Cyber Security Threat Intelligence Manager

We are a part of International Airlines Group, one of the world’s leading airline groups flying to over 270 destinations and carrying more than 100 million passengers each year.

We provide a plug and play platform of scalable, best in class procurement, finance and IT business services to Aer Lingus, British Airways, IAG, IAG Cargo, IAG Loyalty, Iberia, Iberia Express, LEVEL and Vueling.

We combine functional expertise with a strong focus on customer service to make our Group stronger, more efficient, more competitive. 

Job Description

Accountabilities

• Build and Operationalize the CTI Function
  Design and implement a greenfield CTI capability that supports proactive threat detection, situational awareness, and decision-making across the SOC and wider security organization.
• Threat Intelligence Strategy and Framework
  Define the strategic approach to intelligence collection, analysis, dissemination, and feedback loops in alignment with business risks and SOC priorities.
• MSSP Collaboration and Threat Feed Integration
  Work closely with the selected MSSP to ensure timely ingestion, correlation, and operationalization of threat intelligence feeds, TTPs, and IOCs into detection and response workflows.
• Define Intelligence Requirements and Outputs
  Establish intelligence requirements (PIRs), expected deliverables, and SLAs for threat reporting, threat actor profiling, and campaign tracking across the threat landscape.
• Support SOC and CIRT Operations
  Provide contextualized intelligence to support incident triage, investigation, and response — enabling threat hunting, enrichment of alerts, and risk-informed prioritization.
• Stakeholder Communication and Education
  Deliver concise, actionable intelligence reporting to technical and non-technical stakeholders, including operating companies, risk teams, and executive leadership.
• External Partnerships and Information Sharing
  Build trusted relationships with external threat intel providers, industry ISACs, and government bodies to enrich internal threat insights and stay ahead of emerging threats.
• Future-State Planning and Business Case Development
  Define the roadmap for expanding CTI capabilities, including tooling, staffing, and integration needs, and develop a business case to support the formation of a broader internal threat intelligence team.

This role will require travel and working from multiple sites/locations. Willing and able to travel to participate in meetings, workshops, and other related activities.

Key Relationships/Interfaces

External:

• Third-party partners and key solution suppliers

Internal:

• Other areas of IAG Cybersecurity, particularly the cyber programme
• Group Security Team(s)
• Senior managers/customers from across the Group and relevant business areas
• Senior managers/customers/colleagues from operating companies
• IAG Tech colleagues

Qualifications

Education:

Bachelor's degree or higher in Computer Science, Information Security, Cybersecurity, Intelligence Studies, or a related field.

Certifications:

• Relevant certifications in cybersecurity and threat intelligence are highly desirable. Examples include:
• Certified Information Systems Security Professional (CISSP)
• Certified Threat Intelligence Analyst (CTIA)
• GIAC Cyber Threat Intelligence (GCTI)
• Certified Cyber Threat Hunting Professional (CCTHP)
• CompTIA Cybersecurity Analyst (CySA+)
• EC-Council Certified Threat Intelligence Analyst (C|TIA)
• Certified Incident Handler (GCIH)

Skills

• Strong understanding of cybersecurity principles, technologies, and attack vectors.
• Familiarity with common threat actor tactics, techniques, and procedures (TTPs).
• Proficiency in analyzing malware, phishing campaigns, and other malicious activities to extract actionable intelligence.
• Knowledge of network security protocols, endpoint security technologies, and security information and event management (SIEM) systems.
• Comprehensive understanding of the cyber threat landscape, particularly as it relates to the aviation sector.
• Demonstrated capability to convert threat knowledge into active threat hunting.
• Skilful in analysing and researching new, emerging, or trending attacks, actors, malware samples, and TTP’s.
• Must have excellent English reading, writing, and speaking skills with the ability to convey security insights: both in crafting and deciphering security metrics, and in presenting them clearly across all hierarchical levels, up to senior leadership.

Experience

• Several years of experience in cybersecurity, with a focus on threat intelligence analysis.
• Experience working in a threat intelligence team or security operations center (SOC) environment.
• Proficiency in collecting, analyzing, and disseminating threat intelligence to identify emerging threats and vulnerabilities.
• Hands-on experience with threat intelligence platforms, open-source intelligence (OSINT) tools, and dark web monitoring.