SOC Detection & Automation Engineer

Job Description:

Description:

SOC Detection and Automation Engineer will be part of the Digital function, which is responsible for Airbus information management capabilities and is continuously building, operating new business and platforms, services adoption of new technologies, automation, digital native skills and agile ways of working to accelerate our digitalization journey. Digital is about making the benefits of digital technologies available to Airbus so we can bring value to market much faster, while retaining quality and scale. 

As a SOC Detection & Automation Engineer your role is to research and suggest  security detection scenarios and build automations to enhance SOC investigation and response capabilities . You will also be responsible to develop a roadmap and strategies for threat detection, investigation and response along with producing management information, including reports and KPIs, create and enhance internal processes and procedures. Your role is key as you contribute to the overall performance and success of the Security Operations Centre. 

Challenges are numerous and exciting!

What is the Airbus Detect and Response team doing?

Security threats have increased drastically in the last few years and organisations are facing an increasingly complex threat landscape. Airbus digitalization is bringing many opportunities but they come with new risks. Therefore, the main mission of Detection & Response (D&R) is to identify the threats and detect security incidents that target Airbus company-wide, and propose adapted security response. D&R teams are supporting Airbus businesses and ensuring their protection against cyber threats.

Security is not an option, be part of it!

The SOC Mission:

• Monitoring, detection, and analysis of potential intrusions in real time and through historical trending on security-relevant data sources

  
  

• Response to confirmed incidents, by directing use of timely and appropriate countermeasures 

  
  

• Providing situational awareness and reporting on cybersecurity status, incidents

  
  

Qualification & Experience:

We seek out curious minds! We value attention to detail! And we care deeply about outcomes!

We’re looking for passionate people, who are eager to learn, willing to share, and establishing innovative ways of working and influencing culture change

• Bachelor degree in Computer Science, Engineering, or related field

  
  

• Masters in Information Security would be preferred

  
  

• 4 to 8+ years of relevant experience as a Detection and Automation Engineer or SOC L2/L3 Analyst

  
  

• Information Security and/or Information Technology industry certification (CASP+, SANS-GIAC, OSCP, CISSP or equivalent) will be preferred

  
  

• Strong  automation & scripting skills using Python and JavaScript and SOAR Technologies

  
  

• Experience/knowledge of investigating the threat scenarios in multiple domains like Windows and windows internals, Network, Unix/Linux, Cloud(AWS / GCP) is required

  
  

• Must have knowledge of network and web technology, encryption, virtual private networks, internet extranet security, cloud computing (firewalls, remote access) and security management

  
  

• Knowledge & experience in Splunk Enterprise Security (any certification appreciated) including knowledge in log management, Splunk application and search development (SPL), SOAR technology (Splunk Phantom)

  
  

• Knowledge in SOC referential such as Sigma, STIX/TAXII, MITRE ATT&CK

  
  

• Proven ability to prioritise workload, meet deadlines, and utilise time effectively

  
  

• Good interpersonal and communication skills, works effectively as a team player

  
  

• French language knowledge will be an added advantage

  
  

Responsibilities

Security Research and Automation

• Take responsibility for development of investigative automations using Python, JavaScript and SOAR tools to help incident response team in quick and efficient decision making

  
  

• Build enrichment automations to provide alert artifacts from various enterprise and open source security tools to support context building during investigation 

  
  

• Research, understand latest threats targeting various operating systems, platforms and applications to build & fine-tune SOC detections

  
  

• Perform adversary emulation to mimic an existing known threat actors / APT groups on a dedicated testing infrastructure to proactively evaluate the efficacy and gaps in our security controls

  
  

Collaboration and Documentation:

• Collaborate with SOC Detection Lead, Incident response team, pentest and security architect teams to propose detection and automation strategies and roadmap

  
  

• Participate in workshops between detection development team and other security teams to to improve the overall detection scope

  
  

• Work closely with other security teams (Security architects,  Red team, Application security & others) to improve threat detection and response strategies

  
  

• Develop and produce detailed documentation for each SOC use case including the end to end full lifecycle of delivery of the use case and roles and responsibility within the SOC team to deliver and fulfil the use case requirement

  
  

• Engage with Head of SOC, SOC Product Owner, Scrum Master to prioritise detection research and automation topics

  
  

Continuous Learning and Development:

• Participate in Security threat and monitoring forums to learn and keep abreast of the latest security trends, threats, and vulnerabilities, continually building knowledge in the cyber threat landscapes and good practices

  
  

• Participate in workshops, training, certifications and security conferences  to enhance skills in cyber detection and response

  
  

Benefits

• You will be part of a truly international team

  
  

• Travel opportunities (domestic and international)

  
  

• Competitive remuneration, bonus and incentives

  
  

• Good work / life balance and career growth opportunities

  
  

• Training and development opportunities (online, classroom, conferences)

  
  

• Comprehensive benefits package (complementary health and life insurance)

  
  

Success Metrics

Success will be measured in a variety of areas, including but not limited to

• Consistently ensure the on-time delivery and quality (first-time-right) of the projects

  
  

• Bring innovative cost effective solutions

  
  

• Achieve customer satisfaction

  
  

This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company’s success, reputation and sustainable growth.

Company:

Employment Type:

-------

Experience Level:

Job Family:

By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.
Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief.

Airbus is, and always has been, committed to equal opportunities for all. As such, we will never ask for any type of monetary exchange in the frame of a recruitment process. Any impersonation of Airbus to do so should be reported to emsom@airbus.com.

At Airbus, we support you to work, connect and collaborate more easily and flexibly. Wherever possible, we foster flexible working arrangements to stimulate innovative thinking.