Information Security Engineer - Threat Hunter in Madrid


Share offer

Job Description

Ryanair Holdings plc, Europe’s largest airline group, is the parent company of Buzz, Lauda, Malta Air & Ryanair DAC. Carrying over 154 m guests p.a. on more than 2,400 daily flights from 82 bases, the group connects over 200 destinations in 40 countries on a fleet of over 475 aircraft, with a further 210 Boeing 737’s on order, which will enable the Ryanair Group to lower fares and grow traffic to 200m p.a. by FY24. Ryanair has a team of over 19,000 highly skilled aviation professionals delivering Europe’s No.1 on-time performance, and an industry leading 34-year safety record. Ryanair is Europe’s greenest cleanest airline group and customers switching to fly Ryanair can reduce their CO₂ emissions by up to 50% compared to the other Big 4 EU major airlines.

We are looking for a Threat Hunter that will be involved in the Threat Hunting process in our security service delivery. As threat hunter you will be part of technical research for potential security compromise, analyse known and unknown threats, identify and review potential security incidents. Strong technical skills as well as good understanding of the cybersecurity topics and solutions are required.


  • Identify threats for Ryanair through threat hunting process. Actively hunting for Indicators of Compromise (IOC) and APT Tactics, Techniques, and Procedures (TTP) in the network and in the host as necessary.
  • Operate and improve detection mechanisms by implementing techniques to hunt for threats in our environment based on threat intelligence reports and knowledge of TTPs.
  • Assist initial investigations on potential incidents.
  • Leverage threat intelligence, keeping an up-to-date overview of the current threat landscape.
  • Write clear and concise Incident Reports and incident handling documentation, that can be used to improve the overall security posture.


  • Bachelor’s degree in IT or comparable work experience.
  • Four years as Threat Hunter work experience preferred. Having experience on both on-premise and cloud infrastructures (AWS, Azure).
  • Strong analytical skills. Used to think flexibly and determine alternatives to problems that could raise during an incident.
  • Experience with different large datasets analysis, security monitoring and endpoint security tools (i.e. ELK, Graylog, Splunk, Symantec, FireEye, AlienVault).
  • Able to identify what logs are necessary to examine for each kind of research.
  • Ability to analyse malware, extracting IOCs and creating signatures for IDS.
  • Ability to create ad-hoc scripts for supporting the threat hunting activity (i.e. Python, Go, Powershell) as well as a good understanding of regular expressions used to parse the data.
  • Forensic certifications are a plus.
  • Experience on red team activities is a plus.


  • Competitive Salary
  • Discounted air travel from day one
  • Permanent contract
  • Brand new offices in the city center of Madrid
  • Multicultural environment

About Ryanair

  • Travel

Ryanair company page is empty
Add a description and pictures to attract more candidates and boost your employer branding.

Other cybersecurity jobs that might interest you...