Over 175 years ago, our founder Thomas Cook began this company with a vision to ‘broaden the mind of others and break down the partition walls of prejudice.'

Once describing himself as ‘the willing and devoted servant of the travelling public,’ Thomas Cook was a true pioneer of the travel industry, opening up a world of new destinations and new travel experiences to everyone. By obtaining the best services and prices for his customers, he laid the foundations of the company that still bears his name today.

Thomas Cook is now one of the world’s leading leisure travel groups, supported by around 22,000 colleagues and operating from 15 countries.

Our vision today remains true to Thomas Cook’s ambitions - to be the world’s most loved holiday company.

Cyber Incident Response Analyst

Job Purpose

This is role is within our CSIRT team and looking into day to day cyber incident raised by our colleague across TCG. The role required very strong analytical skills and ability to correlate various event and evidence to make a suitable judgment call. Often to achieve our goal we most get involve and perform various technical tasks, or built the tool set to carry on with our investigation or BAU task.  This is a very interesting and exciting role within cyber security and there are plenty of rooms for self-development and improvement both for individual and the team.

Key accountabilities and decision ownership:

• Perform analytics using the Lockheed Martin cyber kill chain / diamond model, understanding the current status of DAN and perform remediation work to improve the Thomas Cook networks
• Perform cyber security incident investigations that involve cybercrimes and require log, forensic and malware analysis 
• Collect and analyse SIEM, IDS/IPS, Proxy, AV, firewall logs, network traffic logs and host system logs to provide maximum benefit and reduce overall cyber risk
• Responsible to provide input and liaise with stakeholders to determine impacts, workarounds, analytical analyses performed and provide recommendations both  in written and oral.
• Perform forensic analyses to identify anomalies and presence of any malware, malware capabilities/actions and what actions the malware took
• Conduct security investigations in Linux and/or Windows environments
• Support enhancement, improvement and delivery of monitoring and response methods, procedures and processes to reduce risk
• Track cyber threat actors/campaigns based from technical analysis and open source intelligence.

Skills, know-how and experience:

Must have:

• Previous experience within cyber security incident response team /Blue Teaming
• Demonstrates a good knowledge and understanding of cyber security attack techniques and threats, with a strong technical background
• Knowledge of current forensic and IR tools, techniques and procedures (TTPs)
• Windows operating system internals including kernel, registry, file system, windows APIs and windows IPC mechanisms.
• Linux operating system and associated file systems.
• Scripting/programming experience (Python, PowerShell, JavaScript VBA)
• Proficient in log analysis of multiple types and ability to correlate events from multiple sources to create a timeline analysis across end points of an incident
• The ability to pro-actively identify cross-functional threats
• Strong analytical skills, capable of analysing complex technical information to identify patterns, trends and linkage.
• Excellent written and verbal skills, with the ability to translate complex concepts into easily understood principals.
• Exceptional organizational skills, to include detailed note taking abilities

Preferred:

• Experience working with Enterprise networks
• Memory analysis skills
• Ability to analyse complex network packet captures
• Dynamic  and astatic malware analysis and sandboxing

Technical / professional qualifications:

• GCIH  or equivalent 
• CCNP Security
• GCFA
• GNFA

Life at Thomas Cook is fast-paced and full of opportunities. We’re a leading international travel company that believes in empowering our people, so when you join us, you’ll be given the chance to create, learn and innovate. You’ll also be given the support and training you need to develop your career in the direction you choose.

As you might expect, our holiday benefits are something special. We’ll give you an allowance towards your holiday every year, depending on how long you’ve been with us.  There are also special last minute employee deals, which give you the opportunity to pick up a holiday at an outstanding price. Working for Thomas Cook, you can travel the world for less.

We also offer a flexible benefits package that gives you a range of options to ensure your benefits match your lifestyle.