The Cyber Incident Response Analyst is a key practitioner within the Cyber Defence function, responsible for hands-on incident management activities and collaborating day to day with the SOC.Operating within a hybrid delivery model, they will support incident management services that include 24x7 monitoring, rapid incident response, and drive proactive improvements of detection and response processes through automation, integration and strong operational governance.

This role will work cross‑functionally with teams across Cyber Defence, Cyber Engineering and IT, supporting ongoing maturity of cyber monitoring coverage and incident management playbooks for timely detection and response processes, in addition to improving our security posture by simulating threat actor techniques that test our organisation’s technical controls and processes, to support continuous improvements to the overall cyber security posture.

• Perform incident triage and investigations alongside the SOC, to ensure comprehensive and accurate analysis and forensics across EI systems and assets, as required.
• Act as the point of escalation for the Aer Lingus SOC, co-ordinating with the outsourced vendor and internal Cyber and IT teams on response activities and remediations.
• Interact with the SOC on day-to-day operations, ensuring delivery of high quality and effective monitoring, management and responses processes, and continuous development of incident response playbooks
• Partner with other Cyber Defence and Engineering roles, to identify opportunities for process and systems integrations, to improve service quality and responsiveness
• Ensure Cyber Defence evidence, reporting and assurance are fit for purpose (incident records integrity, audit trails, lessons learned and continuous improvement actions).
• Identify and validate internal and external security weaknesses using both manual techniques and appropriate tooling
• Ensure findings are appropriately documented, with clear risk descriptions, reproduction steps, business and technical impact & pragmatic remediation guidance
• Part of on-call rota for escalations in the event of a major cyber event
• Partner with the outsourced SOC and Threat Management services, with daily, weekly and monthly operational cadences, to ensure full visibility of the current incident landscape, and tracking of service KPIs and SLAs
• Support improvements to monitor, detect and respond to threats in real time, leveraging SIEM, EDR, SOAR and automation to deliver at scale.
• Assist in the development and maintenance of cyber testing playbooks, checklists, and standard operating procedures.
• Support planning and delivery of tabletop exercises and simulation tests to enhance readiness with technology and operational teams
• Stay current with emerging threats, vulnerabilities, and offensive techniques relevant to the organisation’s tech stack.

• 8+ years cybersecurity and/or IT experience, with at least 4 years in SOC, Incident Response or Offensive Security roles
• Proven experience in direct involvement in cyber incidents, fulfilling investigation, digital forensics, event triaging and response responsibilities
• Practical experience with common offensive security tools and techniques (e.g. Burp Suite, Nmap, Metasploit, custom scripts).
• Relevant Cyber qualifications e.g. GIAC, CISSP, OSCP, CEH, or similar
• Familiarity with MITRE ATT&CK framework and modern attacker techniques.
• Experience developing dashboards for reporting on service metrics and trends
• Experience working with outsourced SOC security services
• Scripting and developing skills for integrating cyber tools and automating playbook responses.
• Comfortable being the primary internal response lead on low-medium severity incidents
• Proven proactive and independent thinker, willing to speak up and bring new ideas
• Hands‑on proficiency with Cyber Defence technologies (e.g., SIEM, Threat Intelligence, SOAR, EDR platforms such as CrowdStrike, ZeroFox, Splunk or equivalent).
• Working knowledge of at least one scripting or programming language (e.g. Python, Bash, PowerShell).
• Demonstrated ability in improving operational processes and playbooks.
• Ability to translate threat intelligence, control testing and incident learnings into requirements to improve incident management services.