Ryanair Holdings plc, Europe’s largest airline group, is the parent company of Buzz, Lauda, Malta Air & Ryanair DAC. Carrying over 154 m guests p.
a. on more than 2,400 daily flights from 82 bases, the group connects over 200 destinations in 40 countries on a fleet of over 475 aircraft, with a further 210 Boeing 737’s on order, which will enable the Ryanair Group to lower fares and grow traffic to 200m p.
a. by FY24. Ryanair has a team of over 19,000 highly skilled aviation professionals delivering Europe’s No.1 on-time performance, and an industry leading 34-year safety record.
Ryanair is Europe’s greenest cleanest airline group and customers switching to fly Ryanair can reduce their CO₂ emissions by up to 50% compared to the other Big 4 EU major airlines.
Ryanair Labs is the technology brand of Ryanair, a tech start up within a legacy airline. Our digital hubs are located in Dublin, Madrid, and Wroclaw and our newest location, Portugal.
With big plans to digitally revolutionise the travel industry, Ryanair Labs has embarked on its mission to become the Amazon of Travel with an encompassing Trip's platform.
We believe in an hybrid working model, you can work up to three days per week remote, but you are also going to enjoy the excellent work environment at our modern offices in the heart of Madrid.
Responsibilities
Act as a subject matter expert on logs collection and analysis, on hybrid environments (cloud and on-premise).
Improve detection mechanisms by implementing techniques to hunt for threats in our environment based on threat intelligence reports and knowledge of TTPs.
Assist on investigations on potential incidents.
Leverage threat intelligence, keeping an up-to-date overview of the current threat landscape.
Write clear and concise documentation at both technical and executive level, that can be used to improve the overall security posture.
Assist on security recommendations for improving different architectures.
This role is well-fitted for a seasoned blue team member with hands-on experience on log collection and incident response, who is willing to take the next step to be the central point of contact to improve the security tools of the company and to help on punctual investigations that may arise.
Requirements
SOC Level 3 or Threat Hunter work experience preferred.
Experience with different SIEM and endpoint security tools (i.e. Splunk, ELK, Graylog, Symantec, FireEye, AlienVault).
Experience on both on-premise and cloud infrastructures (AWS, Azure).
Programming skills to develop scripts, API connectors and automations to support current existing deployments.
Strong analytical skills.
Able to identify what logs are necessary to examine for each kind of research.
Benefits
Flight Benefits
We believe in an hybrid working model, you can work up to three days per week remote, but you are also going to enjoy the excellent work environment at our modern offices in the heart of Madrid. 
