Senior SOC Analyst

We are a part of International Airlines Group, one of the world’s leading airline groups flying to over 270 destinations and carrying more than 100 million passengers each year.

We provide a plug and play platform of scalable, best in class procurement, finance and IT business services to Aer Lingus, British Airways, IAG, IAG Cargo, IAG Loyalty, Iberia, Iberia Express, LEVEL and Vueling.

We combine functional expertise with a strong focus on customer service to make our Group stronger, more efficient, more competitive.

In your role you will work within the team that investigates and analyses high priority cybersecurity incidents with precision. You will respond to and contain security threats effectively, following a robust Cyber Security Incident Response Plan (CIRP). Collaborating with both internal and external stakeholders, you will ensure seamless communication and effective outcomes. You will document incident responses meticulously and create comprehensive reports. Additionally, you will be responsible for introducing and utilising security automation and scripting to enhance efficiency and security measures.

Accountabilities:

• Monitor security alerts and logs to detect potential security incidents.
• Conduct initial triage and assessment of incidents to determine severity and impact.
• Conduct in-depth analysis of security incidents to determine root cause, scope, and extent of compromise.
• Analyze malware samples, network traffic, and system logs to identify indicators of compromise (IOCs) and attack patterns.
• Lead and coordinate incident response efforts, including containment, eradication, and recovery activities.
• Collaborate with cross-functional teams to mitigate security incidents and minimize business impact.
• Assist partners in/and conduct digital forensic investigations to gather evidence and support incident response efforts.
• Preserve and analyze forensic artifacts from compromised systems to identify attacker tactics, techniques, and procedures (TTPs).
• Analyze threat intelligence feeds and reports to identify emerging threats and vulnerabilities.
• Correlate threat intelligence with security events and incidents to enhance detection and response capabilities.
• Document incident findings, analysis, and response actions in incident reports and case management systems.
• Prepare and present post-incident reports to management, stakeholders, and regulatory authorities.
• Coordinate incident response activities with internal teams, external partners, and law enforcement agencies.
• Communicate effectively with stakeholders to provide timely updates on incident status and resolution efforts.
• Cyber Table Top Exercise and Breach Attack Simulation Exercise.
• Perform Oncall Duties on a rota basis during out of office hours.

This role may require travel and working from multiple sites/locations. Willing and able to travel to participate in meetings, workshops, and other related activities.

Education:

Bachelor's or Master's degree or higher in Computer Science, Information Security, Cybersecurity, or a related field. Advanced degrees (e.g., Master's or Ph.D.) may be preferred for senior-level positions.

Certifications:

Relevant certifications in cybersecurity and incident response are highly desirable. Examples include:

• Certified Information Systems Security Professional (CISSP)
• Certified Incident Handler (GCIH)
• Certified Ethical Hacker (CEH)
• Certified Computer Security Incident Handler (GCFE)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Certified Incident Handler (GCIH)
• Certified Information Security Manager (CISM)
• Offensive Security Certified Professional (OSCP)
• CompTIA Cybersecurity Analyst (CySA+)

Experience:

• Several years of experience in cybersecurity, with a focus on incident detection, analysis, and response.
• Experience working in a CIRT or SOC environment, preferably in a senior role.
• Demonstrated expertise in conducting digital forensic investigations and malware analysis.
• Strong understanding of incident response frameworks, methodologies, and best practices (e.g., NIST Incident Response Framework, SANS Incident Handling Process).
• Experience with threat intelligence analysis, including the use of threat intelligence feeds and platforms.

Familiarity with network security monitoring tools, SIEM (Security Information and Event Management) systems, and other security technologies.