Lead Operational Engineer - Content Engineer - Level 3

Job description / Role

At Emirates, we believe in connecting the world, to and through, our global hub in Dubai; and in constantly innovating to ensure our customers 'Fly Better'.
Emirates Group IT thrives on the dynamic nature of technology. Being pioneers in aviation innovation, we're always at the forefront, pushing boundaries. We're on the lookout for exceptional IT professionals to fortify our position as leaders in the industry. Embark on a journey with the world's largest international airline and become a vital part of our cutting-edge information and technology team as Principal Solutions Architect.

Join our CyberSecurity team where we ensure a world class CyberSecurity organisation based on the key principles of People, Process and Technology underpinned with executive endorsement of a multi-year strategy to continuously improve and develop. The team protects our digital assets by monitoring for threats, responding to incidents, managing vulnerabilities, and ensuring compliance with security policies and regulations. If you are passionate about CyberSecurity, we invite you to apply to play a crucial role in shaping the future of our technology initiatives at Emirates Group.

As a Lead Operational Engineer in the Cyber Defence Operations team, you will lead, investigate and manage complex cybersecurity incidents. In addition, you will manage escalations from security operations and investigate intrusions of all anomalous and misuse activities on hosts and networks. This role is also responsible for managing the critical incidents and provide deep expertise to guide engineers and ensure a robust security posture. It will also be accountable for threat detection, identification, prevention, and reporting of cyber-attacks.

In this role you will:

- Manage critical incidents and challenges and be the focal point of contact for major incidents. Coordinate with other departments during critical incidents and drive post-incident reviews and formulate preventive strategies.
- Detect, identify, and repost possible cyber-attacks, intrusions, anomalous and misuse activities.
- Evaluate incident triage activities to ensure optimum incident resolution including the ownership of escalated incidents.
- Analyse network traffic and system data to detect potential threats to resources and provide recommendations for remediation. Conduct analysis that encompasses defining the scope, urgency, and potential impact.
- Perform correlation of security incidents and events to build threat detection and prevention capabilities baseline network traffic and host activity across the enterprise.
- Manage and document the incident throughout its cycle, including tracking and documenting incidents from initial detection through final resolution and the update the knowledge bases, preventative controls, and standards operating procedures.
- Execute incident trend analysis, report and assess the impact on data and infrastructure as a result of cyber incidents.
- Lead security operations, respond to feedback from internal IT departments, business and audit operational performance against the defined metrics and goals.
- Collaborate with intelligence analysts to correlate threat assessment data and recommend methods to enhance defence capabilities.
- Liaise with the content Engineering Team to identify and implement automation and service improvement programs to manage security operations efficiently.

- Degree or Honours (12+3 or equivalent)
- Minimum 5+ years years in IT, Computer science, Information Systems, Engineering, Telecommunications, or other related scientific or technical disciplines.
- Experience in Information Technology and CyberSecurity and working in cross-functional and interdisciplinary teams to solve complex problems.
- Hands on experience in operating systems, networks, databases, and web application security with a focus on advanced preventative capabilities.
- Experience in technical analysis with a focus on cyber threats as well as analysing network traffic and host activities for potential attack vectors and developing mitigation strategies.
- Gathering a predictive understanding of adversarial strategies, priorities, and overlapping interests as well as experience in technical writing such as event bulletins, cyber digests, and quarterly summary reports.

Knowledge/skills:
- Threat Detection and Response (CSOC) including expertise in threat intelligence and advanced threat detection.

Infrastructure Protection:
- Mastery over network security architecture and advanced intrusion prevention systems.

Identity:
- Deep understanding of identity governance and sophisticated IAM solutions.
- In-depth knowledge of cyber threats and u nderstanding of enterprise IT and Cybersecurity operational environments.
- Ability to evaluate threat actors based on motivation and common TTPs

About the Company

A fast-growing international airline with one of the youngest fleets in the sky and more than 400 awards for excellence worldwide.