Job Title: Cyber Security Threat Intelligence Analyst
">
* Your location
A picturesque town nestled in the heart of Bavaria, Manching offers a unique blend of rural charm and urban convenience. Located about an hour's drive north of Munich, this quaint market town provides ample opportunities for outdoor enthusiasts and culture lovers alike.
* Your benefits
We strive to provide a comprehensive benefits package that addresses the diverse needs of our employees.
* Attractive salary and special payments
* 30 days paid vacation and extra days-off for special occasions
* Excellent upskilling opportunities and great international, group wide development prospects
* Special benefits: employer-funded pension, employee stock options, discounted car leasing, special conditions for insurances, subsidies for public transport, employee benefits at cooperating companies
* On-site-facilities: Medical officer for check-ups and other health-related services, canteen and cafeteria, kindergarten close to the site
* Compatibility of family & work (job sharing, part-time models, flexible working hours, individual timeout)
* Working in a diverse environment, with more than 140 nationalities, where every voice is heard
Key Responsibilities:
* 1. Threat Analysis
Conduct in-depth analysis of cyber threats (APT groups, malware campaigns, zero-days, etc.) and assess their relevance to Airbus operations, especially the aerospace and defense-related.
* Leverage the organization's CTI provider as a strategic asset, not just a data source-integrating external intel with internal context to assess real impact and relevance
* Design and execute structured threat hunting playbooks based on known TTPs (e.g., MITRE ATT&CK) and emerging threats, enabling consistent, repeatable hunts
* Develop code-based playbooks (e.g., Jupyter Notebooks or Python scripts) that integrate threat intelligence, log sources, and detection logic-making them reusable by SOC, IR, and detection engineering teams
* Assist in the development and fine-tuning of detection rules and alerts for monitoring security systems (e.g., SIEM, EDR)
* Implement adversary emulation tests to assess the quality of the detection rule
* 3. Monitoring & Anticipation
Identify patterns and anomalies in network traffic, system logs, and application data that could indicate security incidents (Threat Hunting)
* Contribute in the specification of telemetry log sources and data normalization for its processing in Cyber Detection
* Rapid Response Enablement
Envision and maintain workflows for the rapid delivery of intelligence to incident response and risk teams, enabling faster decision-making and containment
* Support post-incident analysis by enriching forensic investigations with relevant threat intelligence context
Required Skills and Qualifications:
* Technical Skills
* Understanding of security tools such as EDR, Windows Logging, firewalls, intrusion detection/prevention systems (IDS/IPS)
* Deep knowledge of Operating System insights (Windows/Linux)
* Experience with Python is a requirement, PowerShell/Bash are a plus
* Analytical Skills
* Strong knowledge of threat actor tactics, techniques, and procedures (TTPs) and frameworks like MITRE ATT&CK, Kill Chain, and Diamond Model
* Proficiency with SIEM tools (e.g., Splunk, ELK), threat intelligence platforms (e.g., MISP, ThreatConnect), and endpoint detection tools (e.g., EDR/XDR)
* Fluent written and spoken in English and German are a must
* Experience building code-based hunting or automation playbooks (e.g., Python, Jupyter Notebooks, PowerShell )
* Understanding of threat modeling, detection engineering, or purple teaming is a plus
This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for success, reputation, and sustainable growth.