SOC Analyst

Job Title

SOC Analyst

Overview  

Looking for a challenge in one of the world's leading airline Groups and a dual FTSE 100 and IBEX 35 listed company?  
The Group combines airlines in Ireland, the UK and Spain with key non-airline businesses, enabling them to enhance their presence in the aviation market. 

Purpose of the role

Investigate & analyze high priority cyber security incidents
• Respond to & contain security threats

Execute Cyber Security Incident Response Plan (CIRP)
• Collaborate with internal & external stakeholders
• Document incident response & create reports

Introduce and Utilize security automation & scripting

Accountabilities

Incident Detection and Triage:
Monitor security alerts and logs to detect potential security incidents.
Conduct initial triage and assessment of incidents to determine severity and impact.
Incident Analysis:
Conduct in-depth analysis of security incidents to determine root cause, scope, and extent of compromise.
Analyze malware samples, network traffic, and system logs to identify indicators of compromise (IOCs) and attack patterns.
Incident Response:
Lead and coordinate incident response efforts, including containment, eradication, and recovery activities.
Collaborate with cross-functional teams to mitigate security incidents and minimize business impact.
Forensic Investigation:
Assist partners in/and conduct digital forensic investigations to gather evidence and support incident response efforts.
Preserve and analyze forensic artifacts from compromised systems to identify attacker tactics, techniques, and procedures (TTPs).
Threat Intelligence Analysis:
Analyze threat intelligence feeds and reports to identify emerging threats and vulnerabilities.
Correlate threat intelligence with security events and incidents to enhance detection and response capabilities.
Incident Documentation and Reporting:
Document incident findings, analysis, and response actions in incident reports and case management systems.
Prepare and present post-incident reports to management, stakeholders, and regulatory authorities.
Incident Coordination and Communication:
Coordinate incident response activities with internal teams, external partners, and law enforcement agencies.
Communicate effectively with stakeholders to provide timely updates on incident status and resolution efforts.
Identify areas for process improvement and optimization within the CSIRT function.
Develop and implement enhancements to incident detection, analysis, and response procedures.
Perform Oncall Duties on rota basis during out of office hours

Required Skills, qualifications & experience

Primary Escalation Expertise: Proficient in acting as the primary escalation point, undertaking security analysis on critical alerts, and employing expertise to piece together the attack chain across intricate Environments, including cloud, identity, email, network, and endpoint.
Threat Knowledge: Comprehensive understanding of the cyber threat landscape, particularly as it relates to the aviation sector.
Proactive Threat Hunting: Demonstrated capability to convert threat knowledge into active threat hunting. Skilful in analysing and researching new, emerging, or trending attacks, actors, malware samples, and TTP's.
Communication Proficiency: Must have excellent English reading, writing, and speaking skills with the ability to convey security insights: both in crafting and deciphering security metrics, and in presenting them clearly across all hierarchical levels, up to senior leadership.

Several years of experience in cybersecurity, with a focus on incident detection, analysis, and response.

Experience working in a CIRT or SOC environment, preferably in a senior role. Demonstrated expertise in conducting digital forensic investigations and malware analysis.

Strong understanding of incident response frameworks, methodologies, and best practices (e.g., NIST Incident Response Framework, SANS Incident Handling Process).

Experience with threat intelligence analysis, including the use of threat intelligence feeds and platforms.

Familiarity with network security monitoring tools, SIEM (Security Information and Event Management) systems, and other security technologies.

Department

SOC Tech Leads (David Perez Sanz)

Reporting to

David Perez Sanz

Contract type

Regular

Location

---