Vulnerability Management and Platform Analyst
As a Vulnerability Management and Platform Analyst within our Information Security Team you will perform a crucial role in designing, building, and maintaining our detection and response capabilities.
TUI is focussed on accelerating the development of digital capabilities across the entire holiday lifecycle to delight our customers. At the same time, everyone working on behalf of TUI protects information in all its forms so that we avoid harm; meet our customers’, colleagues’ and shareholders’ expectations and comply with national and international legislation. At TUI, information security is part of everyone’s job.
TUI Group is the world’s number one integrated tourism business. The Group umbrella consists of strong tour operators, 1,800 travel agencies and leading online portals, six airlines with more than 130 aircraft, over 300 hotels with 210,000 beds, twelve cruise liners and countless incoming agencies in all major holiday destinations around the globe. All this enables us to provide our 30 million customers with an unmatched holiday experience in 180 regions.
ABOUT THE JOB
As a Vulnerability Management and Platform Analyst you will promote a security first culture at TUI.
You will work with resolver teams to ensure that information security events and vulnerabilities are automatically generated, appropriately addressed and closed in local ticketing systems and ensure reporting on key performance indicators and service levels.
Our information security team works in collaboration with business and IT teams across our many domains. You adopt a pragmatic and ‘can-do’ attitude in everything you do, partnering with your colleagues across the TUI businesses and IT functions worldwide. You build strong working relationships and influence others to do the right thing to Protect our Smile.
- Monitor for alerts from security tools, including, but not limited to, security analytics platforms, automation tools, ticket management systems, user-reported alerts, and others.
- Triage security alerts, including initial analysis to determine the validity of alerts and gather additional context.
- Work the full incident lifecycle from detection, investigation, response, to remediation for security defects.
- Contribute to the further development, maintenance, and standardization of Security processes, policies, and procedures.
- Work with other IT/security teams to identify areas for improvement around detection, investigation, and response.
- Research common and topical commodity and APT-based malware tactics and techniques in preparation for future attacks.
- Tune security tools and minimize false positives.
- Assist Cyber Security Operations Lead to generate and execute on new ideas for content, technology advancements, and proactive defence improvement projects.
- Mean-time-to-respond (MTTR) by alert severity.
- Process adherence.
- Recurring incident ratio.
- Demonstrable deep experience of design and build of systems integration, ideally in a security operations environment. Strong technical and IT operations background, with at least 5 years of experience.
- Experience of working with Splunk or similar SIEM platforms, Vulnerability Management applications, Service Desk systems and security monitoring tools desirable with experience in designing and developing these platforms.
- Familiarity and experience with Windows, macOS, Linux, and Unix operating systems.
- Computer networking and cloud technology fundamentals.
- Understanding of Active Directory, LDAP, IDaaS (AAD etc.).
- Rudimentary security knowledge and awareness of firewalls, proxies, antivirus, and IPS/IDS concepts.
- Experience scripting in Python or PowerShell.
- Experience using Microsoft Excel and Word.
- Excellent written and verbal communication skills.
- Good interpersonal skills so that you can work well with and influence your information security, and IT operations colleagues from around the world.
- Empathy to respond with understanding and care in the event of a security incident.
- A process-oriented mindset, with the ability to follow standard operating procedures and alter such plans as the occasion arises.
- The creativity to think outside the box and develop new solutions to complex problems, especially in the event of new, unexpected security incidents.
- Communication skills to clearly relay technical information to individuals with different levels of technical competence.
- Adaptability and flexibility to react quickly and respond completely to security incidents.
- Attention to detail to ensure complete response and remediation in the event of an incident.
- Being a valuable team member of TUI, the No.1 global and socially aware travel company.
- Competitive salary and benefits.
- Smart working (Flexible hours) and possibility of working remotely up to 100% or Hybrid from one of our offices.
- Develop yourself as part of a friendly, richly, diverse and virtual international team.
If you want to know more about why TUI Group is the world’s leading tourism group, and our continuing work in the diversity & inclusion space, simply visit careers.tuigroup.com