Senior Incident Response Analyst

Company Description

IAG Tech is a community of IT and digital professionals from across the International Airlines Group (IAG). We drive the technology behind some of the biggest and most successful brands in global aviation, including British Airways, Aer Lingus, and Iberia.

Brought together in 2019, we are a unique community with a shared vision to deliver Technology Excellence and be recognised as industry leaders in the use of technology.

Our mission is to delight customers, enable employees, accelerate business performance, protect our business and increase shareholder value, through the innovative and agile use of technology and data.

We use product-centric delivery teams using agile methods to implement new capabilities at pace and maximise business outcomes. With a relentless focus on improving system performance and stability, we continually strive to find new and better ways to innovate and support the Group.

At IAG Tech we share common values to help us create the right culture to underpin our thriving community:
Innovation | we value identifying new ways of using technology to solve business challenges
Empowerment | we value giving people the freedom to operate, that they take accountability, and collaborate with colleagues
Professionalism | we value having and developing the right knowledge and competency to be able to do our jobs to the best of our ability
Transparency | we value honesty and integrity and always share the reality in a manner the business understands
Agility | we value responsiveness, speed and flexibility in everything we do

We celebrate when we see great examples of our values in action and challenge each other when we see these values being ignored.

Job Description

The Senior Incident Response Analyst will utilise a diverse range of tools and resources to actively identify, probe, and address both emerging and ongoing threats affecting IAG networks, systems, users, and applications. You must thrive in high-pressure situations, think like both an attacker and defender, and drive relevant teams to take the right actions in the right time frames to mitigate risks. This position necessitates collaboration and dialogue with both technical and non-technical teams, encompassing security leadership and business representatives. As a seasoned expert, the individual in this role will also provide guidance and mentorship to less experienced analysts. Successful candidates:

Must also be willing to participate in a rotating on-call schedule and must be able to work collaboratively across physical locations. Having the ability to work outside of normal working hours as required due to critical incidents or emergency calls, will be essential to success in this role.

Qualifications

Skills

• Primary Escalation Expertise: Proficient in acting as the primary escalation point, undertaking security analysis on critical alerts, and employing expertise to piece together the attack chain across intricate environments, including cloud, identity, email, network, and endpoint.
• Threat Knowledge: Comprehensive understanding of the cyber threat landscape, particularly as it relates to the aviation sector.
• Proactive Threat Hunting: Demonstrated capability to convert threat knowledge into active threat hunting. Skilful in analysing and researching new, emerging, or trending attacks, actors, malware samples, and TTP’s.
• Communication Proficiency: Must have excellent English reading, writing, and speaking skills with the ability to convey security insights: both in crafting and deciphering security metrics, and in presenting them clearly across all hierarchical levels, up to senior leadership.

Experience

• A minimum of 5 year’s experience in the areas of: endpoint security, malware analysis, threat hunting, penetration testing, incident response, reverse engineering, or digital forensics.
• Knowledge of AWS cloud infrastructure with hands-on experience monitoring associated logs, including GuardDuty, CloudTrail, and VPC Flow.
• Proven Akamai security experience with Kona, WAF, BMP, custom rules, bot definitions and analysing traffic via WSA.
• Experience performing investigations using EDR/XDR tooling such as CrowdStrike and MS Defender to investigate Windows/Linux systems.
• Experienced with Memory Forensics, dump extraction and analysis.

Qualifications

Essential: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.

Desired: Master's degree in a related field / Professional certifications such as CERT-CSIH, CISSP, GCFA, GCFE, GCIH, GCIA, GMON

Additional Information

Benefits

The chance to enjoy a challenging career in an exciting, fast-moving environment in a dynamic industry, working in a multi-cultural environment with great offices in many locations. We aim to provide all our people with a work/life balance, as well as the many benefits offered by a global organisation, including health insurance, pension, and performance bonuses.

Diversity and Inclusion

IAG Tech is part of the IAG GBS organisation, and our people are at the heart of everything we do. We recognise that we can only deliver the required business outcomes if we have a thriving community of technology professionals. Together we strive to become the very best at what we do.

We focus on making Tech a great place to work, with a community that we feel proud to belong to. To help make this a reality, our people strategy focuses on six key domains: Engagement, Talent Management, Reward and Recognition, Performance Management, Learning and Development and Culture.

We understand the importance of Diversity and Inclusion in the workplace to deliver this strategy – everyone should feel part of our team. We want to foster an inclusive workplace, celebrate individuality and embrace differences so that everyone in IAG Tech can achieve their goals and ambitions, regardless of their personal circumstances or background.

As a Group, IAG has an ambition that 40% of senior management roles are held by women by 2025. IAG Tech fully supports that ambition, and we are working to help make it a reality. With this in mind, we have set ourselves the challenging target of recruiting 50% female colleagues by 2030.