Information Security Analyst SOC Tier 1

Ryanair Labs are currently recruiting for a Security Analyst SOC Tier 1 to join Europe’s Largest Airline Group!

Ryanair Labs is the technology brand of Ryanair. Labs is a state-of-the-art digital & IT innovation hub creating Europe’s Leading Travel Experience for our customers.

The SOC team is responsible for cybersecurity of internal environments.

• Analyze, triage and respond to security events, alarms and escalations as required, acting as the line security event analyst monitoring the Security Information and Event Management (SIEM) system.
• Monitor the alarm dashboard, providing an initial analysis of event data and network traffic, making security event determinations on alarm severity, escalation and response routing.
• Recommend changes to enhance systems security and prevent unauthorized access to IT Lab and Client systems.
• Conduct research and assessments of security events, providing analysis of firewall, IDS, anti-virus and other network sensor produced events, to feed into SOC reporting activities and improvements.
• Monitor threat and vulnerability news services for any relevant information that may impact installed infrastructure.
• Analyse reports to understand threat campaign(s) techniques, lateral movements and extract indicators of compromise.
• Write, modify, and fine tune SIEM rulesets for improved alerting and reduction of false positives.
• Analyze log data from various sources.
• Participate in compliance/vulnerability assessment scanning and develop mitigation and remediation plans from the assessment findings.

• Understanding of performing analysis and interpretation of information from SOC systems: incident identification / analysis, escalation procedures and reduction of false-positives.
• Related experience and training in the field of IT security monitoring and analysis, cyber threat analysis, and vulnerability analysis.
• Knowledge of multiple operating systems and applicable system administration skills (Windows, Linux, Mac, VM platforms).
• Experience using Security tools, such as Vulnerability scanners, IDS/IPS, SIEM, etc.
• Detailed understanding of TCP/IP and a good background in network troubleshooting and technologies; Firewall configuration, monitoring, network packet capture (tcpdump / Wireshark), etc.
• An understanding of threat analysis, threat hunting, and intelligence feeds
• Excellent knowledge of commonly used Internet protocols such as SMTP, HTTP, and DNS
• Knowledge of adversarial simulation frameworks

• A University degree level education (or equivalent professional certifications) in Information / Cybersecurity, Forensics or Computer Science
• Host-based forensics
• Experience in IT security within multi-supplier and Cloud IT environments
• Experience in ELK stack
• Malware analysis and sandboxing

Our offer:

• Contract of employment (permanent after trial period)
• Discounted and unlimited travel to over 250 destinations
• Multisport card
• Private health care
• Group insurance scheme

Apply today to discuss the role in more detail!

• Dependability
• Problem Solving/Analysis
• Communication