Specialist, Cyber Threat Intelligence

Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation.

The Specialist, Cyber Threat Intelligence is responsible for proactively identifying, analyzing, and disrupting cyber threats targeting the organization. This role blends strategic and tactical threat intelligence with hands-on threat hunting, enabling early detection of advanced adversaries, emerging attack techniques, and targeted campaigns.

Responsibilities:

• Collect, analyze, validate, and contextualize cyber threat intelligence from multiple sources including OSINT, dark web forums, commercial feeds, ISACs, industry partners, and internal telemetry to identify emerging threats, adversary TTPs, and sector-specific risks
• Drive and continuously mature the strategy, governance, and operational execution of the Cyber Threat Intelligence (CTI) program, establishing a formal intelligence lifecycle that ensures actionable intelligence is effectively collected, enriched, analyzed, disseminated, and operationalized within security functions
• Track, profile, and conduct deep analysis of threat actors targeting the organization’s industry, technology stack, and supply chain, including long-term campaign tracking, infrastructure reuse, malware evolution, and adversary behavior patterns
  Conduct intelligence-led and hypothesis-driven threat hunting across enterprise systems to identify stealthy, advanced, or previously undetected adversary activity
• Support and participate in incident response, forensic analysis, and post-incident investigations, providing adversary attribution assessments, likely next-step analysis, and intelligence-based scope expansion
• Serve as a bridge between fraud prevention, SOC, and intelligence teams to ensure comprehensive coverage of threats. Facilitate information sharing and collaboration to strengthen the organization’s overall security posture
• Create detailed technical reports, threat advisories, and early warning alerts on emerging threats and incidents for technical and non-technical stakeholders

Qualifications

• A relevant University degree/technical certification, and/or relevant experience commensurate to the role
• 5+ years of hands-on professional experience in Cyber Threat Intelligence and Threat Hunting within large enterprise or critical infrastructure environments
• Deep, applied understanding of adversary tradecraft, including intrusion kill chains, MITRE ATT&CK, Diamond Model, malware families, exploitation techniques, persistence mechanisms, and threats targeting aviation and critical infrastructure sectors
• Demonstrated experience conducting intelligence-led and hypothesis-driven threat hunts
• Strong hands-on experience with threat intelligence platforms (TIPs), including IOC ingestion, enrichment, scoring, aging, and operational deployment
• Proven ability to perform malware and campaign analysis, correlating samples, infrastructure, C2 patterns, payload behavior, delivery mechanisms, and underground chatter into cohesive adversary assessments
• Experience with dark web monitoring, closed forums, leak sites
• Advanced log analysis and data correlation skills to identify low-signal, stealthy, or novel adversary activity
• Hands-on experience developing automation pipelines, scripts, or tooling (Python, PowerShell, APIs, SOAR, etc.) to support intelligence collection, normalization, enrichment, and dissemination
• Experience with query languages and analytics (KQL, SPL, SQL, etc.) to support threat hunting, detections, and investigations
• Experience building custom intelligence and threat dashboards (Splunk, Kibana, Grafana, Power BI) to track adversary campaigns, infrastructure, trends, and risk indicators
• Ability to translate raw intelligence into actionable detections
• Proven capability to work independently on complex investigations, prioritize competing intelligence requirements
• Relevant security certifications preferred (e.g., GCTI, GIAC), or equivalent demonstrated expertise through operational experience
• Adaptability and Flexibility - The ability to keep functioning effectively when under pressure and/or experiencing rapidly changing or uncertain conditions, and to maintain self-control in the face of hostility or provocation. Openness to different and new ways of doing things; willingness to modify one’s preferred way of doing things
• Accountability and Credibility - Takes responsibility for the results and future direction of the organization. Demonstrated concern that one be perceived as responsible, reliable, and trustworthy
• Customer Orientation - Demonstrated concern for satisfying one’s external and/or internal customers
• Results Orientation - Focusing on the desired end result of one’s own or one’s unit's work; setting challenging goals, focusing effort on the goals, and meeting or exceeding them
• Forward Thinking - Anticipating the implications and consequences of situations and taking appropriate action to be prepared for possible contingencies
• Fostering Teamwork - As a team member, the ability and desire to work cooperatively with others on a team. As a team leader, interest, skill, and success in getting groups to learn to work together cooperatively
• Analytical Thinking - Approaching a problem by using a logical, systematic, sequential approach
• Interpersonal Effectiveness - The ability to notice, interpret, and anticipate others’ concerns and feelings, and to communicate this awareness empathetically to others
• Demonstrate punctuality and dependability to support overall team success in a fast-paced environment.

Conditions of Employment:

Candidates must be eligible to work in the country of interest, at the time any offer of employment is made and seeking any required work permits/visas or other authorizations which may be required is the sole responsibility of the candidates applying for this position.

Linguistic Requirements

Based on equal qualifications, preference will be given to bilingual candidates.

Diversity and Inclusion

Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success.

As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.

Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.