Specialist, Cyber Threat Intelligence

Specialist, Cyber Threat Intelligence at Air Canada

Being part of Air Canada means joining an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation.

The Specialist, Cyber Threat Intelligence is responsible for proactively identifying, analyzing, and disrupting cyber threats targeting the organization. This role blends strategic and tactical threat intelligence with hands-on threat hunting, enabling early detection of advanced adversaries, emerging attack techniques, and targeted campaigns.

Responsibilities

• Collect, analyze, validate, and contextualize cyber threat intelligence from multiple sources including OSINT, dark web forums, commercial feeds, ISACs, industry partners, and internal telemetry to identify emerging threats, adversary TTPs, and sector-specific risks.
• Drive and continuously mature the strategy, governance, and operational execution of the Cyber Threat Intelligence program, establishing a formal intelligence lifecycle that ensures actionable intelligence is effectively collected, enriched, analyzed, disseminated, and operationalized within security functions.
• Track, profile, and conduct deep analysis of threat actors targeting the organization’s industry, technology stack, and supply chain, including long-term campaign tracking, infrastructure reuse, malware evolution, and adversary behavior patterns.
• Conduct intelligence-led and hypothesis-driven threat hunting across enterprise systems to identify stealthy, advanced, or previously undetected adversary activity.
• Support and participate in incident response, forensic analysis, and post-incident investigations, providing adversary attribution assessments, likely next-step analysis, and intelligence-based scope expansion.
• Serve as a bridge between fraud prevention, SOC, and intelligence teams to ensure comprehensive coverage of threats. Facilitate information sharing and collaboration to strengthen the organization’s overall security posture.
• Create detailed technical reports, threat advisories, and early warning alerts on emerging threats and incidents for technical and non-technical stakeholders.

Qualifications

Candidates for the Specialist, Cyber Threat Intelligence role should possess a relevant University degree/technical certification, and/or relevant experience commensurate to the role, demonstrating a strong foundation in cybersecurity.

• 5+ years of hands-on professional experience in Cyber Threat Intelligence and Threat Hunting within large enterprise or critical infrastructure environments.
• Deep, applied understanding of adversary tradecraft, including intrusion kill chains, MITRE ATT&CK, Diamond Model, malware families, exploitation techniques, persistence mechanisms, and threats targeting aviation and critical infrastructure sectors.
• Demonstrated experience conducting intelligence-led and hypothesis-driven threat hunts.
• Strong hands-on experience with threat intelligence platforms (TIPs), including IOC ingestion, enrichment, scoring, aging, and operational deployment.
• Proven ability to perform malware and campaign analysis, correlating samples, infrastructure, C2 patterns, payload behavior, delivery mechanisms, and underground chatter into cohesive adversary assessments.
• Experience with dark web monitoring, closed forums, and leak sites.
• Advanced log analysis and data correlation skills to identify low-signal, stealthy, or novel adversary activity.
• Hands-on experience developing automation pipelines, scripts, or tooling (Python, PowerShell, APIs, SOAR, etc.) to support intelligence collection, normalization, enrichment, and dissemination.
• Experience with query languages and analytics (KQL, SPL, SQL, etc.) to support threat hunting, detections, and investigations.
• Experience building custom intelligence and threat dashboards (Splunk, Kibana, Grafana, Power BI) to track adversary campaigns, infrastructure, trends, and risk indicators.
• Ability to translate raw intelligence into actionable detections.
• Proven capability to work independently on complex investigations, prioritize competing intelligence requirements.
• Relevant security certifications preferred (e.g., GCTI, GIAC), or equivalent demonstrated expertise through operational experience.

Beyond technical skills, the ideal candidate will exhibit several key competencies:

• Adaptability and Flexibility: The ability to function effectively under pressure, rapidly changing conditions, and maintain self-control in challenging situations. Openness to new ways of doing things.
• Accountability and Credibility: Takes responsibility for results and future direction, demonstrating reliability and trustworthiness.
• Customer Orientation: A demonstrated concern for satisfying external and/or internal customers.
• Results Orientation: Focusing on desired outcomes, setting challenging goals, and consistently meeting or exceeding them.
• Forward Thinking: Anticipating implications and consequences, taking proactive action for contingencies.
• Fostering Teamwork: A strong desire and ability to work cooperatively with others on a team.
• Analytical Thinking: Approaching problems using a logical, systematic, and sequential method.
• Interpersonal Effectiveness: The ability to notice, interpret, and anticipate others’ concerns and feelings, communicating this awareness empathetically.
• Demonstrate punctuality and dependability to support overall team success in a fast-paced environment.

Conditions Of Employment

Candidates must be eligible to work in the country of interest at the time any offer of employment is made. Seeking any required work permits/visas or other authorizations is the sole responsibility of the candidates applying for this position.

Linguistic Requirements

Based on equal qualifications, preference will be given to bilingual candidates.

Diversity and Inclusion

Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible, and rewarding work environment which highlights employees’ unique contributions to our company’s success. As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.

Air Canada thanks all candidates for their interest; however, only those selected to continue in the process will be contacted.

Key skills/competency

• Cyber Threat Intelligence
• Threat Hunting
• Adversary Tradecraft
• MITRE ATT&CK
• Threat Intelligence Platforms (TIPs)
• Malware Analysis
• Dark Web Monitoring
• Log Analysis
• Automation (Python, PowerShell)
• Query Languages (KQL, SPL, SQL)