Information Security SOC Analyst

at  Ryanair

Ryanair Labs is the technology brand of Ryanair. Labs is a state of-the-art digital & IT innovation hub creating Europe’s Leading Travel Experience for our customers. The Ryanair platform has over 1 billion visits per year. By joining Ryanair, you will develop cutting edge tech solutions inside Ryanair, transforming aviation for Pilots, Cabin Crew & Ground Ops, as well as driving the tech experience for our customers on Europe’s largest travel website!
Ryanair Labs has more than 550 employees across our offices in Dublin, Madrid, Poland, and Portugal. Our plan is to continue to grow our IT Labs Team so we are always on the lookout for the best talent. Apply today for more information.

REQUIREMENTS

• Understanding of performing analysis and interpretation of information from SOC systems: incident identification / analysis, escalation procedures and reduction of false-positives.
• Related experience and training in the field of IT security monitoring and analysis, cyber threat analysis, and vulnerability analysis.
• Knowledge of multiple operating systems and applicable system administration skills (Windows, Linux, Mac, VM platforms).
• Experience using Security tools, such as Vulnerability scanners, IDS/IPS, SIEM, etc.
• Detailed understanding of TCP/IP and a good background in network troubleshooting and technologies; Firewall configuration, monitoring, network packet capture (tcpdump / Wireshark), etc.
• An understanding of threat analysis, threat hunting, and intelligence feeds
• Excellent knowledge of commonly used Internet protocols such as SMTP, HTTP, and DNS
• Knowledge of adversarial simulation frameworks

THE ROLE

The SOC Analyst role is part of the Information Security Department of Ryanair. You will be joining a challenging, exciting and growing part of the business, working in a dynamic environment. The team is responsible for cybersecurity of internal environments.
The role would suit an experienced analyst having previously worked in a SOC environment.

RESPONSIBILITIES:

• Analyze, triage and respond to security events, alarms and escalations as required, acting as the line security event analyst monitoring the Security Information and Event Management (SIEM) system.
• Monitor the alarm dashboard, providing an initial analysis of event data and network traffic, making security event determinations on alarm severity, escalation and response routing.
• Recommend changes to enhance systems security and prevent unauthorized access to IT Lab and Client systems.
• Conduct research and assessments of security events, providing analysis of firewall, IDS, anti-virus and other network sensor produced events, to feed into SOC reporting activities and improvements.
• Monitor threat and vulnerability news services for any relevant information that may impact installed infrastructure.
• Analyse reports to understand threat campaign(s) techniques, lateral movements and extract indicators of compromise.
• Write, modify, and fine tune, SIEM rulesets for improved alerting and reduction of false positives.
• Analyze log data from various sources.
• Participate in compliance/vulnerability assessment scanning and develop mitigation and remediation plans from the assessment findings.
• Document information security operations policies, processes, and procedures. Create and update security event investigation notes on open incidents, and maintain case data in the incident response management platform.
• Provide input, as requested, for Security, Risk, Compliance and Service reporting.