CrawlJobs Logo

Information Security Engineer – Cyber Threat Detection & Response

Poland, Wroclaw Employment contract · Job Posted February 16, 2026
Apply Position
Job Link Share

Job Description

Ryanair Labs are currently recruiting for a Information Security Engineer – Cyber Threat Detection & Response to join Europe’s Largest Airline Group! This is a very exciting time to join Ryanair as we look to expand our operation to 800 aircraft and 300 million guests within the next 10 years. Ryanair Labs is the technology brand of Ryanair. Labs is a state of-the-art digital & IT innovation hub creating Europe’s Leading Travel Experience for our customers. The Role: We are seeking an experienced Senior Threat Detection & Response Engineer to join our cybersecurity team supporting a fast-paced, cost-sensitive airline environment. The ideal candidate has a strong technical background in detection engineering, incident response and computer forensics. You will be responsible for developing actionable detections, responding to security incidents, and producing insightful KPI reports to support decision-making and regulatory compliance.

Job Responsibility

  • Develop and tune threat detection rules across SIEM, EDR, and cloud environments
  • Lead containment, eradication, and recovery efforts for cyber incidents
  • Create and maintain dashboards to track KPIs such as MTTD, MTTR, detection coverage, and investigation volume
  • Perform threat hunting based on current threat intelligence and adversary TTPs
  • Automate alert enrichment, triage, and response workflows using SOAR or scripting (Python/PowerShell)
  • Collaborate with IT, cloud, and compliance teams to enhance detection quality and response readiness
  • Contribute to documentation, playbooks, and continuous process improvement

Requirements

  • 6+ years in SOC, IR, or threat detection roles
  • Hands-on experience with SIEM (e.g., Microsoft Sentinel, Splunk), EDR (e.g., Defender, CrowdStrike)
  • Experience with Azure/AWS cloud security logs and detection use cases
  • Practical knowledge of MITRE ATT&CK
  • Ability to produce meaningful metrics and dashboards (e.g., Sentinel Workbooks, Power BI, Kibana)
  • Strong scripting skills (Python, PowerShell)
  • Clear communication skills across technical and non-technical stakeholders

Nice to have

  • Experience in aviation, logistics, or other regulated sectors
  • Familiarity with SOAR platforms
  • Certifications such as GCIA, GCIH, OSCP, or cloud security (AZ-500, AWS Security Specialty)
  • Understanding of NIS2 or EASA cybersecurity guidance

What we offer

  • Contract of employment (permanent after trial period)
  • Hybrid home office (2 days per week from the office, 3 days remote)
  • Discounted and unlimited travel to over 250 destinations
  • Multisport card
  • Private health care
  • Group insurance scheme
  • Possibility to take part in conferences, training and courses
  • Office located in the city center with a view for an Old Market Square
  • Annual events (i.e. St. Patrick’s Day)
  • Regular social meetings
  • Paid referral system
  • New office building surrounded by great dinettes right in the city centre

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Information Security Engineer – Cyber Threat Detection & Response

8 matching positions

Gaming Principal, Cloud Threat Detection & Incident Response Engineer

We are seeking a Gaming Principal, Cloud Threat Detection & Incident Response En...
Location
Location
United States , Multiple Locations
Salary
Salary:
139900.00 - 274800.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR equivalent experience
Job Responsibility
Job Responsibility
  • Architect and drive Gaming’s cloud-first detection and response vision by integrating Azure, AWS, and GCP (Google Cloud Platform) native security services and telemetry sources into TDIR (Threat Detection, Investigation, and Response) workflows
  • Lead adoption and optimization of Microsoft Defender for Cloud, Sentinel, Entra ID security, Defender for Cloud Apps, and other cloud-native security controls
  • Establish standards and reference architectures for cloud telemetry ingestion, normalization, enrichment, and threat analytics across diverse studio environments
  • Build and maintain high-fidelity, cloud-native detections targeting threat actors across identity, SaaS, PaaS, IaaS, and Kubernetes environments
  • Develop behavioral detections leveraging KQL (Kusto Query Language), automation, analytics, and ML-assisted methodologies
  • Partner with threat intelligence to map adversary TTPs (Tactics, Techniques, and Procedures) to cloud control surfaces and turn insights into durable detection engineering roadmaps
  • Serve as principal technical authority during major cloud-related incidents, providing expert guidance on identity compromise, lateral movement, key/material theft, resource manipulation, and multi-cloud attack paths
  • Formalize standards for cloud investigations, including telemetry requirements, visibility gaps, and automated triage workflows
  • Drive post-incident cloud hardening by influencing product teams, studio engineering, and platform owners
  • Architect and implement automation for detection deployment, evidence collection, containment, and remediation using Azure Functions, Logic Apps, and modern SOAR patterns
  • Fulltime
Read More
Arrow Right

