About this job

We’re looking for a Cyber Security Analyst to join the ARCHANGEL™ Protective Monitoring (ProMon) Team. ARCHANGEL™ delivers specialist technical cyber security services to a range of clients across a variety of industries including construction, government, defence and aerospace.

The ARCHANGEL™ ProMon Team sits within the Bristol Security Operations Centre (SOC) and is responsible for providing thorough initial investigation into anomalous network activity that may lead to potential security incidents.

Beyond ARCHANGEL™, Leonardo and its Cyber Security division are a world leader in safety-through-technology, providing tailored solutions for customers in public administration, public safety and security, critical infrastructure, services, transport, post and logistics.

You will be joining our highly skilled team at our Bristol site. This is a great opportunity to bring your talents and form an integral part of Leonardo’s future. We can help you develop your skills and offer great opportunities to develop and grow, so why not join us!

At Leonardo, we believe that our employees work best when they are able to achieve balance between work and other aspects of life and so that you can enjoy the great city of Bristol! That’s why we are committed to designing policies and developing a working environment that promote the benefits and well-being of all our employees.

We want to support you and encourage you to fulfil your potential through:

• Learning & Development: We help assess your development needs in line with the role you wish to perform, and allow you to further develop your knowledge.
• Award-winning pension scheme: Our multi-award-winning pension scheme includes generous employer contribution.
• Reserve Forces: We provide positive support to the Reserve Forces and allow employees who are Reservists to take additional time off.
• Generous relocation package: We offer an excellent package to ease the move for people relocating for work.
• Maternity, Paternity, parental, adoption and dependent leave: We care to ensure that we consider every aspect of your needs. All these policies are covered as part of our Work-Life Balance Policy.
• Salary sacrifice schemes including childcare voucher scheme: We encourage working parents to save money on childcare by offering them several advantageous facilities and vouchers.
• Career break: Where appropriate, we support our employees in pursuing other interests outside the workplace.

Responsibilities

So let’s get down to what you will do!

• Provide monitoring, alerting and incident handling services within the SOC in line with SLAs and within the 24/7/365 shift pattern.
• Act as the initial analytical reference point for identifying and then quantifying the nature and extent of security incident and offer initial professional advice relating to possible business impact in order to reduce both the Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).
• Advise on incident containment measures through recommended initial actions to customers in collaboration with the Incident Response (IR) Team.
• Provide advice relating to potential mitigation measures in order to prevent, or limit future reoccurrence in collaboration with the Incident Response (IR) Team.
• Have an understanding of Incident Response, Cyber Kill Chain, Threat Modelling and pertinent Attack Vectors.
• Have a collaborative working ethos in order to work across the team in order to create pertinent Playbooks, Use Cases, etc.
• Perform proactive analysis across client networks by staying abreast of current threats and trends.
• Develop and maintain a credible knowledge of current and emerging threats likely to affect the Integrity of the managed service you are protecting.
• Review reoccurring false positive firings and assist in the tuning of SIEM and IDS rules to reduce false positives and maintain good security alerting.
• Ensure all operational incidents, on-going tickets and relevant information is handed over to the oncoming shift in an effective and efficient manner, using the shift handover process and documentation (HOTO).
• When required assist in the creation of reporting for management and clients on security incidents and threat intelligence trends.

Profile

Be able to excellently communicate at all levels, working with customers is a must, so we need you to be able to let them know what’s going on

• Experience in Cyber Security, e.g. Protective Monitoring, Incident Response, Security Engineering
• SIEM (LogRhythm, Arcsight, Splunk, etc) & IDS (Snort) experience
• Have a sound knowledge of IT security best practice, common attack types & detection / prevention methods
• Demonstrate experience of analysing & interpreting system, security & application logs in order to diagnose faults & spot abnormal behaviours
• Have great organisational skills & attention to detail
• Due to the nature of the tasks involved, you must be capable of achieving full SC security clearance
• Ability to work independently & as part of a team
• Highly motivated, with the aptitude to learn new skills
• Ability to work within a shift pattern covering 24/7/365 operations
• Occasional travel may be required
• Potential to provide temporary cover to NCIRC as required (travel to Mons may be required)

These additional skills will also help:

• SANS SEC 503 Intrusion Detection in Depth or equivalent
• SANS SEC 504 Incident Handling, Hacker Tools and Techniques or equivalent
• SANS SEC 511 Continuous Monitoring and Security Operations or equivalent
• Exposure to IT service management best practices such as ITIL
• Knowledge of standards & guidelines such as ISO27001,GDPR principles and GPG-13.
• Threat Intelligence experience
• Report Writing