Cybersecurity Analyst

Airbus Protect brings together experts in the fields of Safety, Cybersecurity and Sustainability. We are over 1200 experts based across our main locations in France, Germany, UK and Spain, also operating in the US and the Middle East.We deliver expertise to our own group, Airbus but also to external clients.Our mission is to protect governments, military and essential national infrastructure enterprises from cyber threats.Our goal: Protect our customers and support their needs with cybersecurity products.The Cyber Defence Centre provides services in order to:¤ Prevent a cyber risk (Consulting & audits)¤ Detect and react on security incidents (Security Operation Centre - SOC)In this context, the Cyber Defence Centre in Spain is seeking to hire a Cybersecurity Analyst.Position & ResponsibilityThe Cybersecurity Analyst works as a part of a team in charge of security monitoring for the international and national SOCs.The main mission of the Cybersecurity Analyst is to deal with the security incidents which are detected by the service and to lead in-depth analysis on these incidents, ensuring that work tickets are updated/closed including relevant technical details in accordance with existing SLAs. You will also work in the development and testing of security alerts to detect and prevent those incidents.The successful candidate will be part of the analysts staff, working in normal business hours and in stand-by shifts too.All Analysts are expected to be comfortable at a technical level, being able to present and write professional reports to key stakeholders and exercise good time management, often being required to attend technical workshops and customer briefings/service reviews.Tasks and Accountabilities- Investigate potential security incidents.- Add context to the incident to understand the behaviour, analysing data from multiple tools and data sources.- When required perform initial triage/identification of 'Events of Interest' using a range of monitoring and detection tools.- Participate in the crisis management by providing support to the incident handler and the SOC analysts.- Maintain the detection rules database.- Develop new detection rules.- Work on the decrease of false positives.- Track trends for metrics and reporting.- Ensure that all events, events of interest, exceptions & incidents are responded to in accordance with established work instructions, including remedial action/recommendations.- Maintenance of work instructions - reviews & amendment.- Generate reports (as per templates) and trending analysis as requested by SOC Manager or key stakeholders.- Present & review reports to internal & external key stakeholders- Attend recurrent meetings with the customer as the technical referent.- Provide recommendations or workarounds to the customer in order to reduce business impact.- Lead and participate in the continuous improvement of the service (detection level, processes, operational procedures, service efficiency, service reporting).- Support the customer in remediating incidents.- Support the improvement of service efficiency and detection rules.- Support the SOC manager in the reporting of the activity.Requirements- Engineer diploma with Cybersecurity trainings or equivalent after a solid experience in the domain of Cyber defence.- Security Certifications (CEH, GCIH, GMON...)- Experience working in a SOC.- Experience with EDR tools.- Wireshark Packet Analysis.- Experience working with Regular Expressions.- Splunk certifications are a plus.- Eligibility to obtain Security Clearance.- It will be necessary to complete the provided Blue Team training and get certified.Soft Skills- Rigorous and respectful of processes. Strong attention to details.- Good time management skills with the ability to multitask.- Information Security and operational oriented mindset.- Team player.- Autonomous and self-organized.- Analytical and synthesis skills.We provide training on the tools and processes for the success of your mission.Due to the nature of SOC operations, there is the possibility that the Cybersecurity Analyst will be required to work in alternate stand-by shifts, including week-ends and nights.The candidates must have a valid National Security Clearance (HPS) or be eligible to get it.This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company's success, reputation and sustainable growth.Company:Airbus Defence and Space SAU Job Description:Airbus Protect brings together experts in the fields of Safety, Cybersecurity and Sustainability. We are over 1200 experts based across our main locations in France, Germany, UK and Spain, also operating in the US and the Middle East.We deliver expertise to our own group, Airbus but also to external clients.Our mission is to protect governments, military and essential national infrastructure enterprises from cyber threats.Our goal: Protect our customers and support their needs with cybersecurity products.The Cyber Defence Centre provides services in order to:¤ Prevent a cyber risk (Consulting & audits)¤ Detect and react on security incidents (Security Operation Centre - SOC)¤ Respond to cyber attacks (Computer Security Incident Response Team - CSIRT)In this context, the Cyber Defence Centre in Spain is seeking to hire a Cybersecurity Analyst.Position & ResponsibilityThe Cybersecurity Analyst works as a part of a team in charge of security monitoring for the international and national SOCs.The main mission of the Cybersecurity Analyst is to deal with the security incidents which are detected by the service and to lead in-depth analysis on these incidents, ensuring that work tickets are updated/closed including relevant technical details in accordance with existing SLAs. You will also work in the development and testing of security alerts to detect and prevent those incidents.The successful candidate will be part of the analysts staff, working in normal business hours and in stand-by shifts too.All Analysts are expected to be comfortable at a technical level, being able to present and write professional reports to key stakeholders and exercise good time management, often being required to attend technical workshops and customer briefings/service reviews.Tasks and Accountabilities- Investigate potential security incidents.- Add context to the incident to understand the behaviour, analysing data from multiple tools and data sources.- When required perform initial triage/identification of 'Events of Interest' using a range of monitoring and detection tools.- Participate in the crisis management by providing support to the incident handler and the SOC analysts.- Maintain the detection rules database.- Develop new detection rules.- Work on the decrease of false positives.- Track trends for metrics and reporting.- Ensure that all events, events of interest, exceptions & incidents are responded to in accordance with established work instructions, including remedial action/recommendations.- Maintenance of work instructions - reviews & amendment.- Generate reports (as per templates) and trending analysis as requested by SOC Manager or key stakeholders.- Present & review reports to internal & external key stakeholders- Attend recurrent meetings with the customer as the technical referent.- Provide recommendations or workarounds to the customer in order to reduce business impact.- Lead and participate in the continuous improvement of the service (detection level, processes, operational procedures, service efficiency, service reporting).- Support the customer in remediating incidents.- Support the improvement of service efficiency and detection rules.- Support the SOC manager in the reporting of the activity.Requirements- Engineer diploma with Cybersecurity trainings or equivalent after a solid experience in the domain of Cyber defence.- Security Certifications (CEH, GCIH, GMON...)- Experience working in a SOC.- Experience with EDR tools.- TCP/IP Fundamentals- Wireshark Packet Analysis.- Experience working with Regular Expressions.- Experience developing SIEM correlation rules.- English required.- Splunk certifications are a plus.- Eligibility to obtain Security Clearance.- It will be necessary to complete the provided Blue Team training and get certified.Soft Skills- Rigorous and respectful of processes. Strong attention to details.- Good time management skills with the ability to multitask.- Information Security and operational oriented mindset.- Team player.- Customer focus.- Autonomous and self-organized.- Analytical and synthesis skills.We provide training on the tools and processes for the success of your mission.Due to the nature of SOC operations, there is the possibility that the Cybersecurity Analyst will be required to work in alternate stand-by shifts, including week-ends and nights.The candidates must have a valid National Security Clearance (HPS) or be eligible to get it.This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company's success, reputation and sustainable growth.Company:Airbus Defence and Space SAUEmployment Type:Permanent-------Experience Level:ProfessionalJob Family:Cyber SecurityBy submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief.Airbus is, and always has been, committed to equal opportunities for all. As such, we will never ask for any type of monetary exchange in the frame of a recruitment process. Any impersonation of Airbus to do so should be reported ****** .At Airbus, we support you to work, connect and collaborate more easily and flexibly. Wherever possible, we foster flexible working arrangements to stimulate innovative thinking. Explore more InfoSec / Cybersecurity career opportunitiesFind even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below. #J-18808-Ljbffr