Company Description
We are part of International Airlines Group (IAG), one of the world’s leading airline groups and owner of some of the biggest brands in the sky.
With a diverse workforce spread across four countries, IAG Transform provides creative and innovative solutions to drive sustainable transformation by delivering procurement, and airline services, as well as group-wide systems across IAG. Each operating company benefits from the Transform centralised model, driving efficiencies, automation, and economies of scale.
Job Description
In your role you will work within the team that investigates and analyses high priority cybersecurity incidents with precision. You will respond to and contain security threats effectively, following a robust Cyber Security Incident Response Plan (CIRP). Collaborating with both internal and external stakeholders, you will ensure seamless communication and effective outcomes. You will document incident responses meticulously and create comprehensive reports. Additionally, you will be responsible for introducing and utilising security automation and scripting to enhance efficiency and security measures.
Accountabilities:
- Monitor security alerts and logs to detect potential security incidents.
- Conduct initial triage and assessment of incidents to determine severity and impact.
- Conduct in-depth analysis of security incidents to determine root cause, scope, and extent of compromise.
- Analyze malware samples, network traffic, and system logs to identify indicators of compromise (IOCs) and attack patterns.
- Lead and coordinate incident response efforts, including containment, eradication, and recovery activities.
- Collaborate with cross-functional teams to mitigate security incidents and minimize business impact.
- Assist partners in/and conduct digital forensic investigations to gather evidence and support incident response efforts.
- Preserve and analyze forensic artifacts from compromised systems to identify attacker tactics, techniques, and procedures (TTPs).
- Analyze threat intelligence feeds and reports to identify emerging threats and vulnerabilities.
- Correlate threat intelligence with security events and incidents to enhance detection and response capabilities.
- Document incident findings, analysis, and response actions in incident reports and case management systems.
- Prepare and present post-incident reports to management, stakeholders, and regulatory authorities.
- Coordinate incident response activities with internal teams, external partners, and law enforcement agencies.
- Communicate effectively with stakeholders to provide timely updates on incident status and resolution efforts.
- Cyber Table Top Exercise and Breach Attack Simulation Exercise
- Perform Oncall Duties on rota basis during out of office hours
This role may require travel and working from multiple sites/locations. Willing and able to travel to participate in meetings, workshops, and other related activities.
Qualifications
Education:
Bachelor's or Masters degree or higher in Computer Science, Information Security, Cybersecurity, or a related field. Advanced degrees (e.g., Master's or Ph.D.) may be preferred for senior-level positions.
Certifications:
Relevant certifications in cybersecurity and incident response are highly desirable. Examples include:
- Certified Information Systems Security Professional (CISSP)
- Certified Incident Handler (GCIH)
- Certified Ethical Hacker (CEH)
- Certified Computer Security Incident Handler (GCFE)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Certified Incident Handler (GCIH)
- Certified Information Security Manager (CISM)
- Offensive Security Certified Professional (OSCP)
- CompTIA Cybersecurity Analyst (CySA+)
Experience:
- Several years of experience in cybersecurity, with a focus on incident detection, analysis, and response.
- Experience working in a CIRT or SOC environment, preferably in a senior role.
- Demonstrated expertise in conducting digital forensic investigations and malware analysis.
- Strong understanding of incident response frameworks, methodologies, and best practices (e.g., NIST Incident Response Framework, SANS Incident Handling Process).
- Experience with threat intelligence analysis, including the use of threat intelligence feeds and platforms.
Familiarity with network security monitoring tools, SIEM (Security Information and Event Management) systems, and other security technologies.
Additional Information
Benefits
The chance to enjoy a challenging career in an exciting, fast-moving environment in a dynamic industry, working in a multi-cultural environment with great offices in many locations. We aim to provide all our people with a work/life balance, as well as the many benefits offered by a global organisation, including health insurance, pension, and performance bonuses
Diversity and Inclusion
We recognise that we can only deliver the required business outcomes if we have a thriving community of technology professionals. Together we strive to become the very best at what we do.