Senior Security Engineer - Security Incident Response

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions t...
Location
Location
United States , Redmond
Salary
Salary:
119800.00 - 234700.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, or related field
  • Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • equivalent experience
  • Active U.S. Government Secret Security Clearance
  • Ability to meet Microsoft, customer and/or government security screening requirements
  • U.S. citizenship verification
Job Responsibility
Job Responsibility
  • Coordinate with investigators to prioritize investigation objectives, understands attack paths, and systematically executes mitigation and protection actions to evict threat actors for any security incident impacting any of Microsoft’s products or services
  • Conduct hands-on mitigation where possible
  • engages service owners when there is a risk of a production outage
  • Maintain hands-on knowledge of mitigation and protection steps for various asset types (e.g. M365, Azure, AI) and publishes self-service guidance for impacted engineering teams
  • Brief executive stakeholders on eviction plans and associated status
  • Maintain and evolves an inventory of threat actor Tactics, Techniques, and Procedures (TTPs) and the corresponding eviction capabilities
  • Define and prioritize requirements and use cases for Microsoft’s threat actor eviction platform
  • operationalize as they are delivered
  • Drive strategic change to accelerate eviction scenarios (e.g. lean business cases to garner support for broader Microsoft product initiatives or features)
  • Participate in an on-call rotation
  • Fulltime
Read More
Arrow Right

Senior Security Engineer - Security Incident Response

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions t...
Location
Location
United States , Multiple Locations
Salary
Salary:
119800.00 - 234700.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, or related field
  • Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • equivalent experience
  • Active U.S. Government Secret Security Clearance
  • Ability to meet Microsoft, customer and/or government security screening requirements
  • Pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter
Job Responsibility
Job Responsibility
  • Coordinates with investigators to prioritize investigation objectives, understands attack paths, and systematically executes mitigation and protection actions to evict threat actors for any security incident impacting any of Microsoft’s products or services
  • Conducts hands-on mitigation where possible
  • engages service owners when there is a risk of a production outage
  • Maintains hands-on knowledge of mitigation and protection steps for various asset types (e.g. M365, Azure, AI) and publishes self-service guidance for impacted engineering teams
  • Briefs executive stakeholders on eviction plans and associated status
  • Maintains and evolves an inventory of threat actor Tactics, Techniques, and Procedures (TTPs) and the corresponding eviction capabilities
  • Define and prioritize requirements and use cases for Microsoft’s threat actor eviction platform
  • operationalize as they are delivered
  • Drives strategic change to accelerate eviction scenarios (e.g. lean business cases to garner support for broader Microsoft product initiatives or features)
  • Participates in an on-call rotation
  • Fulltime
Read More
Arrow Right

Cyber Security Engineer

Barbaricum is seeking an experienced, innovative, and motivated Journeyman Cyber...
Location
Location
United States , Tampa
Salary
Salary:
Not provided
barbaricum.com Logo
Barbaricum
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Must hold an active Top Secret clearance and be SCI eligible
  • BA/BS and 3 years relevant experience, AA/AS and 7+ years of experience, -or- 9+ years of total experience and HS Diploma
  • Current DoD 8140 – IAT II Certification (e.g. CompTIA Security+)
  • Expertise in monitoring tools (e.g., SIEM systems) and intrusion detection/prevention systems (IDS/IPS) to identify, analyze, and respond to cybersecurity threats in real time
  • Strong understanding of DoD-specific cybersecurity frameworks and standards, including the Risk Management Framework (RMF), NIST 800-53, and the Cybersecurity Maturity Model Certification (CMMC)
  • Experience with Zero Trust (ZT) architectures, automated unit, functional, integration, and security testing
  • Experience establishing and maintaining software factories, that support the rapid development, testing, and deployment of software
Job Responsibility
Job Responsibility
  • Develops, implements, and monitors security measures to protect computer systems, networks software, and information to ensure secure reliable and uninterrupted availability
  • Monitors, detects, mitigates, and responds to cyber incidents
  • Performs operational Cybersecurity and infrastructure support
  • Implements and enforces cyber security policies and requirements are addressed
  • Conducts certification and testing in accordance with the Risk Management Framework (RMF) and National Institute of Standards and Technology (NIST) policy
  • Identifies deficiencies and vulnerabilities and providing risk mitigation recommendations
  • Integrates projects with the current USSOCOM ICAM, PKI, ABAC, and RBAC capability
  • Automates security and testing processes, integrating security tools and practices into the development pipeline, and fostering a culture of shared responsibility for performance and security
  • Guide teams to break down silos and unify software development, deployment, security and operations
  • Fulltime
Read More
Arrow Right

