Cyber Incident Response Engineer

Project description

Continuously monitor open-source intelligence (OSINT), dark web, and threat feeds for emerging threats relevant to JLR. Analyse TTPs (Tactics, Techniques, and Procedures) of threat actors with a focus on those targeting the automotive, manufacturing, and connected vehicle sectors. Provide real-time threat context and attribution during active incident investigations. Collaborate with CDOC, SOC and detection engineering teams to enrich alerts and improve detection capabilities.

Produce high quality, actionable intelligence reports tailored for both technical and executive leadership/ Maintain threat profiles, dashboards and intelligence repositories to support strategic decision making. Engage with industry peers, ISACs, and government bodies to share and receive threat intelligence. Support JLR's participation in national and international cyber resilience initiatives. Leverage and maintain threat intelligence platforms such as MISP, OpenCTI, and integrate with security tooling.

Develop scripts and automation to streamline intelligence collection, enrichment and dissemination.

• Continuously monitor open-source intelligence (OSINT), dark web, and threat feeds for emerging threats relevant to JLR. Analyse TTPs (Tactics, Techniques, and Procedures) of threat actors with a focus on those targeting the automotive, manufacturing, and connected vehicle sectors. Provide real-time threat context and attribution during active incident investigations. Collaborate with CDOC, SOC and detection engineering teams to enrich alerts and improve detection capabilities.
  
  Produce high quality, actionable intelligence reports tailored for both technical and executive leadership/ Maintain threat profiles, dashboards and intelligence repositories to support strategic decision making. Engage with industry peers, ISACs, and government bodies to share and receive threat intelligence. Support JLR's participation in national and international cyber resilience initiatives. Leverage and maintain threat intelligence platforms such as MISP, OpenCTI, and integrate with security tooling.
  
  Develop scripts and automation to streamline intelligence collection, enrichment and dissemination.

• Proven experience in a CTI, SOC, threat hunting, or cyber investigation's role. Strong understanding of MITRE ATT&CK, NIST CSF, cyber kill chain, and threat modeling methodologies. Hands‑on experience with threat intelligence platforms, SIEMs, and data enrichment tools. Deep knowledge of IT infrastructure, with working familiarity in OT and IoT environments, including ICS/SCADA systems and connected devices. Strong analytical and investigative mindset with the ability to connect disparate data points into meaningful intelligence.
  
  Excellent communication and presentation skills, capable of translating complex threats into business‑relevant insights
• SANS/GIAC, CompTIA CySA+, or similar certifications.
• Experience in automotive or manufacturing environments.
• Knowledge of geopolitical and supply chain risks affecting cyber posture.

Proven experience in a CTI, SOC, threat hunting, or cyber investigation's role. Strong understanding of MITRE ATT&CK, NIST CSF, cyber kill chain, and threat modeling methodologies. Hands‑on experience with threat intelligence platforms, SIEMs, and data enrichment tools. Deep knowledge of IT infrastructure, with working familiarity in OT and IoT environments, including ICS/SCADA systems and connected devices. Strong analytical and investigative mindset with the ability to connect disparate data points into meaningful intelligence.

Excellent communication and presentation skills, capable of translating complex threats into business‑relevant insights
• SANS/GIAC, CompTIA CySA+, or similar certifications.
• Experience in automotive or manufacturing environments.
• Knowledge of geopolitical and supply chain risks affecting cyber posture.