Job Description:Airbus Protect brings together experts in the fields of Safety, Cybersecurity and Sustainability. We are over 1200 experts based across our main locations in France, Germany, UK and Spain, also operating in the US and the Middle East.We deliver expertise to our own group, Airbus but also to external clients.Our mission is to protect governments, military and essential national infrastructure enterprises from cyber threats.Our goal: Protect our customers and support their needs with cybersecurity products.The Cyber Defence Centre provides services in order to:Prevent a cyber risk (Consulting & audits)Detect and react on security incidents (Security Operation Centre - SOC)Respond to cyber attacks (Computer Security Incident Response Team - CSIRT)In this context, the Cyber Defence Centre in Spain is seeking to hire a Cybersecurity Analyst.Position & ResponsibilityThe Cybersecurity Analyst works as a part of a team in charge of security monitoring for the international and national SOCs. The main mission of the Cybersecurity Analyst is to deal with the security incidents which are detected by the service and to lead in-depth analysis on these incidents, ensuring that work tickets are updated / closed including relevant technical details in accordance with existing SLAs.You will also work in the development and testing of security alerts to detect and prevent those incidents. The successful candidate will be part of the analysts staff, working in normal business hours and in stand-by shifts too. All Analysts are expected to be comfortable at a technical level, being able to present and write professional reports to key stakeholders and exercise good time management, often being required to attend technical workshops and customer briefings / service reviews.Tasks and AccountabilitiesInvestigate potential security incidents.Add context to the incident to understand the behaviour, analysing data from multiple tools and data sources.When required perform initial triage / identification of Events of Interest using a range of monitoring and detection tools.Participate in the crisis management by providing support to the incident handler and the SOC analysts.Maintain the detection rules database.Develop new detection rules.Work on the decrease of false positives.Track trends for metrics and reporting.Ensure that all events, events of interest, exceptions & incidents are responded to in accordance with established work instructions, including remedial action / recommendations.Maintenance of work instructions - reviews & amendment.Generate reports (as per templates) and trending analysis as requested by SOC Manager or key stakeholders.Present & review reports to internal & external key stakeholders.Attend recurrent meetings with the customer as the technical referent.Provide recommendations or workarounds to the customer in order to reduce business impact.Lead and participate in the continuous improvement of the service (detection level, processes, operational procedures, service efficiency, service reporting).Support the customer in remediating incidents.Support the improvement of service efficiency and detection rules.Support the SOC manager in the reporting of the activity.RequirementsEngineer diploma with Cybersecurity trainings or equivalent after a solid experience in the domain of Cyber defence.Security Certifications (CEH, GCIH, GMON...)Experience working in a SOC.Experience with EDR tools.TCP / IP Fundamentals.Wireshark Packet Analysis.Experience working with Regular Expressions.Experience developing SIEM correlation rules.English required.Splunk certifications are a plus.Eligibility to obtain Security Clearance.It will be necessary to complete the provided Blue Team training and get certified.Soft SkillsRigorous and respectful of processes. Strong attention to details.Good time management skills with the ability to multitask.Information Security and operational oriented mindset.Team player.Customer focus.Autonomous and self-organized.Analytical and synthesis skills.We provide training on the tools and processes for the success of your mission.Due to the nature of SOC operations, there is the possibility that the Cybersecurity Analyst will be required to work in alternate stand-by shifts, including weekends and nights.The candidates must have a valid National Security Clearance (HPS) or be eligible to get it.This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company's success, reputation and sustainable growth.Company: Airbus Defence and Space SAUEmployment Type: PermanentExperience Level: ProfessionalJob Family: Cyber Security
#J-18808-Ljbffr