Threat Hunter Senior

Location: 

Azcapotzalco, Ciudad de México, MX, 02230


Brand:  HSBC
Area of Interest: 
Closing Date:  Hybrid Worker
Date:  2 Jul 2026

Job description

If you’re looking for a career where you can make a real impression, join our Global Service Center (GSC)- HSBC and discover how valued you’ll be.

We are currently seeking an experienced professional to join our team in the role of

Threat Hunter Senior

Role purpose

Operating within the Cybersecurity Global Defence function and under the management of the Global Head of Cybersecurity Operations, the Global Cybersecurity Operations (GCO) team provides a coordinated suite of “Network Defence” related services and are responsible for the detection and response to information and cybersecurity threats across the global HSBC assets and estate.

The GCO team is split into four distinct sub-functions:

Monitoring & Threat Detection (MTD) – Monitoring, detection, alerting and triage of initial cyber-threat events.

Incident Management & Response (IMR) – Management and deep-dive investigation and response to cyber-incidents.

Information Protection & Response (IPR) – Management and response to information and data protection incidents.

Strategic Innovation & Operations (SIO) – Continuous improvement of cyber-threat detection capabilities and process automation.

Critical to the success of GCO are its close partnerships with other Cybersecurity Global Defence teams including Cybersecurity Engineering, Service Reliability Engineering, Cyber Intelligence & Threat Analysis teams and the wider HSBC businesses and functions.

The overall GCO mission is placed under the purview of the Cybersecurity Chief Technology Officer / Head of Cybersecurity Global Defence

 

Main activities: 

Sitting within the Monitoring and Threat Detection sub-function, the ‘Cybersecurity Threat Hunter’ role is primarily charged with proactively searching through the HSBC global estate for evidence of malicious activities in our systems and on our networks and finding ways to illuminate behaviours that have managed to evade current defences. Rather than relying primarily on static indicators and reacting to automatic rules and alerts, the Threat Hunter uses a deep knowledge of internal defences, cyber-security expertise and the latest cyber-threat intelligence to develop hypotheses and anticipate how those attackers will seek to bypass existing controls to continuously improve our cyber-defences.

The Threat Hunter is accountable for:

  • Hunting for malicious or anomalous activity across the enterprise, using the various cybersecurity tools, platforms and capabilities available. Acting in co-ordination with GCO staff to lead the development and implementation of an advanced analysis and search capability focused on identifying potentially sophisticated APT and insider threat activities within the organisation.
  • Leveraging a ‘cyber intelligence led approach’ to researching new and existing threat actors and associated tactics, techniques and procedures (TTPs); developing a detailed understanding of their potential impact to the organisation, providing, developing and implementing recommended solutions for improving our defensive and detective capability.
  • Collaboration with Cybersecurity functions, e.g. Red Team, Cyber-threat Intelligence to develop hypotheses for the detection and/or presence of new attack techniques and evasion methods.
  • Coordinating threat hunting activities, leveraging intelligence from multiple internal and external sources.
  • Reviewing incident and penetration testing reports and corresponding logs, to identify gaps in our detection capability and provide recommendations to improve them.
  • Providing expert analytic investigative support on large scale and complex security incidents.
  • Contributing to the continued evolution of hunting, monitoring, detection, analysis and response capabilities and processes
  • Training, mentoring and inspiring colleagues across the function and strengthening Cybersecurity Operations capabilities.
  • Represent HSBC Global Cybersecurity Operations at internal awareness and external cybersecurity forums
  • Collaborate with the wider Cybersecurity (and IT) teams to ensure that the core, underlying technological capabilities that underpin an effective and efficient operational response to current and anticipated threats and trends remain fit for purpose.
  • Identify processes that can be automated and orchestrated to ensure maximum efficiency of Global Cybersecurity Operations resources.

 

 

Requirements

 

Skills

  • Excellent investigative skills, instinctive and creative, with an ability to think like the enemy
  • Strong problem-solving and trouble-shooting skills
  • Deep knowledge of hacker culture
  • Developed external peer network for sharing intelligence
  • Self-motivated and possessing of a high sense of urgency and personal integrity
  • Highest ethical standards and values
  • Excellent understanding of cyber security principles, global financial services business models, regional compliance regulations and laws.
  • Excellent understanding and knowledge of common industry cyber security frameworks, standards and methodologies, including; OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards.
  • Comprehensive knowledge of the MITRE ATT&CK framework.
  • Proven experience in identifying and responding to advanced attacker methodologies both within the corporate environment as well as external attack infrastructures, ideally with offensive experience and / or deception environment development (tripwire systems, honeypots, honey-token/accounts, etc.) using open source, vendor purchased and bespoke/in-house developed solutions.
  • Excellent communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external stakeholders.
  • Ability to speak, read and write in English, in addition to your local language


Technical Skills

  • Highest level of technical expertise in information security, including deep familiarity with relevant penetration and intrusion techniques and attack vectors
  • Expert level knowledge and demonstrated experience of common intelligence sharing platforms / protocols and experiencing operating within a collective defence environment with internal stakeholders and external partners.
  • Expert level knowledge of common enterprise technology infrastructure, platforms and tooling, including; Windows, Linux, infrastructure management and networking hardware.
  • Expert level knowledge of intelligence analysis principles either though formal education / training or equivalent professional experience. 
  • Expert level knowledge and demonstrated experience in analysis and dissection of advanced attacker tactics, techniques and procedures in order to inform adjustments to the control plane.
  • Expert level knowledge of scripting, programming and/or development of bespoke tooling or solutions to solve unique problems.
  • Expert knowledge and technical experience of 3rd party cloud computing platforms such as AWS, Azure and Google.

 

You’ll achieve more when you join HSBC!

At HSBC we offer our colleagues a greater number of days so that they can fully enjoy their wedding, take care of the new member of the family, or grieve the loss of a family member. Our paid leave package is at the forefront in Mexico, now you have one more reason to be HSBC and proudly live a culture of well-being, balance and care

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website. 

***Issued by HSBC Electronic Data Processing (México) Private LTD***