Ryanair Holdings plc, Europe’s largest airline group, is the parent company of Buzz, Lauda, Malta Air & Ryanair DAC. Carrying over 154 m guests p.a. on more than 2,400 daily flights from 82 bases, the group connects over 200 destinations in 40 countries on a fleet of over 475 aircraft, with a further 210 Boeing 737’s on order, which will enable the Ryanair Group to lower fares and grow traffic to 200m p.a. by FY24. Ryanair has a team of over 19,000 highly skilled aviation professionals delivering Europe’s No.1 on-time performance, and an industry leading 34-year safety record. Ryanair is Europe’s greenest cleanest airline group and customers switching to fly Ryanair can reduce their CO₂ emissions by up to 50% compared to the other Big 4 EU major airlines.

Ryanair Labs is the technology brand of Ryanair, a tech start up within a legacy airline. Our digital hubs are located in Dublin, Madrid, and Wroclaw and our newest location, Portugal. With big plans to digitally revolutionise the travel industry, Ryanair Labs has embarked on its mission to become the Amazon of Travel with an encompassing Trip's platform.
 

Ryanair Labs is dedicated to hiring top IT talent, where software developers can have the freedom to work on game changing projects that will have an impact on our business from day one.

The Role

We are looking for a Threat Hunter that will be involved in the Threat Hunting process in our security service delivery. As threat hunter you will be part of technical research for potential security compromise, analyse known and unknown threats, identify and review potential security incidents. Strong technical skills as well as good understanding of the cybersecurity topics and solutions are required.

Responsibilities

• Identify threats for Ryanair through threat hunting process. Actively hunting for Indicators of Compromise (IOC) and APT Tactics, Techniques, and Procedures (TTP) in the network and in the host as necessary.
• Operate and improve detection mechanisms by implementing techniques to hunt for threats in our environment based on threat intelligence reports and knowledge of TTPs.
• Assist initial investigations on potential incidents.
• Leverage threat intelligence, keeping an up-to-date overview of the current threat landscape.
• Write clear and concise Incident Reports and incident handling documentation, that can be used to improve the overall security posture.

• Bachelor’s degree in IT or comparable work experience.
• Four years as Threat Hunter work experience preferred.
• Having experience on both on-premise and cloud infrastructures (AWS, Azure).
• Strong analytical skills. Used to think flexibly and determine alternatives to problems that could raise during an incident.
• Experience with different large datasets analysis, security monitoring and endpoint security tools (i.e. ELK, Graylog, Splunk, Symantec, FireEye, AlienVault).
• Able to identify what logs are necessary to examine for each kind of research.
• Ability to analyze malware, extracting IOCs and creating signatures for IDS.
• Ability to create ad-hoc scripts for supporting the threat hunting activity (i.e. Python, Go, Powershell) as well as a good understanding of regular expressions used to parse the data.
• Forensic certifications are a plus.
• Experience on red team activities is a plus.