Job Description

Purpose of the role:

• Support the Security Operations Centre (SOC) in provision of all Cyber Threat Intelligence (CTI) services including monitoring, analyzing, triage and reporting activities
• Proactively seek out indicators of compromise that conventional cybersecurity processes cannot find
• Track threats and campaigns aimed at IAG and its operating companies
• Work with stakeholders from across the business to identify, monitor, assess and counter cyber threats
• Ensure threat events and incidents are investigated, contained and remediated
• Counter the future re-occurrence of identified malicious threat activity or incidents
• Ensure threat activities are reported and shared with IAG and its operating companies
• Act as the IAG management/technical resource for CTI engagements

Accountabilities:

Working in partnership with IAG Tech and the business to:

• Understand the IAG mission, values, operations, goals, risks and risk tolerance
• Understand and connect threats to the risks of the IAG to provide appropriate capabilities and services
• Conduct threat assessments to identify what threats are most likely to target IAG and its operating companies, and how they would execute their attacks
• Maintain situational awareness for cyber threats across the organization and drive appropriate response activities
• Monitor & analyze cyber threats
• Gather threat intelligence (OSINT, feeds, malware analysis)
• Monitor threat intelligence feeds to identify a range of threats, including indicators of compromise and advanced persistent threats (APTs)
• Assess & prioritize threats based on impact
• Create and present threat intelligence reports for decision-making
• Collaborate with SOC and CIRT teams
• Hypothesizes new threats and indicators of compromise
• Develop and contribute to IOCs, detection rules and implement innovative approaches to address inefficiencies in security processes
• Create cybersecurity measures and control plans to protect against unauthorized exploits
• Contribute to security awareness training
• Conduct threat hunting
• Stay updated on latest threat intelligence trends
• Work collaboratively with and manage CTI and Brand Protection Partners
• Proactively engage with, and lead in developing CTI communities across IAG and partners.
• Work with data to identify patterns
• Use judgment to form conclusions that may challenge conventional wisdom
• Identify the tactics, techniques and procedures (TTPs) of potential threats through the MITRE ATT&CK framework
• Provide consultative advice and coaching to cybersecurity customers to help them make informed risk management decisions
• Apply different strategies to convince others to change their opinions or plans
• Ensure that proposals or arguments are supported by strong logic and a compelling business case
• Assist teams in various security and privacy risk mitigation
• Innovate on reporting methods and deliver actionable intelligence to peers and leadership teams to increase situational awareness

This role may require travel and working from multiple sites/locations. Willing and able to travel to participate in meetings, workshops, and other related activities.

Qualifications

Educated to degree level or equivalent experience

Desired qualification:

Education:

Bachelor's degree or higher in Computer Science, Information Security, Cybersecurity, Intelligence Studies, or a related field.

Certifications:

• Relevant certifications in cybersecurity and threat intelligence are highly desirable. Examples include:
• Certified Information Systems Security Professional (CISSP)
• Certified Threat Intelligence Analyst (CTIA)
• GIAC Cyber Threat Intelligence (GCTI)
• Certified Cyber Threat Hunting Professional (CCTHP)
• EC-Council Certified Threat Intelligence Analyst (C|TIA)
• Certified Incident Handler (GCIH)

Additional Information

Skills:

• Strong understanding of cybersecurity principles, concepts technologies, and attack vectors.
• Familiarity with common threat actor tactics, techniques, and procedures (TTPs).
• Proficiency in analyzing malware, phishing campaigns, and other malicious activities to extract actionable intelligence.
• Knowledge of network security protocols, endpoint security technologies, and security information and event management (SIEM) and security orchestration and automated response (SOAR) systems.
• Comprehensive understanding of the cyber threat landscape, particularly as it relates to the aviation sector.
• Demonstrated capability to convert threat knowledge into active threat hunting.
• Skillful in analysing and researching new, emerging, or trending attacks, actors, malware samples, and TTP’s.
• Can proactively identify and address security issues, as soon as they are identified
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• Ability to effectively influence others to modify their opinions, plans or behaviors
• Ability to communicate complex information at all levels
• Ability to act as a change advocate in IAG
• Ability to work with business partners needs in challenging situations
• Ability to mediate between stakeholders with different opinions on critical issues
• Understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business
• Understanding of IAG mission, values and goals, and consistent application of this knowledge
• Understanding of compliance and regulatory requirements
• Excellent problem-solving and communications skills
• Must have excellent English reading, writing, and speaking skills with the ability to convey security insights: both in crafting and deciphering security metrics, and in presenting them clearly across all hierarchical levels, up to senior leadership.

Experience:

• Several years of experience in cybersecurity, with a focus on threat intelligence analysis.
• Experience working in a threat intelligence team or security operations center (SOC) environment.
• Proficiency in collecting, analyzing, and disseminating threat intelligence to identify emerging threats and vulnerabilities.
• Demonstrated ability to analyze large data sets and identify anomalies
• Demonstrated ability to quickly create and deploy countermeasures under pressure
• Demonstrated ability to create complex scripts, develop tools, or automate processes in Python or other relevant command languages
• Hands-on experience with threat intelligence platforms, open-source intelligence (OSINT) tools, and dark web monitoring.