Principal Cyber Security Analyst

at  Leonardo UK Ltd

THE OPPORTUNITY

At Leonardo, we have a fantastic new opportunity for a Principal Cyber Security Analyst. Leonardo is a global high-tech company and one of the key players in Aerospace, Defence and Security. Headquartered in Italy, Leonardo has over 45,000 employees, of which 7,000 are based in the UK.
We are looking for a Principal Cyber Security Analyst to join the ARCHANGEL™ Protective Monitoring (ProMon) Team at our Yeovil site.
ARCHANGEL™ delivers specialist technical cyber security services to a range of clients across a variety of industries including government, defence, homeland security, CNI and aerospace. The ARCHANGEL™ ProMon Team sits within the Bristol and Yeovil Service Operations Centre and is responsible for providing thorough initial investigation into anomalous network activity that may lead to potential security incidents.
Beyond ARCHANGEL™, Leonardo and its Cyber Security division are a world leader in safety-through-technology, providing tailored solutions for customers in public administration, public safety and security, critical infrastructure, services, transport, post, and logistics.
You will be joining our highly skilled team at our Yeovil site. This is a great opportunity to bring your talents and form an integral part of Leonardo’s future. We can help you develop your skills and offer great opportunities to develop and grow, so why not join us!

WHAT WE ARE LOOKING FOR

You must be eligible for DV Clearance. For more information and guidance, please visit: https://www.gov.uk/government/publications/united-kingdom-security-vetting-clearance-levels.
We are looking for a motivated self-managed individual who is willing to help design and adapt a constantly evolving service; someone who can demonstrate above average analytical skills and liaise professionally with peers and customers even under pressure.

Essential

• Experience in cyber security including protective monitoring and incident response, e.g. GIAC GMON, GCIA, GCIH or equivalent experience.
• SIEM (LogRhythm, Splunk, etc) and IDS (Snort) experience.
• Network and Host security experience.
• Threat intelligence.
• Threat Hunting.
• Excellent communications skills.
• Mentoring and coaching.
• Ability to gain DV Clearance.

Desirable Qualifications

• SANS SEC 503 Intrusion Detection in Depth or equivalent.
• SANS SEC 504 Incident Handling, Hacker Tools and Techniques or equivalent.
• SANS SEC 508 Advanced Incident Response, Threat Hunting, and Digital Forensics or equivalent.
• SANS SEC 511 Continuous Monitoring and Security Operations or equivalent.

• Team Management: Provide direct line management, lead, and develop the SOC operations team, developing and supporting a positive culture and ensuring continuous skill development.
• Mentorship and Development: Mentor and develop junior analysts, developing and supporting a culture of continuous learning and innovation.
• Technical Leadership: Serve as the leading technical expert, ensuring efficient monitoring, detection, and response to security threats.
• Innovation and Continuous Improvement: Drive continuous improvement initiatives, staying at the forefront of cybersecurity practices.
• Tool and Technology Optimisation: Oversee the optimisation of critical security tools, ensuring they support proactive security postures.
• Incident Management and Response: Lead and support incident response efforts, providing expertise and guidance.
• Insider Threat Management: Manage and investigate Insider Threat cases upon request.
• Threat Hunting Leadership: Lead threat hunting teams during scheduled hunts, ensuring comprehensive threat detection.
• External Collaboration: Work with external partners to enhance the SOC’s defensive posture and ensure compliance with standards.
• Customer Network Oversight: Be the technical expert for assigned customer networks, ensuring their security.
• Customer Engagement and Reporting: Report weekly metrics and attend customer service reviews to provide technical insights.
• Cross-Functional Teamwork: Promote collaboration with other departments to address security challenges with integrated solutions.