Cyber Detection Engineer (d/f/m)

Job Description:

Airbus Defense and Space is looking for a passionate and talented Cyber Detection & Response engineer to join our international Incident Response Team (CSIRT), in ELANCOURT/TOULOUSE.

A mission critical part for us in order to secure our world-class business. This is a technical, hands-on role that will work with a variety of security tools and technologies protecting our whole enterprise.

The successful candidate will be responsible for managing the entire lifecycle of our detection rules repository and SOC automation stack. You will be responsible for technical evolution of our SOC blueprint and managing enhancement projects to integrate new features and solutions into our Security Operation Centers (SOC).

This is a fantastic opportunity to join a team who live and breath for cyber security and to work for a company with great products and technologies around the globe.

Disabled applicants with equal qualifications will be given special consideration

Priority will be given to employees whose position is impacted by a workforce adaptation initiative.

Key Responsibilities:

• Security Monitoring:

  • Assist in the development and fine-tuning of detection rules and alerts for monitoring security systems (e.g., SIEM, EDR).

  • Contribute in the specification of telemetry log sources and data normalization for its processing in Cyber Detection.

  • Develop tools and techniques to identify patterns and anomalies in network traffic, system logs, and application data that could indicate security incidents (Threat Hunting).

  • Implement adversary emulation tests to assess the quality of the detection rules

• Incident Response:

  • Participate in supporting the Incident Resposne Team in investigation and analysis of potential security incidents and vulnerabilities.

  • Collaborate with senior engineers to develop and implement remediation strategies based on the investigation findings.

  • Document and report incidents, detailing the nature of the event, steps taken for remediation, and future prevention strategies.

• Threat Intelligence:

  • Collaboration in the improvement of our CTI Processes and tools.

  • Digestion and process of CTI feeds.

  • Support threat intelligence operationalization  efforts.

• Collaboration and Documentation:

  • Work closely with other security teams (e.g., red team, application security) to improve threat detection and response strategies.

  • Supporting the definition and execution of Purple Teaming activities, to improve the Cyber Detection and Response capabilities.  

  • Help document processes, playbooks, and technical documentation related to threat detection, response,.

  • Contribute to internal training sessions on threat detection methodologies and best practices.

• Tooling Development and Integration:

  • Participate actively in the development and implementation of tools and artifacts to support the Security Operations activities, within the scope of the Detection Engineering Team.

  • Integrate different components to provide optimizations in the day to day of the Operational Teams, and enhance the company’s Cyber Resilience.

• Continuous Learning and Development:

  • Stay informed on the latest security trends, threats, and vulnerabilities, continually building knowledge in the cyber threat landscape.

  • Participate in workshops, training, and certifications to enhance skills in cyber detection and response.

Required Skills:

• Technical Skills:

  • Understanding of security tools such as EDR, Windows Logging,  firewalls, intrusion detection/prevention systems (IDS/IPS)..

  • Deep knowledge of Operating System insights (Windows/Linux)

  • Knowledge of security frameworks (e.g., MITRE ATT&CK) and common attack vectors.

  • Experience with Python is a requirement, PowerShell/Bash are a plus.

  • Understanding of DevOps, git..

• Analytical Skills: Ability to investigate and analyze security events, developing detailed reports on findings and proposed solutions.

• Collaboration Skills: Strong communication skills to work with cross-functional teams and share insights.

• Work Environment:

  •  This role may involve collaboration with different cybersecurity teams across Europe to improve the organization’s overall security posture, with a focus on incident detection and response strategies.

  • Fluent written and spoken English are a must.

This position will require a security clearance or will require being eligible for clearance by the recognized authorities.

This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company’s success, reputation and sustainable growth.

Company:

Employment Type:

-------

Experience Level:

Job Family:

By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.
Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief.

Airbus is, and always has been, committed to equal opportunities for all. As such, we will never ask for any type of monetary exchange in the frame of a recruitment process. Any impersonation of Airbus to do so should be reported to emsom@airbus.com.

At Airbus, we support you to work, connect and collaborate more easily and flexibly. Wherever possible, we foster flexible working arrangements to stimulate innovative thinking.