Cyber Security Engineer

We are looking for a Cyber Security Engineer to help strengthen and advance our ...
Location
Location
United States , Little Rock
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related discipline, or equivalent practical experience
  • At least 5 years of experience in cybersecurity engineering, information security, or security operations roles
  • Demonstrated ability to develop security policies, governance guidelines, and operational security procedures
  • Working knowledge of AI and machine learning security considerations, including data protection and model-related risks
  • Experience with security monitoring and vulnerability management tools such as Splunk, Sentinel, CrowdStrike, Defender, Rapid7, Tenable, or Qualys
  • Strong understanding of network security, firewalls, endpoint protection, identity and access management, Zero Trust concepts, and cloud security principles
  • Hands-on experience with vulnerability remediation, incident investigation, and response activities
  • Familiarity with cloud platforms such as Azure, AWS, or Google Cloud Platform, along with strong analytical and troubleshooting skills
Job Responsibility
Job Responsibility
  • Create and refine security policies, governance practices, and technical standards that support the safe adoption of artificial intelligence solutions
  • Oversee security monitoring across infrastructure, networks, cloud services, endpoints, and business applications to identify and respond to potential threats
  • Lead vulnerability reviews, risk evaluations, and coordinated penetration testing efforts to uncover weaknesses and drive corrective action
  • Investigate security events, diagnose root causes, and resolve incidents and control gaps within established response timelines
  • Implement safeguards for AI and machine learning environments, including protections for models, sensitive data, user access, and operational risk
  • Use security platforms and endpoint detection tools to perform ongoing analysis of logs, alerts, and suspicious activity across the environment
  • Partner with cloud, infrastructure, development, and IT teams to improve defensive controls and strengthen the overall security posture
  • Support incident response planning by defining procedures, assisting with containment and recovery, and contributing to post-incident analysis
  • Recommend and deploy enhancements related to network defense, endpoint security, identity management, cloud protection, and data security measures
  • Prepare risk documentation, remediation plans, and leadership-facing updates while helping maintain alignment with recognized security frameworks and frameworks and standards
What we offer
What we offer
  • medical
  • vision
  • dental
  • life and disability insurance
  • enrollment in company 401(k) plan
Read More
Arrow Right

Cyber Security Engineer

Location
Location
United Kingdom , London
Salary
Salary:
Not provided
coinshares.com Logo
CoinShares
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5 years' experience in a hands-on cyber security engineering or security operations role, with demonstrable breadth across multiple security domains
  • Experience running security processes end-to-end across multiple domains within a small team environment, operating as a generalist rather than a specialist in a single area
  • Bachelor's degree in Cyber Security, Computer Science, Information Technology, or equivalent practical experience
  • Relevant certifications are desirable (e.g. CISSP, CEH, AWS Security Specialty or CCSP)
  • Prior exposure to digital asset infrastructure, crypto custody or trading environments is advantageous but not required
  • Strong foundational knowledge across core cyber security domains: network security, endpoint security, cloud security, identity and access management, vulnerability management, threat detection, incident response and data security
  • Solid understanding of security frameworks including NIST CSF 2.0 and SOC 2
  • Experience working in a regulated environment
  • exposure to GDPR, DORA, SOX and the SEC Cybersecurity Rule is highly advantageous
  • Hands-on experience with SIEM, SOAR and EDR/XDR platforms - configuration, tuning, alerting, and integration with response workflows
Job Responsibility
Job Responsibility
  • Design, implement and maintain security controls across all systems and environments, spanning enterprise IT, cloud infrastructure and digital asset operations
  • Operate core security functions including endpoint protection, email security, identity and access management, data security and security monitoring
  • Manage and continuously improve the firm's SIEM, SOAR and EDR/XDR tooling, ensuring effective alerting, tuning and integration with incident response processes
  • Lead detection engineering and incident response, acting as the primary technical responder during security events and investigations
  • Lead vulnerability management and remediation across all environments, prioritising based on risk and business impact
  • Partner with IT, engineering and DevOps teams to embed security earlier in the development lifecycle, across infrastructure and into CI/CD pipelines
  • Maintain and improve cloud security controls across AWS, leveraging CSPM tooling to monitor posture and drive remediation
  • Conduct threat modelling, security architecture reviews and risk assessments for new systems, services and third-party integrations
  • Support third-party and vendor risk assessments, including review of SOC 2 reports, penetration test reports and security questionnaires
  • Contribute to the security of CoinShares' digital asset infrastructure, including custody and trading environments
  • Fulltime
Read More
Arrow Right

