Cyber Incident Response Analyst

The Cyber Incident Response Analyst is a key practitioner within the Cyber Defence function responsible for hands-on incident management activities and collaborating day to day with the within a hybrid delivery model they will support incident management services that include 24x7 monitoring rapid incident response and drive proactive improvements of detection and response processes through automation integration and strong operational governance.

This role will work crossfunctionally with teams across Cyber Defence Cyber Engineering and IT supporting ongoing maturity of cyber monitoring coverage and incident management playbooks for timely detection and response processes in addition to improving our security posture by simulating threat actor techniques that test our organisations technical controls and processes to support continuous improvements to the overall cyber security posture.

• Perform incident triage and investigations alongside the SOC to ensure comprehensive and accurate analysis and forensics across EI systems and assets as required.
• Act as the point of escalation for the Aer Lingus SOC co-ordinating with the outsourced vendor and internal Cyber and IT teams on response activities and remediations.
• Interact with the SOC on day-to-day operations ensuring delivery of high quality and effective monitoring management and responses processes and continuous development of incident response playbooks
• Partner with other Cyber Defence and Engineering roles to identify opportunities for process and systems integrations to improve service quality and responsiveness
• Ensure Cyber Defence evidence reporting and assurance are fit for purpose (incident records integrity audit trails lessons learned and continuous improvement actions).
• Identify and validate internal and external security weaknesses using both manual techniques and appropriate tooling
• Ensure findings are appropriately documented with clear risk descriptions reproduction steps business and technical impact & pragmatic remediation guidance
• Part of on-call rota for escalations in the event of a major cyber event
• Partner with the outsourced SOC and Threat Management services with daily weekly and monthly operational cadences to ensure full visibility of the current incident landscape and tracking of service KPIs and SLAs
• Support improvements to monitor detect and respond to threats in real time leveraging SIEM EDR SOAR and automation to deliver at scale.
• Assist in the development and maintenance of cyber testing playbooks checklists and standard operating procedures.
• Support planning and delivery of tabletop exercises and simulation tests to enhance readiness with technology and operational teams
• Stay current with emerging threats vulnerabilities and offensive techniques relevant to the organisations tech stack.

• 8 years cybersecurity and/or IT experience with at least 4 years in SOC Incident Response or Offensive Security roles
• Proven experience in direct involvement in cyber incidents fulfilling investigation digital forensics event triaging and response responsibilities
• Practical experience with common offensive security tools and techniques (e.g. Burp Suite Nmap Metasploit custom scripts).
• Relevant Cyber qualifications e.g. GIAC CISSP OSCP CEH or similar
• Familiarity with MITRE ATT&CK framework and modern attacker techniques.
• Experience developing dashboards for reporting on service metrics and trends
• Experience working with outsourced SOC security services
• Scripting and developing skills for integrating cyber tools and automating playbook responses.
• Comfortable being the primary internal response lead on low-medium severity incidents
• Proven proactive and independent thinker willing to speak up and bring new ideas
• Handson proficiency with Cyber Defence technologies (e.g. SIEM Threat Intelligence SOAR EDR platforms such as CrowdStrike ZeroFox Splunk or equivalent).
• Working knowledge of at least one scripting or programming language (e.g. Python Bash PowerShell).
• Demonstrated ability in improving operational processes and playbooks.
• Ability to translate threat intelligence control testing and incident learnings into requirements to improve incident management services.