SOC Analyst

We are part of International Airlines Group (IAG), one of the world's leading airline groups and owner of some of the biggest brands in the sky.

IAG Transform provides creative and innovative solutions to drive sustainable transformation by delivering procurement and airline services, as well as group-wide systems across IAG. Each operating company benefits from the Transform centralised model, driving efficiencies, automation, and economies of scale.

Investigate & analyze high priority cyber security incidents • Respond to & contain security threats

Execute Cyber Security Incident Response Plan (CIRP) • Collaborate with internal & external stakeholders • Document incident response & create reports

Introduce and Utilize security automation & scripting

Incident Detection and Triage:

• Monitor security alerts and logs to detect potential security incidents.
• Conduct initial triage and assessment of incidents to determine severity and impact.

Incident Analysis:

• Conduct in-depth analysis of security incidents to determine root cause, scope, and extent of compromise.
• Analyze malware samples, network traffic, and system logs to identify indicators of compromise (IOCs) and attack patterns.

Incident Response:

• Lead and coordinate incident response efforts, including containment, eradication, and recovery activities.
• Collaborate with cross-functional teams to mitigate security incidents and minimize business impact.

Forensic Investigation:

• Assist partners in/and conduct digital forensic investigations to gather evidence and support incident response efforts.
• Preserve and analyze forensic artifacts from compromised systems to identify attacker tactics, techniques, and procedures (TTPs).

Threat Intelligence Analysis:

• Analyze threat intelligence feeds and reports to identify emerging threats and vulnerabilities.
• Correlate threat intelligence with security events and incidents to enhance detection and response capabilities.

Incident Documentation and Reporting:

• Document incident findings, analysis, and response actions in incident reports and case management systems.
• Prepare and present post-incident reports to management, stakeholders, and regulatory authorities.

Incident Coordination and Communication:

• Coordinate incident response activities with internal teams, external partners, and law enforcement agencies.
• Communicate effectively with stakeholders to provide timely updates on incident status and resolution efforts.

Identify areas for process improvement and optimization within the CSIRT function.

Develop and implement enhancements to incident detection, analysis, and response procedures.

Perform Oncall Duties on rota basis during out of office hours

Primary Escalation Expertise: Proficient in acting as the primary escalation point, undertaking security analysis on critical alerts, and employing expertise to piece together the attack chain across intricate Environments, including cloud, identity, email, network, and endpoint.

Threat Knowledge: Comprehensive understanding of the cyber threat landscape, particularly as it relates to the aviation sector.

Proactive Threat Hunting: Demonstrated capability to convert threat knowledge into active threat hunting. Skilful in analysing and researching new, emerging, or trending attacks, actors, malware samples, and TTP's.

Communication Proficiency: Must have excellent English reading, writing, and speaking skills with the ability to convey security insights: both in crafting and deciphering security metrics, and in presenting them clearly across all hierarchical levels, up to senior leadership.

Several years of experience in cybersecurity, with a focus on incident detection, analysis, and response.

Experience working in a CIRT or SOC environment, preferably in a senior role. Demonstrated expertise in conducting digital forensic investigations and malware analysis.

Strong understanding of incident response frameworks, methodologies, and best practices (e.g., NIST Incident Response Framework, SANS Incident Handling Process).

Experience with threat intelligence analysis, including the use of threat intelligence feeds and platforms.

Familiarity with network security monitoring tools, SIEM (Security Information and Event Management) systems, and other security technologies.

• The chance to enjoy a challenging career in an exciting, fast-moving environment in a dynamic industry.
• The opportunity to work in a multi-cultural environment with great offices in many locations. We support our people in maintaining work/life balance, as well as providing the many benefits one would expect from a global organisation, including health insurance, pension and performance bonuses.

We are an equal opportunities employer and all qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law