Cyber Security Engineer

We are looking for a Cyber Security Engineer to strengthen and oversee the organ...
Location
Location
United States , New York
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in computer science, information technology, cybersecurity, or a closely related field, experience can replace the degree requirement
  • Certified Information Security Manager (CISM) certification or similar is required
  • At least 5 years of experience leading or managing cybersecurity initiatives
  • Strong analytical and technical problem-solving abilities with the capacity to assess and address complex security concerns
  • Working knowledge of Windows and macOS operating systems, network protocols, firewall technologies, and system patching practices
  • Demonstrated ability to detect, evaluate, and remediate security threats, weaknesses, and breach-related risks
  • Familiarity with information security governance, policy, and regulatory expectations
  • Excellent written and verbal communication skills, with the professionalism and discretion needed to manage confidential security matters
Job Responsibility
Job Responsibility
  • Lead day-to-day security efforts by identifying vulnerabilities, analyzing threats, and coordinating timely remediation activities across systems and networks
  • Evaluate the security of Windows and macOS environments, including patch management practices, endpoint protections, and configuration standards
  • Monitor network activity and security controls such as firewalls and related tools to help prevent unauthorized access and reduce operational risk
  • Investigate potential incidents, determine the scope of exposure, and drive response actions to contain and resolve security issues effectively
  • Review third-party security documentation, including SOC 2 reports, to support vendor risk assessments during contracting and procurement processes
  • Help develop, maintain, and reinforce information security policies, standards, and procedures in alignment with regulatory and organizational requirements
  • Partner with IT teams, leadership, and internal users to communicate security recommendations, report findings, and support informed decision-making
  • Contribute technical and analytical expertise to strengthen monitoring capabilities, improve risk visibility, and support ongoing security program maturity
What we offer
What we offer
  • Medical, vision, dental, and life and disability insurance
  • Company 401(k) plan
Read More
Arrow Right

Senior Cyber Detection Engineer (SIEM)

Zachary Piper Solutions is seeking a Senior Cyber Detection Engineer (SIEM) to s...
Location
Location
United States , Springfield
Salary
Salary:
135000.00 - 150000.00 USD / Year
pipercompanies.com Logo
Piper Companies
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Active TS/SCI CI Polygraph required
  • Bachelor’s degree from an accredited college in a related discipline and 5+ years of prior relevant experience
  • IAT Level II (GSEC, Security+, SSCP, or CCNA-Security) certification required
  • Proficient in modern operating systems, including Windows, UNIX, network OS environments, databases, and virtualized computing platforms
  • Experienced with enterprise-grade security tools, such as Security Information and Event Management (SIEM) systems specifically Splunk, Threat Intelligence Platforms (TIPs), and network monitoring solutions
  • Skilled in developing, modifying, and fine-tuning detection mechanisms, including IDS signatures and SIEM correlation rules
  • Knowledgeable in implementing cybersecurity countermeasures and mitigation strategies to reduce risk and enhance system resilience
Job Responsibility
Job Responsibility
  • Support Cyber Operations Squadron (COS) efforts by ensuring timely publication of updated cybersecurity tool signatures, including antivirus and host-based security systems
  • Conduct in-depth threat analysis, including reverse engineering of malware, to uncover critical details such as origin, target, impacted systems, recommended mitigations, and mission risk
  • Develop custom content for Security Information and Event Management (SIEM) tools and create tailored IDS/IPS signatures to counter specific threats
  • Correlate security events and incidents using data from diverse enterprise sources to identify patterns and potential threats
  • Assess the impact of cyber incidents on data and infrastructure, providing detailed evaluations of damage and recovery needs
  • Perform trend analysis and reporting on cyber incidents to identify recurring threats and inform proactive defense strategies
  • Analyze network traffic and system data to detect anomalies and potential security threats
  • Deliver real-time detection, identification, and reporting of cyber intrusions, suspicious activities, and policy violations
  • Create and implement detection rules
What we offer
What we offer
  • Full Benefits: PTO
  • 11 Paid Holidays
  • Cigna Medical, Dental, and Vision
  • 401k with ADP
  • Certification reimbursement
  • Contract mobility and job stability – Contract through 2026
  • Fulltime
Read More
Arrow Right