Senior Cyber Security Analyst

at  Leonardo UK Ltd

THE OPPORTUNITY

At Leonardo, we have a fantastic new opportunity for a Senior Cyber Security Analyst. Leonardo is a global high-tech company and one of the key players in Aerospace, Defence and Security. Headquartered in Italy, Leonardo has over 45,000 employees, of which 7,000 are based in the UK.
We are looking for a Senior Cyber Security Event Analyst to join the ARCHANGEL™ Protective Monitoring (ProMon) Team. ARCHANGEL™ delivers specialist technical cyber security services to a range of clients across a variety of industries including government, defence, homeland security, CNI and aerospace. The ARCHANGEL™ ProMon Team sits within the Bristol Security Operations Centre (SOC) and is responsible for providing thorough initial investigation into anomalous network activity that may lead to potential security incidents.
Beyond ARCHANGEL™, Leonardo and its Cyber Security division are a world leader in safety-through-technology, providing tailored solutions for customers in public administration, public safety and security, critical infrastructure, services, transport, post, and logistics.
You will be joining our highly skilled team at our Bristol site. This is a great opportunity to bring your talents and form an integral part of Leonardo’s future. We can help you develop your skills and offer great opportunities to develop and grow, so why not join us!

WHAT WE ARE LOOKING FOR

You must be eligible for Security Clearance. For more information and guidance, please visit: https://www.gov.uk/government/publications/united-kingdom-security-vetting-clearance-levels.
We are looking for a motivated self-managed individual who is willing to help design and adapt a constantly evolving service; someone who can demonstrate above average analytical skills and liaise professionally with peers and customers even under pressure.

Essential

• Experience in cyber security including protective monitoring and incident response, e.g. GIAC GMON, GCIA, GCIH or equivalent experience.
• SIEM (LogRhythm, Splunk, etc) and IDS (Snort) experience
• Network and Host security experience.
• Threat intelligence
• Threat Hunting
• Excellent communications skills
• Mentoring and coaching
• Ability to gain SC Clearance

Desirable

• SANS SEC 503 Intrusion Detection in Depth or equivalent
• SANS SEC 504 Incident Handling, Hacker Tools, and Techniques or equivalent
• SANS SEC 508 Advanced Incident Response, Threat Hunting, and Digital Forensics or equivalent
• SANS SEC 511 Continuous Monitoring and Security Operations or equivalent

We are relentless about inclusion. We understand an inclusive environment is one that welcomes everyone as they are. We see diversity as a strength. We still have some way to go to achieving diverse teams across our whole business. We would like you to be part of our journey to creating that better balance and welcome applications from all individuals from all walks of life as we build a stronger company together.
Primary Location:
GB - Bristol - Coldharbour Lane

• Analyse network, application, and system events to identify any potentially abnormal system behaviours and raise them as incidents for investigation.
• Perform and lead proactive analysis and threat hunting across client networks from knowledge of current threats and trends.
• Ensure all operational incidents, on-going tickets and relevant information is handled correctly in line with the Incident Handling processes.
• Ensure all tickets are quality checked before release to the customer.
• Produce operational reporting to support both customer and internal information exchanges and briefing and awareness requirements.
• Maintain a broad and current understanding of evolving threats and vulnerabilities to ensure the maintenance of the security of our client networks.
• Continually assess and maintain the SOC use cases and playbooks for the Archangel SOC to maintain excellence within the service.
• Act as a protective monitoring and SIEM SME during normal operations and as part of project teams looking to develop new solutions and capabilities.
• Provide continuous SME support, updates, and recommended courses of action for on-going incidents raised within the SOC.
• Provide continuity to the service as part of the operations team.
• Ensure sufficient staffing levels are available to meet the minimum staffing requirements of the shifts to maintain 24/7/365 operations, advising the SOC Security Operations Manager of any shortfalls at the earliest opportunity.
• Support analyst training, user awareness, mandated security education as required or specified and promote additional professional furtherance amongst the Protective Monitoring team.
• Sustain and manage the coaching and mentoring of Protective Monitoring Analysts
• Update the SOC Security Operations Manager with requirements for training plans for all Protective Monitoring Analysts.