Security Operations Analyst

As a Security Operations Analyst within our Information Security Team you will perform a crucial role in designing, building, and maintaining our detection and response capabilities.

TUI is focussed on accelerating the development of digital capabilities across the entire holiday lifecycle to delight our customers. At the same time, everyone working on behalf of TUI protects information in all its forms so that we avoid harm; meet our customers’, colleagues’ and shareholders’ expectations and comply with national and international legislation. At TUI, information security is part of everyone’s job.

TUI Group is the world’s number one integrated tourism business. The Group umbrella consists of strong tour operators, 1,800 travel agencies and leading online portals, six airlines with more than 130 aircraft, over 300 hotels with 210,000 beds, twelve cruise liners and countless incoming agencies in all major holiday destinations around the globe. All this enables us to provide our 30 million customers with an unmatched holiday experience in 180 regions.

Become part of our team - applications open! This role will be advertised for a minimum of 14 days but could close anytime after this time so don't delay!

ABOUT OUR OFFER

• Personal benefits: Attractive remuneration, bonus opportunity, exclusive travel perks & discounts, extensive health & wellbeing support, and more.
• Flexible working: Work is something you do, not somewhere you go. We encourage a healthy work-life balance and offer hybrid or remote working models.
• A career to shape: Opportunities to upskill, reskill and grow your career. Access the TUI Tech Learning Hub to level-up and reach your ambitions.
• Expand your horizons: Participate in our tech communities and collaborate on global projects and teams.
• Community: Get involved with incredible local charity and sustainability initiatives like the TUI Care Foundation and the Sustainable Tech Community.

ABOUT THE JOB

• As a Security Operations Analyst you will promote a security first culture at TUI.
• You will work with resolver teams to ensure that information security events and incidents are automatically generated, appropriately addressed and closed in local ticketing systems and ensure reporting on key performance indicators and service levels.
• Our information security team works in collaboration with business and IT teams across our many domains. You adopt a pragmatic and ‘can-do’ attitude in everything you do, partnering with your colleagues across the TUI businesses and IT functions worldwide.
• You build strong working relationships and influence others to do the right thing to Protect our Smile.

Main Responsibilities:

• Monitor for alerts from security tools, including, but not limited to, security analytics platforms, automation tools, ticket management systems, user-reported alerts, and others.
• Triage security alerts, including initial analysis to determine the validity of alerts and gather additional context.
• Use network and host security tooling to perform additional investigation.
• Work the full incident lifecycle from detection, investigation, response, to remediation for security alerts.
• Contribute to the further development, maintenance, and standardization of SOC processes, policies, and procedures.
• Work with other IT/security teams to identify areas for improvement around detection, investigation, and response.
• Research common and topical commodity and APT-based malware tactics and techniques in preparation for future attacks.
• Provide feedback on detection rules to help tune security tools and minimize false positives.
• Participate in SOC working groups and sub-teams to help generate and execute on new ideas for content, technology advancements, and proactive defence improvement projects.

Success Metrics:

• Mean-time-to-acknowledge
• Mean-time-to-respond (MTTR) by alert severity
• Process adherence
• Recurring incident ratio

ABOUT YOU

• Demonstrable deep experience of design and build of systems integration, ideally in a security operations environment. Strong technical and IT operations background, with strong experience.
• Experience of working with Splunk or similar SIEM platforms, Service Desk systems and security monitoring tools desirable with experience in designing and developing these platforms.
• Familiarity and experience with Windows, macOS, Linux, and Unix operating systems.
• Computer networking and cloud technology fundamentals.
• Understanding of Active Directory, LDAP, IDaaS (AAD).
• Rudimentary security knowledge and awareness of firewalls, proxies, antivirus, and IPS/IDS concepts.
• Experience scripting in Python or PowerShell.
• Experience using Microsoft Excel and Word.
• Excellent written and verbal communication skills.
• Good interpersonal skills so that you can work well with and influence your information security, and IT operations colleagues from around the world.
• Empathy to respond with understanding and care in the event of a security incident.
• A process-oriented mindset, with the ability to follow standard operating procedures and alter such plans as the occasion arises.
• The creativity to think outside the box and develop new solutions to complex problems, especially in the event of new, unexpected security incidents.
• Communication skills to clearly relay technical information to individuals with different levels of technical competence.
• Adaptability and flexibility to react quickly and respond completely to security incidents.
• Attention to detail to ensure complete response and remediation in the event of an incident.

From a workplace to a place to belong. At TUI we embrace diversity, equity, and inclusion, encouraging everyone to come as you are, because together, our potential is limitless.

We are committed to supporting candidates with disabilities and impairments so if you require any support, please do let us know.