Security Operations Analyst

  • Flexible

    Madrid, Spain

    Lisbon, Portugal

    Palma, Spain

    Seville, Spain

  • 125995

  • Remote

  • Permanent

  • Full Time

  • 37.5-40hrs

As a Security Operations Analyst within our Information Security Team, you will perform a crucial role in designing, building, and maintaining our detection and response capabilities.


TUI is focussed on accelerating the development of digital capabilities across the entire holiday lifecycle to delight our customers. At the same time, everyone working on behalf of TUI protects information in all its forms so that we avoid harm; meet our customer, colleague and shareholder expectations and comply with national and international legislation. At TUI, information security is part of everyone’s job.


TUI Group is the world’s number one integrated tourism business. The Group umbrella consists of strong tour operators, 1,800 travel agencies and leading online portals, six airlines with more than 130 aircraft, over 300 hotels with 210,000 beds, twelve cruise liners and countless incoming agencies in all major holiday destinations around the globe. All this enables us to provide our 30 million customers with an unmatched holiday experience in 180 regions.




As a Security Operations Analyst you will promote a security first culture at TUI.


You will work with resolver teams to ensure that information security events and incidents are automatically generated, appropriately investigated to resolution in the Group IT service management system. To ensure reporting on key performance indicators and service levels.


Our information security team works in collaboration with business and IT teams across our many domains. You adopt a pragmatic and ‘can-do’ attitude in everything you do, partnering with your colleagues across the TUI businesses and IT functions worldwide. You build strong working relationships and influence others to do the right thing to Protect our Smile.


Main Responsibilities


  • Monitor for alerts from security tools, including, but not limited to, security analytics platforms, automation tools, ticket management systems, user-reported alerts, and others.
  • Triage security alerts, including initial analysis to determine the validity of alerts and gather additional context.
  • Use network and host security tooling to perform additional investigation.
  • Work the full incident lifecycle from detection, investigation, response, to remediation for security alerts.
  • Contribute to the further development, maintenance, and standardization of SOC (Security Operations Centre) processes, policies, and procedures.
  • Work with other IT and security teams to identify areas for improvement around detection, investigation, and response.
  • Research Advanced Persistent Threat Groups’ adversary tactics, techniques, and procedures (TTPs) in preparation for future attacks.
  • Provide feedback on detection rules to help tune security tools and minimize false positives.
  • Participate in SOC working groups and sub-teams to help generate and execute on innovative ideas for content, technology advancements, and proactive defence improvement projects.


Success Metrics

  • Mean-time-to-acknowledge.
  • Mean-time-to-respond (MTTR) by alert severity.
  • Process adherence.
  • Recurring incident ratio.




  • Demonstrable deep experience of design and build of systems integration, ideally in a security operations environment. Strong technical and IT operations background, with at least 5 years of experience.
  • Experience of working with Splunk or similar SIEM (Security Information and Event Management) platforms, Service Desk systems and security monitoring tools desirable with experience in designing and developing these platforms.
  • Familiarity and experience with Windows, macOS, Linux, and Unix operating systems.
  • Computer networking and cloud technology fundamentals.
  • Understanding of Active Directory, Lightweight Directory Access Protocol (LDAP), identity-as-a-service, Azure Active Directory (AAD).
  • Security knowledge and awareness of firewalls, proxies, next-gen antivirus, and intrusion protection and intrusion detection concepts.
  • Experience scripting in Python and PowerShell.
  • Experience using M365 including security tools.
  • Excellent English written and verbal communication skills.
  • Good interpersonal skills so that you can work well with and influence your information security, and IT operations colleagues from around the world.
  • Empathy to respond with understanding and care in the event of a security incident.
  • A process-oriented mindset, with the ability to follow standard operating procedures and alter such plans as the occasion arises.
  • The creativity to think freely and develop innovative solutions to complex problems, especially in the event of new, unexpected security incidents.
  • Communication skills to clearly relay technical information to individuals with distinct levels of technical competence.
  • Adaptability and flexibility to react quickly and respond completely to security incidents.
  • Attention to detail to ensure complete response and remediation in the event of an incident.




  • Being a valuable team member of TUI, the No.1 global and socially aware travel company.
  • Competitive salary and benefits.
  • Smart working (Flexible hours) and possibility of working remotely up to 100% or Hybrid from one of our offices.
  • Develop yourself as part of a friendly, richly, diverse virtual international team.


If you want to know more about why TUI Group is the world’s leading tourism group, and our continuing work in the diversity & inclusion space, simply visit