Job Description

Full-time
Contract Type: Permanent
Directorate: Group Cyber Security and Technology

Company Description

-----------------------


Our vision of Technology Excellence - to be industry leaders in the use of technology - means there has never been a more exciting time to be part of IAG .


By joining IAG, you will play an important role in providing IT services to our many operating companies, enabling them to work in the most efficient and effective manner. You will be empowered to challenge the norm though the creative use of technology, helping to transform the customer journey.


You will be employed by IAG Global Business Services (GBS), part of International Airlines Group, one of the world's largest airline groups, with 573 aircraft flying to 268 destinations and carrying around 113 million passengers each year.


IAG GBS provides a plug and play platform of scalable, best in class procurement, finance and IT business services to IAG's operating companies, which include Aer Lingus, Avios, British Airways, IAG, IAG Cargo, Iberia, Iberia Express, LEVEL and Vueling.

-------------------


Accountabilities

Build and Operationalize the CTI Function

Design and implement a greenfield CTI capability that supports proactive threat detection, situational awareness, and decision-making across the SOC and wider security organization.

Threat Intelligence Strategy and Framework

Define the strategic approach to intelligence collection, analysis, dissemination, and feedback loops in alignment with business risks and SOC priorities.

MSSP Collaboration and Threat Feed Integration

Work closely with the selected MSSP to ensure timely ingestion, correlation, and operationalization of threat intelligence feeds, TTPs, and IOCs into detection and response workflows.

Define Intelligence Requirements and Outputs

Establish intelligence requirements (PIRs), expected deliverables, and SLAs for threat reporting, threat actor profiling, and campaign tracking across the threat landscape.

Support SOC and CIRT Operations

Provide contextualized intelligence to support incident triage, investigation, and response -- enabling threat hunting, enrichment of alerts, and risk-informed prioritization.

Stakeholder Communication and Education

Deliver concise, actionable intelligence reporting to technical and non-technical stakeholders, including operating companies, risk teams, and executive leadership.

External Partnerships and Information Sharing

Build trusted relationships with external threat intel providers, industry ISACs, and government bodies to enrich internal threat insights and stay ahead of emerging threats.

Future-State Planning and Business Case Development

Define the roadmap for expanding CTI capabilities, including tooling, staffing, and integration needs, and develop a business case to support the formation of a broader internal threat intelligence team.


This role will require travel and working from multiple sites/locations. Willing and able to travel to participate in meetings, workshops, and other related activities.


Key Relationships/Interfaces

External:

Third-party partners and key solution suppliers

Internal:

Other areas of IAG Cybersecurity, particularly the cyber programme Group Security Team(s) Senior managers/customers from across the Group and relevant business areas Senior managers/customers/colleagues from operating companies IAG Tech colleagues

Qualifications

------------------

Education:

Bachelor's degree or higher in Computer Science, Information Security, Cybersecurity, Intelligence Studies, or a related field.

Certifications:

Relevant certifications in cybersecurity and threat intelligence are highly desirable. Examples include:

Certified Information Systems Security Professional (CISSP)

Certified Threat Intelligence Analyst (CTIA)

GIAC Cyber Threat Intelligence (GCTI)

Certified Cyber Threat Hunting Professional (CCTHP)

CompTIA Cybersecurity Analyst (CySA+)

EC-Council Certified Threat Intelligence Analyst (C|TIA)

Certified Incident Handler (GCIH)

Skills

Strong understanding of cybersecurity principles, technologies, and attack vectors.

Familiarity with common threat actor tactics, techniques, and procedures (TTPs).

Proficiency in analyzing malware, phishing campaigns, and other malicious activities to extract actionable intelligence.

Knowledge of network security protocols, endpoint security technologies, and security information and event management (SIEM) systems.

Comprehensive understanding of the cyber threat landscape, particularly as it relates to the aviation sector. Demonstrated capability to convert threat knowledge into active threat hunting. Skilful in analysing and researching new, emerging, or trending attacks, actors, malware samples, and TTP's. Must have excellent English reading, writing, and speaking skills with the ability to convey security insights: both in crafting and deciphering security metrics, and in presenting them clearly across all hierarchical levels, up to senior leadership.

Experience

Several years of experience in cybersecurity, with a focus on threat intelligence analysis. Experience working in a threat intelligence team or security operations center (SOC) environment. Proficiency in collecting, analyzing, and disseminating threat intelligence to identify emerging threats and vulnerabilities. Hands-on experience with threat intelligence platforms, open-source intelligence (OSINT) tools, and dark web monitoring.

Job Location

----------------