Cybersecurity Insider Threat Analyst

Job Description:

Summary

A vacancy for a Cyber Insider Threat Analyst in Airbus Detection and Response Department has arisen within Airbus Commercial Aircraft. You will join the Cyber Security Department.

You will be part of an innovation project that has been proven its value to the company and now is in production in a mature team of more than 15 people with different roles and skills, with a solid expertise in the field. 

The project is dedicated to investigate different indicators to build an Insider Threat detection product using Machine Learning algorithms by computing the model in a Cloud platform, from a Cybersecurity perspective. 

Along with the development of an Insider Threat detection product, detection of this type of threat is also performed. 

Job Description

Analyze the results of the Artificial Intelligence algorithms to identify Insiders in the organization, perform searches in the security systems and document the investigated cases.

Design and assist in the development with Cybersecurity expertise, of new and innovative detection capabilities through Artificial Intelligence to detect Insiders (malicious or negligent profiles) within the company.

Assessment of how the detection models behave, evaluate if results are as desired to detect Insiders in pre-production and identify different methods to better evaluate the model. Assess their quality and behavior once put into production in order to detect possible points of improvement. Collect this feedback and be able to deliver it to the development team.

Coordinate the RUN detection team of Insider Protection, attending to the question that the operations have, monitoring its detection quality and creating KPIs for the management. Create procedures, define escalation scenarios, and perform dashboards and reports for investigations. 

Analyze data for its value, verbosity and utility in order to identify Insiders to enhance the product's detection capabilities.

Support in the definition of the product strategy, technical road maps of the future developments, and identify of new different stakeholders. 

Perform Threat Intelligence of Insiders cases to be able to identify actionable Intel to improve the detection capabilities or identify new and innovative ways of detecting this type of threats. 

Analyze the results of the Artificial Intelligence algorithms to identify trends and risky general activities.

Your role

Your role as an Cybersecurity Insider Threat Analyst will be building the followings:

• Threat Hunting of Insiders with the help of Artificial Intelligence outcomes. 

• Documentation of the cases and investigations made a Insiders

• Communicate results of cases and investigations to different profiles: technical, managers, non-security technical personal 

• Identification of Tactics and Techniques(MITRE TTPs) used by Insiders

• Definition of detection rules used to identify Insider Risk

• Assist the Data Scientists in the development of new Machine Learning algorithms

• Evaluate how the models perform in the detection capabilities in pre-production, and assess the models that are already into production

• Collect this feedback and delivery it to the Data Scientist to do an action plan for improvements

• Coordination of the RUN team operators

• Creation of KPI that are valuable for the management to evaluate the RUN team capabilities

• Creation of Dashboard and Reports for the operators to investigate, and for the management to monitor the quality

• Identification and analysis of new data that can add detection quality to the product 

• Creation and support of a actionable strategy for the product

• Development of a Technical Roadmap

• Threat Intelligence to build actionable indicators to identify Insiders

• Identify threats to deliver a newsletter to other security departments 

Task & accountabilities

As the successful candidate your main tasks & accountabilities are:

# Develop AI detection rules that will allow us to reveal insider threat anomaly 

# You will need to participate in the investigation of the detected suspicious behaviors related to insider threat.

# Ensure the delivery of analysis project end to end from the anomaly case study to the final result analysis restitution into the dashboard and visualization tools.

# Contribute to the evolution and improvement of the Insider Protection product framework. This role will involve regular travel to Toulouse and as such you must be able to travel accordingly. 

Required skills

We are looking for candidates with the following skills and experience:

• Master’s Degree specialized in Cybersecurity or Information Technology or Superior Degree in System, Network or Security. 

• At least 4 years of experience on Cybersecurity specifically in Detection & Response.

• Experience working with Mitre Matrix TTPs.

• Knowledge and experience in SPLUNK, mainly as a Power User. Certification is a plus but not mandatory. 

• Capacity to transcript from business demand to develop a suitable application in accordance with the requirements 

• Good knowledge in data collection methodologies and cybersecurity log management is a plus

• Knowledge and/or experience of machine learning is a plus

• Capacity to innovate- out of the box thinking 

• Travel willingest to France, 2-4 times per year

At Airbus we are focused on our employees and their welfare. Take a look at some of our benefits:

• Flexible workshift.

• Option of continuous schedule from May to September.

• Vacation days plus additional days-off along the year (+35 working days off in total).

• Attractive & competitive salary and additional bonus.

• Hybrid model of working when possible, promoting the work-life balance.

• Collective transport service in some sites.

• Benefits such as health insurance, employee stock options, retirement plan, or study grants.

• On-site facilities (among others): free canteen, kindergarten, medical office.

• Possibility to collaborate in different social and corporate social responsibility initiatives.

• Excellent upskilling opportunities and great development prospects in a multicultural environment.

• Special rates in products & benefits.

This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company’s success, reputation and sustainable growth.

Company:

Airbus Operations SL

Employment Type:

Permanent

-------

Experience Level:

Professional

Job Family:

Cyber Security

By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.
Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief.

Airbus is, and always has been, committed to equal opportunities for all. As such, we will never ask for any type of monetary exchange in the frame of a recruitment process. Any impersonation of Airbus to do so should be reported to emsom@airbus.com.

At Airbus, we support you to work, connect and collaborate more easily and flexibly. Wherever possible, we foster flexible working arrangements to stimulate innovative thinking.