Cyber Detection Engineer

SECURITY CLEARANCE: Must have or be able to obtain security clearance eligibility to access UK Ministry of Defence establishments, working within ITAR and Export Control restrictions.

LOCATION: Newport, South Wales, Portsmouth or Stevenage

TYPE: Full time

HOURS: 37

A high number of candidates may make applications for this position, so make sure to send your CV and application through as soon as possible.

WHAT'S IN IT FOR YOU

• Financial Reward: Competitive salary, annual profit share, contributory pension, share options, car leasing scheme, free onsite parking, season ticket loan, tax-free technology scheme, discounted shopping and much more.
• Work / Life Balance: 37 hour week, flexible working around core hours and Friday afternoons off, hybrid working, up to 2 additional days per month as TOIL, option to buy/sell holiday.
• Personal Development: Personalised development plan, Airbus Leadership University and unlimited access to 10,000 E-learning courses, internal mobility including international opportunities.
• Health & Wellbeing: Wellbeing benefits (including 24/7 online GP and mental health support), Employee Assistance Programme, discounted family health/dental insurance/eye tests, cycle-to-work scheme.
• Family and Caregiving: Life assurance, enhanced pay for maternity, paternity, adoption and shared parental leave and caregiving.
• Inclusive Environment: Wellbeing room, Multi-faith room, Employee Representative Groups (Gender, LGBTQ, International, Generational, Disability, Social & Cultural Diversity, Neurodiversity).

Our world is changing. And so are we. From our commitment to zero-carbon flight (ZEROe) to cleaning up space, sustainability is at the heart of our purpose. So what's your next change? Airbus Defense and Space is looking for a passionate and talented Cyber Security Detection & Automation Engineer to join our international Incident Response Team (CSIRT), in Newport, Portsmouth or Stevenage. A mission critical part for us in order to secure our world-class business. This is a technical, hands-on role that will work with a variety of security tools and technologies protecting our whole enterprise. You will be responsible for managing our Cyber Threat Intelligence (CTI) research and Threat Hunting activities, the entire lifecycle of our detection rules repository and SOC automation stack. You will be responsible for the technical evolution of our SOC blueprint and managing enhancement projects to integrate new features and solutions into our Security Operation Centers (SOC). This is a fantastic opportunity to join a team who live and breathe cyber security and to work for a company with great products and technologies around the globe.

HOW YOU WILL CONTRIBUTE TO THE TEAM

• Threat Analysis: Leverage the organization’s CTI provider as a strategic asset, not just a data source - integrating external intel with internal context to assess real impact and relevance. Conduct in-depth analysis of cyber threats (APT groups, malware campaigns, zero-days, etc.) and assess their relevance to Airbus operations, especially the aerospace and defense-related. Translate complex threat data into clear, actionable intelligence for technical and non-technical stakeholders. Produce regular and ad hoc threat intelligence reports, briefings, and dashboards tailored to specific business units or leadership needs.
• Threat Hunting: Proactively hunt for signs of adversary presence within enterprise environments using threat intelligence, telemetry, and hypothesis-driven methods. Design and execute structured threat hunting playbooks based on known TTPs (e.g., MITRE ATT&CK) and emerging threats, enabling consistent, repeatable hunts. Develop code-based playbooks (e.g., Jupyter Notebooks or Python scripts) that integrate threat intelligence, log sources, and detection logic - making them reusable by SOC, IR, and detection engineering teams. Collaborate with detection engineers to convert hunt findings into long-term detections and SIEM use cases, contributing to continuous monitoring improvements. Continuously refine and document hunt processes and hypotheses for knowledge sharing across cyber defense teams.
• Monitoring & Anticipation: Maintain situational awareness of the evolving threat landscape through open-source intelligence (OSINT), commercial feeds, dark web monitoring, and collaboration with national cybersecurity bodies. Detect and flag early indicators of potential cyber campaigns targeting aerospace or defense sectors. Assist in the development and fine-tuning of detection rules and alerts for monitoring security systems (e.g., SIEM, EDR). Contribute in the specification of telemetry log sources and data normalization for its processing in Cyber Detection. Develop tools and techniques to identify patterns and anomalies in network traffic, system logs, and application data that could indicate security incidents (Threat Hunting). Implement adversary emulation tests to assess the quality of the detection rules.
• Stakeholder Engagement: Build relationships with external CTI peers in industry and government to share best practices, TTPs (tactics, techniques, procedures), and threat actor profiles. Ensure timely and accurate dissemination of threat data to internal stakeholders across the organization, including CISO-level reports.
• Rapid Response Enablement: Design and maintain workflows for the rapid delivery of intelligence to incident response and risk teams, enabling faster decision-making and containment. Support post-incident analysis by enriching forensic investigations with relevant threat intelligence context.

ABOUT YOU

• Technical Skills: Understanding of security tools such as EDR, Windows Logging, firewalls, intrusion detection/prevention systems (IDS/IPS). Deep knowledge of Operating System insights (Windows/Linux). Experience with Python is a requirement, PowerShell/Bash are a plus. Understanding of DevOps, git.
• Analytical Skills: Strong knowledge of threat actor tactics, techniques, and procedures (TTPs) and frameworks like MITRE ATT&CK, Kill Chain, and Diamond Model. Proficiency with SIEM tools (e.g., Splunk, ELK), threat intelligence platforms (e.g., MISP, ThreatConnect), and endpoint detection tools (e.g., EDR/XDR). Experience building code-based hunting or automation playbooks (e.g., Python, Jupyter Notebooks, PowerShell). Familiarity with scripting or automation for IOC enrichment, API integrations, and telemetry analysis. Ability to correlate multiple data sources and pivot across logs, alerts, and CTI for deeper investigation. Understanding of threat modeling, detection engineering, or purple teaming is a plus.

Not a 100% match? No worries! Airbus supports your personal growth with custom development solutions.

HOW WE CAN SUPPORT YOU

Many of our staff work flexibly in many different ways, including part-time. Please talk to us at the interview about the flexibility you need and we’ll always do our best to accommodate your request. Please let us know if you need us to make any adjustments for the selection process - you can share this with your Talent Acquisition Partner if you are invited to interview. Examples may include (but not exclusive to) accessible facilities; auxiliary aids; room layout, etc. Any information disclosed will be treated in the strictest confidence. As a Disability Confident Employer, Airbus UK will offer an interview to any applicant that considers themselves to have a disability or long-term condition and meets the minimum criteria of the role (as set out in the job advert). To ‘opt in’, just select the option during your application submission and our Talent Acquisition team will contact you.

This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company’s success, reputation and sustainable growth.

Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief. Airbus is, and always has been, committed to equal opportunities for all. As such, we will never ask for any type of monetary exchange in the frame of a recruitment process. Any impersonation of Airbus to do so should be reported to emsom@airbus.com. At Airbus, we support you to work, connect and collaborate more easily and flexibly. Wherever possible, we foster flexible working arrangements to stimulate innovative thinking.