Cyber Defence Automation Engineer

We are part of International Airlines Group (IAG), one of the world’s leading airline groups and owner of some of the biggest brands in the sky.

With a diverse workforce spread across four countries, IAG Transform provides creative and innovative solutions to drive sustainable transformation by delivering procurement, and airline services, as well as group-wide systems across IAG. Each operating company benefits from the Transform centralised model, driving efficiencies, automation, and economies of scale.

Purpose of the role

The purpose of the role is to design, implement, and manage automation solutions within the Security Operations Centre (SOC) to improve the efficiency and effectiveness of security operations.

This role focuses on automating repetitive tasks, optimizing workflows, and integrating tools and systems to enhance threat detection, incident response, and overall SOC performance. The goal is to streamline security operations, reduce manual effort, and accelerate the identification and mitigation of security threats, enabling the SOC team to focus on more complex and critical tasks.

The SOC Automation Engineer is accountable for the following:

- Automation of SOC Processes

Design and implement automation solutions to streamline repetitive tasks such as alert triaging, incident response, and reporting

- Tool Integration

Integrate various security tools (SIEM, SOAR, firewalls, etc.) to improve data flow and response coordination.

- Optimization of Workflows

Enhance and optimize SOC workflows for improved efficiency and reduced manual effort.

- Development of Playbooks

Create automated response playbooks for common security incidents, enabling faster and more consistent incident handling.

- Collaboration with Security Teams

Work closely with SOC analysts and engineers to identify areas for automation and provide technical solutions.

- Monitoring and Maintenance

Ensure the continuous operation and performance of automation tools, resolving issues as they arise.

- Continuous Improvement

Regularly review and update automation scripts and processes to adapt to evolving threats and technologies.

- Documentation

Maintain detailed documentation of automation workflows, playbooks, and configurations.

Key Relationships/Interfaces

External:

• Third-party partners and key solution suppliers

Internal:

• Other areas of IAG Cybersecurity, particularly the cyber programme
• Group Security Team(s)
• Senior managers/customers from across the Group and relevant business areas
• Senior managers/customers/colleagues from operating companies
•  

Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience).
• Industry certifications such as:
• Certified Information Systems Security Professional (CISSP)
• Certified Incident Handler (GCIH)
• GIAC Security Automation Expert (GCSA)
• Splunk Certified Automation Consultant, or relevant SOAR certifications.
• Experience with automation tools (e.g., SOAR platforms, Ansible, Phantom or similar).
• Proficiency in scripting languages (e.g., Python, PowerShell, Bash).
• Strong understanding of SOC processes, including incident response and threat detection.
• Experience with SIEM platforms (e.g., Splunk).
• Knowledge of security frameworks (e.g., NIST, MITRE ATT&CK).

Skills

• Proficiency in automation tools (e.g., SOAR platforms, Ansible, Phantom).
• Expertise in scripting languages (e.g., Python, PowerShell, Bash).
• Strong knowledge of SOC processes (incident response, threat detection).
• Experience with SIEM platforms (e.g., Splunk).
• Ability to integrate and automate security tools.
• Strong problem-solving and analytical skills.
• Experience in developing automated workflows and playbooks.
• Knowledge of security frameworks (e.g., MITRE ATT&CK, NIST).
• Strong collaboration and communication skills.
• Experience with log management and event correlation automation.

Experience

• 3-5 years of experience in SOC or cybersecurity roles.
• Hands-on experience with automation tools (e.g., SOAR, Ansible, Phantom, Demisto).
• Experience with scripting languages (e.g., Python, PowerShell, Bash) for automation.
• Experience integrating and automating security tools and processes.
• Strong background in SOC operations, incident response, and threat detection.
• Experience with SIEM platforms (e.g., Splunk, QRadar, ArcSight).
• Experience developing and managing automated response workflows.
• Familiarity with security frameworks like MITRE ATT&CK or NIST.
• Experience working with security log management and event correlation tools.