Cyber Defence Analyst L2

Job Description:

Airbus Protect brings together experts in the fields of Safety, Cybersecurity and Sustainability. We are over 1200 experts based across our main locations in France, Germany, UK and Spain, also operating in the US and the Middle East.

We deliver expertise to our own group, Airbus but also to external clients.

Our mission is to protect governments, military and essential national infrastructure enterprises from cyber threats.

Our goal: Protect our customers and support their needs with cybersecurity products.

The Cyber Defence Centre provides services in order to:

• Prevent a cyber risk (Consulting & audits)
• Detect and react on security incidents (Security Operation Centre - SOC)
• Respond to cyber attacks (Computer Security Incident Response Team - CSIRT)

In this context, the Cyber Defence Centre in Spain is seeking to hire a Cybersecurity Analyst.

The Cybersecurity Analyst works as a part of a team in charge of security monitoring for the international and national SOCs.

The main mission of the Cybersecurity Analyst is to deal with the security incidents which are detected by the service and to lead in‑depth analysis on these incidents, ensuring that work tickets are updated/closed including relevant technical details in accordance with existing SLAs. You will also work in the development and testing of security alerts to detect and prevent those incidents.

The successful candidate will be part of the analysts staff, working in normal business hours and in stand‑by shifts too.

All Analysts are expected to be comfortable at a technical level, being able to present and write professional reports to key stakeholders and exercise good time management, often being required to attend technical workshops and customer briefings/service reviews.

• Investigate potential security incidents.
• Add context to the incident to understand the behaviour, analysing data from multiple tools and data sources.
• When required perform initial triage/identification of ‘Events of Interest’ using a range of monitoring and detection tools.
• Participate in the crisis management by providing support to the incident handler and the SOC analysts.
• Maintain the detection rules database.
• Develop new detection rules.
• Work on the decrease of false positives.
• Track trends for metrics and reporting.
• Ensure that all events, events of interest, exceptions & incidents are responded to in accordance with established work instructions, including remedial action/recommendations.
• Maintenance of work instructions - reviews & amendment.
• Generate reports (as per templates) and trending analysis as requested by SOC Manager or key stakeholders.
• Present & review reports to internal & external key stakeholders
• Attend recurrent meetings with the customer as the technical referent.
• Provide recommendations or workarounds to the customer in order to reduce business impact.
• Lead and participate in the continuous improvement of the service (detection level, processes, operational procedures, service efficiency, service reporting).
• Support the customer in remediating incidents.
• Support the improvement of service efficiency and detection rules.
• Support the SOC manager in the reporting of the activity.

• Engineer diploma with Cybersecurity trainings or equivalent after a solid experience in the domain of Cyber defence.
• Security Certifications would be highly recommended (CEH, GCIH, GMON…)
• Experience working in a SOC.
• Experience with EDR tools.
• TCP/IP Fundamentals
• Wireshark Packet Analysis.
• Experience working with Regular Expressions.
• Experience developing SIEM correlation rules.
• English required.
• Splunk certifications are a plus.
• It will be necessary to complete the provided Blue Team training and get certified.

• Rigorous and respectful of processes. Strong attention to details.
• Good time management skills with the ability to multitask.
• Information Security and operational oriented mindset.
• Team player.
• Customer focus.
• Autonomous and self‑organized.
• Analytical and synthesis skills.

At Airbus we are focused on our employees and their welfare. Take a look at some of our social benefits:

• Vacation days and additional days-off along the year (+35 days off in total).
• Attractive salary and compensation package.
• Hybrid model of working when possible, promoting the work‑life balance (40% remote work).
• Collective transport service in some sites.
• Benefits such as health insurance, employee stock options, retirement plan, or study grants.
• On‑site facilities (among others): free canteen, kindergarten, medical office.
• Possibility to collaborate in different social and corporate social responsibility initiatives.
• Excellent upskilling opportunities and great development prospects in a multicultural environment.
• Special rates in products & benefits.

This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company’s success, reputation and sustainable growth.

Airbus Defence and Space SAU

Permanent

Entry Level

Cyber Security

By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.
Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief.

Airbus is, and always has been, committed to equal opportunities for all. As such, we will never ask for any type of monetary exchange in the frame of a recruitment process. Any impersonation of Airbus to do so should be reported to emsom@airbus.com.

At Airbus, we support you to work, connect and collaborate more easily and flexibly. Wherever possible, we foster flexible working arrangements to stimulate innovative thinking.