Cyber Security Specialist
Role details
Job location
Tech stack
Job description
Our Cyber Security team plays a critical role in protecting our customers, people, operations and technology environment, helping us deliver safe, resilient and secure experiences across the airline.
We're looking for a technically capable and proactive Cyber Operations Specialist to join our Information & Cyber Security team. This is an exciting opportunity for someone with experience in cyber operations, security monitoring, incident response or SIEM engineering who wants to help strengthen operational cyber resilience in a complex, fast-moving enterprise environment.
Day to day
As part of our Cyber Operations capability, you'll help protect Virgin Atlantic by strengthening how we monitor, detect and respond to cyber threats across our technology estate.
You'll work closely with internal technology teams, managed security providers and specialist partners to improve detection coverage, telemetry quality, response readiness and operational security tooling. It's a great opportunity for someone who enjoys practical problem-solving, thoughtful collaboration and making security operations better every day.
- Support cyber incident triage, investigation, containment, evidence gathering, escalation and lessons-learned activity.
- Develop and tune detection rules, SIEM use cases and alerting logic, using threat analysis, incident learning and known attacker techniques.
- Support SIEM engineering, log-source onboarding, parser validation and improvements to telemetry quality.
- Maintain and improve security tooling, integrations and automation workflows, including opportunities to streamline operational activity.
- Support red team, purple team and threat-led testing from a logging, detection, response and evidence-capture perspective.
- Work with infrastructure, cloud, endpoint, identity, network, application and platform teams to improve security visibility, response capability and operational resilience.
Requirements
You'll be someone who brings cyber operations experience, technical curiosity and a collaborative mindset, with a real interest in improving monitoring, detection and response outcomes.
- You have experience in cyber security operations, SOC, MDR, security monitoring, incident response or a similar operational security environment.
- You're comfortable working with SIEM platforms, detection engineering, alert tuning, log-source onboarding, telemetry analysis or data-quality improvement.
- You understand threat analysis, defensive monitoring concepts, intrusion methods and common attacker techniques, and can turn insight into practical action.
- You've worked with security tooling, workflow optimisation, integrations, automation or SOAR processes, and enjoy finding better ways of working.
- You can communicate technical security issues clearly to different audiences and influence through evidence, expertise and thoughtful challenge.
- You bring a good understanding of cyber security frameworks such as NIST CSF, ISO/IEC 27001, MITRE ATT&CK or PCI DSS. A relevant certification would be helpful, but equivalent practical experience is just as valued.