Defence Automation Engineer

This job is with IAG Tech, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community. Our vision of Technology Excellence - to be industry leaders in the use of technology – means there has never been a more exciting time to be part of IAG Tech. By joining IAG Tech, you will play an important role in providing IT services to our many operating companies, enabling them to work in the most efficient and effective manner. You will be empowered to challenge the norm through the creative use of technology, helping to transform the customer journey.

You will be employed by IAG Global Business Services (GBS), part of International Airlines Group, one of the world’s largest airline groups, with 573 aircraft flying to 268 destinations and carrying around 113 million passengers each year. IAG GBS provides a plug and play platform of scalable, best in class procurement, finance and IT business services to IAG’s operating companies, which include Aer Lingus, Avios, British Airways, IAG, IAG Cargo, Iberia, Iberia Express, LEVEL and Vueling.

Purpose of the role

The purpose of the role is to design, implement, and manage automation solutions within the Security Operations Centre (SOC) to improve the efficiency and effectiveness of security operations. This role focuses on automating repetitive tasks, optimizing workflows, and integrating tools and systems to enhance threat detection, incident response, and overall SOC performance. The goal is to streamline security operations, reduce manual effort, and accelerate the identification and mitigation of security threats, enabling the SOC team to focus on more complex and critical tasks.

Accountabilities

• Automation of SOC Processes: Design and implement automation solutions to streamline repetitive tasks such as alert triaging, incident response, and reporting.
• Tool Integration: Integrate various security tools (SIEM, SOAR, firewalls, etc.) to improve data flow and response coordination.
• Optimization of Workflows: Enhance and optimize SOC workflows for improved efficiency and reduced manual effort.
• Development of Playbooks: Create automated response playbooks for common security incidents, enabling faster and more consistent incident handling.
• Collaboration with Security Teams: Work closely with SOC analysts and engineers to identify areas for automation and provide technical solutions.
• Monitoring and Maintenance: Ensure the continuous operation and performance of automation tools, resolving issues as they arise.
• Continuous Improvement: Regularly review and update automation scripts and processes to adapt to evolving threats and technologies.
• Documentation: Maintain detailed documentation of automation workflows, playbooks, and configurations.

Key Relationships/Interfaces

External: Third-party partners and key solution suppliers

Internal: Other areas of IAG Cybersecurity, particularly the cyber programme, Group Security Team(s), Senior managers/customers from across the Group and relevant business areas, Senior managers/customers/colleagues from operating companies, IAG Tech colleagues.

Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience).
• Industry certifications such as: Certified Information Systems Security Professional (CISSP), Certified Incident Handler (GCIH), GIAC Security Automation Expert (GCSA), Splunk Certified Automation Consultant, or relevant SOAR certifications.
• Experience with automation tools (e.g., SOAR platforms, Ansible, Phantom or similar).
• Proficiency in scripting languages (e.g., Python, PowerShell, Bash).
• Strong understanding of SOC processes, including incident response and threat detection.
• Experience with SIEM platforms (e.g., Splunk).
• Knowledge of security frameworks (e.g., NIST, MITRE ATT&CK).

Skills

• Proficiency in automation tools (e.g., SOAR platforms, Ansible, Phantom).
• Expertise in scripting languages (e.g., Python, PowerShell, Bash).
• Strong knowledge of SOC processes (incident response, threat detection).
• Experience with SIEM platforms (e.g., Splunk).
• Ability to integrate and automate security tools.
• Strong problem-solving and analytical skills.
• Experience in developing automated workflows and playbooks.
• Knowledge of security frameworks (e.g., MITRE ATT&CK, NIST).
• Strong collaboration and communication skills.
• Experience with log management and event correlation automation.

Experience

• 3-5 years of experience in SOC or cybersecurity roles.
• Hands-on experience with automation tools (e.g., SOAR, Ansible, Phantom, Demisto).
• Experience with scripting languages (e.g., Python, PowerShell, Bash) for automation.
• Experience integrating and automating security tools and processes.
• Strong background in SOC operations, incident response, and threat detection.
• Experience with SIEM platforms (e.g., Splunk, QRadar, ArcSight).
• Experience developing and managing automated response workflows.
• Familiarity with security frameworks like MITRE ATT&CK or NIST.
• Experience working with security log management and event correlation tools.

Additional Information

If the opportunity sounds interesting to you, please apply for the role with your CV and a covering letter answering the question in 250 words or less: Please tell us why you’re interested in the Group Procurement Graduate Programme including:

• The skills and qualities that make you an excellent fit for this programme.
• What do you think you will get out of this programme?

The next step is for us to review your application, following which our recruitment team will contact selected candidates to invite them for a telephone interview. We will invite successful candidates to the final stage, an Assessment Centre that will take place on the 6th of February in our IAG GBS.