses on medium and long term goals even when under pressure or facing uncertainty. Manages expectations, results and impact of agreed outcomes, thinking ahead to identify and overcome potential issues.
Strategically drives innovation to gain competitive advantage, taking calculated, entrepreneurial risks to achieve business outcomes. Generates an environment in which innovation is seamlessly embedded into working practices.
Understands and interprets developments and changes in future business requirement and ensures the appropriate reaction and response through discourse and the implementation of relevant, security focused, technical and procedural solutions.
Strengthens stakeholder relationships and enhances key relationships using rapport-building expertise and appropriate influencing skills to add and increase stakeholder advocacy. Key relationships to include Functional heads across the other HOST functions and external account managers for third party suppliers and vendors, along with other regional counterparts across the globe, Cultivate strong relationships with organisationally important global and/or high value stakeholders with a tailored approach
Leadership & Teamwork
Supports the development of the Cybersecurity Technology teams, making sustainable decisions that protects and enhances HSBC’s values, reputation and stakeholder value.
Actively encourages a learning culture, encouraging collaboration and cross-functional working to develop and nurture teams and identify talent.
Authentically engages a diverse group of stakeholders internally and externally to influence the achievement of best outcomes for all stakeholders.
Builds rapport and mutual understanding to communicate and create opportunities for cross-business and/or international working, encouraging debate and open discussion. Encourages people to build sustainable relationships beyond transactional levels and use empathy and insight to build better understanding of mutual benefits.
Advanced coach / mentor contributes to the establishment of good coaching and mentoring practices. Demonstrates alternative techniques for diagnosing and coaching individuals and teams.
Operational Effectiveness & Control
Governs risk responsibly. Promote ethical management of risk across regions and business areas within their teams.
Communicates changes in policy and governance effectively, reinforcing risk processes within their team.
Builds and sustains a risk aware culture. Shows integrity whilst promoting and managing relevant monitoring and reporting requirements within their team.
Embeds efficient risk and compliance processes and procedures into business as usual practices.
Builds collaborative relationships, defines and articulates to stakeholders the targeted benefits for a change intervention.
Demonstrates effective financial skills to develop a detailed business case, including investments, detailed benefits (financial, non-financial and strategic) and link to overall finances of the business.
Management of Risk
The jobholder will ensure the fair treatment (service excellence) of our customers is at the heart of everything we do, both personally and as an organisation.
The jobholder will also continually reassess the IT Security and operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.
This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring. Also by addressing any areas of concern in conjunction with entity management and/or the appropriate department.
Observation of Internal Controls
Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.
The jobholder will also adhere to and be able to demonstrate adherence to internal controls. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by driving the timely implementation of internal and external audit points, including issues raised by external regulators, and internally identified IT security risks.
The jobholder will implement the group compliance policy by containing compliance risk in liaison with Global Head of Compliance, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term ‘compliance’ embraces all relevant financial services laws, rules and codes with which the business has to comply.
This will be achieved by adhering to all relevant processes/procedures and by liaising with compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources.
An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.
An understanding of organizational mission, values and goals and consistent application of this knowledge.
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
An ability to perform independent analysis of complex problems and distill relevant findings and root causes.
An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative and actionable manner.
A team-focused mentality with the proven ability to work effectively with diverse stakeholders.
Self-motivated and possessing of a high sense of urgency and personal integrity.
Highest ethical standards and values.
Excellent understanding of HSBC cyber security principles, global financial services business models, regional compliance regulations and applicable laws.
Proven ability and experience of working in a high-pressure, fast paced environment where bold, time critical decision making is essential..
Proven experience in Logging frameworks, Enterprise level support across a global function.
Ability to orchestrate, manage and successfully implement major procedural and technological change within a complex, global organization.
Architecture various components within Splunk (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, Parsing, Indexing, Searching concepts, Hot, Warm, Cold, Frozen bucketing, License model.
Extensive experience in deploying, configuring, upgrading and administering Splunk clusters at an enterprise level.
Helping application teams in on-boarding Splunk and creating dashboards, alerts, and reports.
Develop custom app configurations (deployment-apps) within SPLUNK in order to parse, index multiple types of log format across all application environments
Deployment of Splunk family of software to support log retention, aggregation and analysis requirements, including: Splunk scalability, capacity planning, distributed setup, Search Head Clustering, Index Clustering and performance specifications
Perform installation, configuration management, capacity planning, license management, data integration, data transformation, field extraction, event parsing, data preview, and application management of Splunk
Design and customize complex search queries and promote advance searching, forensics, and analytics
Develop dashboards, data models, reports and optimize performance
Develop, implement and document configuration standards, policies, and procedures for operating, managing and ensuring the security of the Splunk infrastructure
Participate in incident, problem, and change management process related to Splunk
Work closely with Linux and Windows server administration teams to diagnose and resolve configuration issues
Be well versed in Splunk technology, implementation of best practices and have a working knowledge in the variety of architectural variations of the Splunk product.
Experience with Splunk deployment in the cloud AWS, GCP or Azure
Hands on experience with Enterprise Applications
Hands on experience with Security Tools such as IDS/IPS, AV, Endpoint management
Hands on experience with Virtualization Technology such as VMWare
Scripting/Programming experience with Python, Perl, Powershell or Bash
Security Information Event Management (SIEM)
Experience working in a large corporate enterprise environment
8+ years of experience with deep technical expertise and strong leadership supporting enterprise level SIEM technology and logging frameworks
Formal education and advanced degree in Information Security, Cyber-security, Computer Science or similar and/or commensurate demonstrated work experience in the same