Senior SOC Analyst

• Directorate: Group Cyber Security and Technology

We are a part of International Airlines Group, one of the world’s leading airline groups flying to over 270 destinations and carrying more than 100 million passengers each year.

We provide a plug and play platform of scalable, best in class procurement, finance and IT business services to Aer Lingus, British Airways, IAG, IAG Cargo, IAG Loyalty, Iberia, Iberia Express, LEVEL and Vueling.

We combine functional expertise with a strong focus on customer service to make our Group stronger, more efficient, more competitive.

In your role you will work within the team that investigates and analyses high priority cybersecurity incidents with precision. You will respond to and contain security threats effectively, following a robust Cyber Security Incident Response Plan (CIRP). Collaborating with both internal and external stakeholders, you will ensure seamless communication and effective outcomes. You will document incident responses meticulously and create comprehensive reports. Additionally, you will be responsible for introducing and utilising security automation and scripting to enhance efficiency and security measures.

Accountabilities:

• Monitor security alerts and logs to detect potential security incidents.
• Conduct initial triage and assessment of incidents to determine severity and impact.
• Conduct in-depth analysis of security incidents to determine root cause, scope, and extent of compromise.
• Analyze malware samples, network traffic, and system logs to identify indicators of compromise (IOCs) and attack patterns.
• Lead and coordinate incident response efforts, including containment, eradication, and recovery activities.
• Collaborate with cross-functional teams to mitigate security incidents and minimize business impact.
• Assist partners in/and conduct digital forensic investigations to gather evidence and support incident response efforts.
• Preserve and analyze forensic artifacts from compromised systems to identify attacker tactics, techniques, and procedures (TTPs).
• Analyze threat intelligence feeds and reports to identify emerging threats and vulnerabilities.
• Correlate threat intelligence with security events and incidents to enhance detection and response capabilities.
• Document incident findings, analysis, and response actions in incident reports and case management systems.
• Prepare and present post-incident reports to management, stakeholders, and regulatory authorities.
• Coordinate incident response activities with internal teams, external partners, and law enforcement agencies.
• Communicate effectively with stakeholders to provide timely updates on incident status and resolution efforts.
• Cyber Table Top Exercise and Breach Attack Simulation Exercise.
• Perform Oncall Duties on rota basis during out of office hours.

This role may require travel and working from multiple sites/locations. Willing and able to travel to participate in meetings, workshops, and other related activities.

Education:

Bachelor's or Masters degree or higher in Computer Science, Information Security, Cybersecurity, or a related field. Advanced degrees (e.g., Master's or Ph.D.) may be preferred for senior-level positions.

Certifications:

Relevant certifications in cybersecurity and incident response are highly desirable. Examples include:

• Certified Information Systems Security Professional (CISSP)
• Certified Incident Handler (GCIH)
• Certified Ethical Hacker (CEH)
• Certified Computer Security Incident Handler (GCFE)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Certified Incident Handler (GCIH)
• Certified Information Security Manager (CISM)
• Offensive Security Certified Professional (OSCP)
• CompTIA Cybersecurity Analyst (CySA+)

Experience:

• Several years of experience in cybersecurity, with a focus on incident detection, analysis, and response.
• Experience working in a CIRT or SOC environment, preferably in a senior role.
• Demonstrated expertise in conducting digital forensic investigations and malware analysis.
• Strong understanding of incident response frameworks, methodologies, and best practices (e.g., NIST Incident Response Framework, SANS Incident Handling Process).
• Experience with threat intelligence analysis, including the use of threat intelligence feeds and platforms.

Familiarity with network security monitoring tools, SIEM (Security Information and Event Management) systems, and other security technologies.

Benefits:
The chance to enjoy a challenging career in an exciting, fast-moving environment in a dynamic industry, working in a multi-cultural environment with great offices in many locations. We aim to provide all our people with a work/life balance, as well as the many benefits offered by a global organisation, including health insurance, pension, and performance bonuses.

Diversity and Inclusion:
IAG Tech is part of the IAG GBS organisation, and our people are at the heart of everything we do. We recognise that we can only deliver the required business outcomes if we have a thriving community of technology professionals. Together we strive to become the very best at what we do.

We focus on making Tech a great place to work, with a community that we feel proud to belong to. To help make this a reality, our people strategy focuses on six key domains: Engagement, Talent Management, Reward and Recognition, Performance Management, Learning and Development and Culture.

We understand the importance of Diversity and Inclusion in the workplace to deliver this strategy – everyone should feel part of our team. We want to foster an inclusive workplace, celebrate individuality and embrace differences so that everyone in IAG Tech can achieve their goals and ambitions, regardless of their personal circumstances or background.

As a Group, IAG has an ambition that 40% of senior management roles are held by women by 2025. IAG Tech fully supports that ambition, and we are working to help make it a reality. With this in mind, we have set ourselves the challenging target of recruiting 50% female colleagues by 2030.