Job Description

Employment Type: Permanent

Contract Duration:


Why you will love working here


At IATA, we represent over 350 airlines worldwide, striving to make aviation safer, smarter, more sustainable, and inclusive.

Our Values

are not just words on a page - they are the energy behind everything we do:

ONE IATA

- We collaborate across teams,

TRUSTED

- We do the right thing,

INNOVATIVE

- We make tomorrow better,

INCLUSIVE

- We embrace diverse perspectives. With over 30,000 courses available, we believe in continuous learning and support your growth in an ever-changing industry. Diversity, equity, and inclusion are our priorities. We are certified by the Equal Salary Foundation, offering equal pay and family-friendly policies. We encourage community involvement through volunteering and strive to make tomorrow better for aviation and our communities. We offer time off so you can support causes important to you. We promote work-life balance with flexible work options, including remote and hybrid work, a generous 'work from abroad' policy, and you get your birthday off!

About the team you are joining



Working within the CyberSecurity team in the Information & Data division, this role will report to the Senior Manager Information Security. This role is responsible for detecting, analyzing, and responding to cybersecurity incidents and threats across IATA. This hands-on role involves investigating alerts, coordinating incident response actions, and contributing to the development of incident response procedures. The ideal candidate is detail-oriented, technically strong, and capable of performing in multi-cloud environments to protect IATA critical systems and data



What your day would be like



Act as the first responder to cybersecurity incidents including malware infections, data breaches, DDoS attacks, and insider threats

Monitor and triage security alerts from various sources including SIEM, IDS/IPS, EDR, firewalls, and threat intelligence feeds

Investigate security incidents across IATA to determine scope, impact, and root cause and respond accordingly


Contain and remediate incidents in collaboration with SOC, architecture, infrastructure, and application teams

Document incidents and produce incident reports with timelines, findings, and recommendations

Develop and maintain incident response runbooks and playbooks

Participate in threat hunting and proactive analysis to detect emerging threats

Own continuous improvement of incident detection and response capabilities

Meet regularly with 3rd party suppliers to ensure any incident remediation plans are implemented and reviewed

Coordinate and manage incident response activities

Ensure security incident handling process is documented and followed

Conduct post-incident reviews and recommend security enhancements

Investigate and respond to fraud reports

Provide regular reports and dashboards to CISO

Liaise with the vulnerability analyst to identify all vulnerabilities potentially exploitable during an incident

Work with data security architect to implement various protocols and technologies

Stay updated on the latest threat trends, attack techniques, and mitigation strategies

Coordinate information sharing activities with industry groups, government agencies, and other groups

Coordinate with technical teams, third parties or law enforcement during major incidents if necessary.



We would love to hear from you if you have



Master's degree in computer science, Engineering, Cybersecurity or a related field, or equivalent experience.

Five years of experience in Security Operations, Incident Response, or Threat Intelligence.

Strong knowledge of security event analysis, malware behavior, and attack vectors.

Familiarity with MITRE ATT&CK, cyber kill chain, and threat intelligence tools.

Knowledge of incident response frameworks (e.g., NIST 800-61, SANS).

Experience working with SIEM platforms (e.g., Splunk) and EDR solutions (e.g., CrowdStrike).

Strong knowledge of Cybersecurity principles, practices, and technologies such as; SSE, CASB, DLP, Email Security, AWS security, O365 security.

Understanding of networking concepts, operating systems, and cloud environments (AWS, Azure, GCP).

Relevant IT certification (Security+, CISSP, GIAC, ECIH, OSCP, CEH, etc.) is an asset.

Knowledge of ISO 27001:2013 / PCI-DSS / SOC2.

Strong problem-solving, analytical, and communication skills.



Travel Required: 10

Learn more about IATA's role in the industry, our benefits, and the team at

iata/careers/

. We are looking forward to hearing from you!