Overview
WELCOME TO SITA
At SITA, we keep airports moving, airlines flying smoothly, and borders open. Our technology and communication innovations power the success of the global air travel industry.
You’ll find us in 95% of international airports, working closely with over 2,500 transportation and government clients. Each partnership brings unique challenges, and we thrive on delivering fresh solutions and cutting-edge tech to keep operations running like clockwork. We don’t just move the world forward, we’re proud to be recognized as a Great Place to Work® by our employees and certified in most of our growing locations. Here, we feel empowered, supported, and inspired to grow.
Are you ready to love your job? The adventure begins right here, with you, at SITA.
PURPOSE
As the Digital Forensics & Incident Response Lead, you will take full ownership of high-severity investigations—rapidly detecting, containing, and neutralizing threats—while driving digital forensics and proactive threat hunting initiatives. You will act as Incident Commander and serve as the primary technical escalation point for complex cases.
You will join SITA’s STORM (Security Threat & Operational Risk Management) organization, collaborating closely with SOC, CTI, Cloud/Platform, Product, and customer-facing teams to enhance detection and response capabilities across SITA, our clients, and the broader air-transport ecosystem.
ABOUT THE ROLE & TEAM
As the Digital Forensics & Incident Response Lead, you will take full ownership of high-severity investigations—rapidly detecting, containing, and neutralizing threats—while driving digital forensics and proactive threat hunting initiatives. You will act as Incident Commander and serve as the primary technical escalation point for complex cases.
You will join SITA’s STORM (Security Threat & Operational Risk Management) organization, collaborating closely with SOC, CTI, Cloud/Platform, Product, and customer-facing teams to enhance detection and response capabilities across SITA, our clients, and the broader air-transport ecosystem.
WHAT YOU WILL DO
Incident Response & Coordination
Lead high/critical incident response: containment, eradication, recovery, and post-incident hardening.
Act as Incident Commander, coordinating SOC, CTI, IT, cloud, product, and business teams.
Produce reports, executive readouts, and track lessons learned.
Update playbooks, detections, and response patterns based on evolving threats.
Digital Forensics & Evidence Handling
Perform forensically sound acquisition and analysis across endpoints, servers, cloud, network, and SaaS.
Maintain chain-of-custody and document to industry standards.
Reconstruct attacker activity and map to MITRE ATT&CK.
Threat Hunting & Detection Engineering
Conduct hypothesis-driven hunts across EDR, SIEM, cloud, and network telemetry.
Convert findings into high-fidelity detections, analytics, and SOAR automations.
Validate and tune rules to reduce false positives and improve coverage.
Triage, Monitoring & QA
Oversee L1/L2 triage quality, severity calibration, and playbook execution.
Refine thresholds, use cases, runbooks, dashboards, and KPIs.
Tooling, Automation & Telemetry
Develop scripts and tools to accelerate evidence collection and response.
Partner with platform owners to improve logging, telemetry, and retention at scale.
Qualifications
ABOUT YOUR SKILLS
Proven experience leading incident response and digital forensics in hybrid environments.
Hands-on with EDR (CrowdStrike), SIEM (Splunk, Sentinel, Elastic), and SOAR.
Scripting for DFIR/automation (Python/PowerShell); familiarity with KQL.
Deep knowledge of attacker tradecraft and MITRE ATT&CK.
Excellent communication skills to brief executives and guide teams.
Nice-to-Have:
Certifications: GCFA, GNFA, GCIH, GREM, OSCP, CISSP.
Cloud DFIR (Azure/AWS/GCP) and identity-centric investigations (Entra ID/Okta).
Exposure to OT/airport systems in air-transport environments.
WHAT WE OFFER
We’re all about diversity. We operate in 200 countries and speak 60 different languages and cultures. We’re really proud of our inclusive environment. Our offices are comfortable and fun places to work, and we make sure you get to work from home too. Find out what it's like to join our team and take a step closer to your best life ever.
🏡 Flex Week: Work from home up to 2 days/week (depending on your team’s needs)
⏰ Flex Day: Make your workday suit your life and plans. (Depending on the stakeholders and BISO Directors needs)
🌎 Flex Location: Take up to 30 days a year to work from any location in the world.
🌿Employee Wellbeing: We’ve got you covered with our Employee Assistance Program (EAP), for you and your dependents 24/7, 365 days/year. We also offer Champion Health – a personalized platform that supports a range of wellbeing needs.
🚀Professional Development: Level up your skills with our training platforms, including LinkedIn Learning!
🙌🏽 Competitive Benefits: Competitive benefits that make sense with both your local market and employment status.
SITA is an Equal Opportunity Employer. We value a diverse workforce. In support of our Employment Equity Program, we encourage women, aboriginal people, members of visible minorities, and/or persons with disabilities to apply and self-identify in the application process.
