Cyber Security Automation Engineer

IAG Transform is a part of International Airlines Group (IAG).

IAG is one of the world’s largest airline groups with 600+ aircraft carrying more than 122 million customers to 260 destinations across 91 countries each year.

IAG brings together leading airline brands Aer Lingus, British Airways, Iberia, Level, Vueling. These are supported by IAG Loyalty that spans all its airlines and beyond, offering the global currency Avios and including BA Holidays, and IAG Cargo which delivers vital goods and produce around the world. These businesses are complementary to its core airline businesses.

As the first airline group globally to commit to net zero by 2050, sustainability is a core part of IAG’s strategy.

IAG Transform plays a critical role in driving transformation across IAG and the aviation industry, through expertise and capabilities in procurement, technology, AI, innovation, and transformation.

We are based in London, UK, with a presence in Dublin, Madrid, Barcelona and Kraków.

With us, your work will create real impact, from everyday improvements to breakthrough change that reshapes the way the world flies.

Job Description

Purpose of the role

The purpose of the role is to design, implement, and manage automation solutions within the Security Operations Centre (SOC) to improve the efficiency and effectiveness of security operations.

This role focuses on automating repetitive tasks, optimizing workflows, and integrating tools and systems to enhance threat detection, incident response, and overall SOC performance. The goal is to streamline security operations, reduce manual effort, and accelerate the identification and mitigation of security threats, enabling the SOC team to focus on more complex and critical tasks.

The SOC Automation Engineer is accountable for the following:

- Automation of SOC Processes

Design and implement automation solutions to streamline repetitive tasks such as alert triaging, incident response, and reporting

- Tool Integration

Integrate various security tools (SIEM, SOAR, firewalls, etc.) to improve data flow and response coordination.

- Optimization of Workflows

Enhance and optimize SOC workflows for improved efficiency and reduced manual effort.

- Development of Playbooks

Create automated response playbooks for common security incidents, enabling faster and more consistent incident handling.

- Collaboration with Security Teams

Work closely with SOC analysts and engineers to identify areas for automation and provide technical solutions.

- Monitoring and Maintenance

Ensure the continuous operation and performance of automation tools, resolving issues as they arise.

- Continuous Improvement

Regularly review and update automation scripts and processes to adapt to evolving threats and technologies.

- Documentation

Maintain detailed documentation of automation workflows, playbooks, and configurations.

Key Relationships/Interfaces

External:

• Third-party partners and key solution suppliers

Internal:

• Other areas of IAG Cybersecurity, particularly the cyber programme
• Group Security Team(s)
• Senior managers/customers from across the Group and relevant business areas
• Senior managers/customers/colleagues from operating companies

Qualifications

Qualifications

• Bachelor’s degree in, Cybersecurity, Computer Science, Information Technology, or Artificial Intelligence.
• Industry certifications such as:
• Certified Information Systems Security Professional (CISSP)
• Certified Incident Handler (GCIH)
• GIAC Security Automation Expert (GCSA)
• Splunk Certified Automation Consultant, or relevant SOAR certifications.
• Experience with automation tools (e.g., SOAR platforms, Ansible, Phantom or similar).
• Proficiency in scripting languages (e.g., Python, PowerShell, Bash).
• Strong understanding of SOC processes, including incident response and threat detection.
• Experience with SIEM platforms (e.g., Splunk).
• Knowledge of security frameworks (e.g., NIST, MITRE ATT&CK).

Skills

• Proficiency in automation tools (e.g., SOAR platforms, Ansible, Phantom).
• Expertise in scripting languages (e.g., Python, PowerShell, Bash).
• Strong knowledge of SOC processes (incident response, threat detection).
• Experience with SIEM platforms (e.g., Splunk).
• Ability to integrate and automate security tools with AI / ML capabilities.
• Strong problem-solving and analytical skills.
• Experience in developing automated workflows and playbooks.
• Knowledge of security frameworks (e.g., MITRE ATT&CK, NIST).
• Strong collaboration and communication skills.
• Experience with log management and event correlation automation.

Experience

• 3-5 years of experience in SOC or cybersecurity roles.
• Hands-on experience with automation tools (e.g., SOAR, Ansible, Phantom, Demisto).
• Experience with scripting languages (e.g., Python, PowerShell, Bash) for automation.
• Experience integrating and automating security tools and processes.
• Strong background in SOC operations, incident response, and threat detection.
• Experience with SIEM platforms (e.g., Splunk, QRadar, ArcSight).
• Experience developing and managing automated response workflows.
• Familiarity with security frameworks like MITRE ATT&CK or NIST.
• Experience working with security log management and event correlation tools.