SOC Developer

Job Description:

Description:

SOC Developer will be part of Information Management (IM) function, which is an integral part of Airbus IT department and is building and operating new business platforms and services adopting new technologies, automation, digital native skills and agile ways of working to accelerate our digitalization journey. IM is about making the benefits of digital technologies available to Airbus so we can bring value to market much faster, while retaining quality and scale. 

As a SOC Developer your role is to research and suggest  SOC detection scenarios in our environment. You will also be responsible to develop a roadmap and strategies for threat detection, investigation and response along with producing management information, including reports and KPIs, create and enhance internal processes and procedures. Your role is key as you contribute to the overall performance and success of the Security Operations Centre. 

Challenges are numerous and exciting!

 

About Cyber Security in Airbus:

Security is not an option, be part of it!

Today, governments, companies and private individuals are increasingly the target of attacks like theft of intellectual property, sensitive information and even money.

Airbus is increasingly at risk due to its leading position in the aerospace and defence market. Additional risks come from our Extended Enterprise. In recent months the malware attacks we’ve  seen have been more sophisticated. 

What is Airbus Security Defence Centre team doing?

Security threats have increased drastically in the last few years and organizations are facing an increasingly complex threat landscape. Airbus digitalization is bringing many opportunities but they come with new risks. Therefore, Airbus has developed state-of-the art cyber-threats detection capabilities, relying on more than 10 years of experience, in order to protect its business assets.

The SOC Mission:

• Monitoring, detection, and analysis of potential intrusions in real time and through historical trending on security-relevant data sources
• Response to confirmed incidents, by directing use of timely and appropriate countermeasures providing situational awareness and reporting on cybersecurity status, incidents

Qualification & Experience:

• We seek out curious minds! We value attention to detail! And we care deeply about outcomes! 
• We’re looking for passionate people, who are eager to learn, willing to share, and establishing innovative ways of working and influencing culture change.  
• Bachelor degree in Computer Science, Engineering, or related field
• Masters in Information Security would be preferred
• Information Security and/or Information Technology industry certification (CISSP, CISM, OSCP, SANS GIAC or equivalent) will be preferred
• Past experience of working as a L2/L3 SOC analyst or a forensic analyst or a CERT team member is required
• Experience/knowledge with threat scenarios in multiple domains like Windows, Network, Unix/Linux, Cloud(AWS / GCP), Encryption is required
• Good working knowledge of general audit principles, security administration processes and frameworks, metrics collection and reporting
• Must have knowledge of network and web technology, encryption, virtual private networks, internet extranet security, cloud computing (firewalls, remote access) and security management
• Knowledge and experience in SPLUNK Enterprise Security (any certification appreciated) including knowledge in log management, Splunk application and search development (SPL), SOAR technology (Splunk Phantom)
• Knowledge in SOC referential such as Sigma, Stix Taxii, MITRE ATT&CK
• Good knowledge on syslog server, Splunk SDK, SPLUNK ITSI, SPLUNK Builder, API ServiceNow, MINT
• Proven ability to prioritize workload, meet deadlines, and utilize time effectively
• Good interpersonal and communication skills, works effectively as a team player
• Experience in Agile, SAFE & Scrum methodology preferred
• French language knowledge will be an added advantage

 

Responsibilities

• Research, understand latest threats targeting various operating systems, platforms and applications to improve overall security detection posture of Airbus
• Build security detections on TTPs identified by detection engineering and UCF teams by making use of Git CI/CD framework
• Perform adversary emulation to mimic an existing known threat actors / APT groups on a dedicated testing infrastructure to proactively evaluate the efficacy and gaps in our security controls
• Develop detection specific test case and regression tests to validate functionality of the implemented use cases 
• Collaborate with SOC Product Owner to develop detection, investigation and remediation strategies and roadmap
• Plan and conduct workshops between UCF and Business stakeholders and Collaborate within Use case Factory to improve the overall detection scope
• Develop and produce detailed documentation for each SOC use case including the end to end full lifecycle of delivery of the use case and roles and responsibility within the SOC team to deliver and fulfil the use case requirement
• Provide technical support in the areas of vulnerability, risk assessment, and security implementation
• Ensure the SIEM platform tool is configured with detailed Use case requirements and configuration details to implement the use cases and there are supporting SOC processes
• Engage with Head of SOC, SOC Product Owner, Scrum Master to prioritize use case implementation schedule on a Agile & Safe model
• Participate in Security threat and monitoring forums to learn and keep abreast of the latest changes and good practices.

Benefits

• You will be part of a truly international team
• Travel opportunities (domestic and international)
• Competitive remuneration, bonus and incentives
• Good work / life balance and career growth opportunities
• Training and development opportunities (online, classroom, conferences)
• Comprehensive benefits package (complementary health and life insurance)

Success Metrics

Success will be measured in a variety of areas, including but not limited to

• Consistently ensure the on-time delivery and quality (first-time-right) of the projects
• Bring innovative cost effective solutions
• Achieve customer satisfaction.

This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company’s success, reputation and sustainable growth.

Company:

Airbus India Private Limited

Employment Type:

Permanent

-------

Experience Level:

Entry Level

Job Family:

Cyber Security

By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.
Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief.

Airbus is, and always has been, committed to equal opportunities for all. As such, we will never ask for any type of monetary exchange in the frame of a recruitment process. Any impersonation of Airbus to do so should be reported to emsom@airbus.com.

At Airbus, we support you to work, connect and collaborate more easily and flexibly. Wherever possible, we foster flexible working arrangements to stimulate innovative thinking.