Senior Cyber Security Analyst

Leonardo UK
Gloucestershire, UK
Closing date
11 Feb 2021

View more

Technology & New Media
Contract Type

Job Details

We're looking for a Senior Cyber Security Event Analyst to join the ARCHANGEL? Protective Monitoring (ProMon) Team.

ARCHANGEL? delivers specialist technical cyber security services to a range of clients across a variety of industries including government, defence, homeland security, CNI and aerospace. The ARCHANGEL? ProMon Team sits within the Bristol Service Operations Centre and is responsible for providing thorough initial investigation into anomalous network activity that may lead to potential security incidents.

Beyond ARCHANGEL?, Leonardo and its Cyber Security division are a world leader in safety-through-technology, providing tailored solutions for customers in public administration, public safety and security, critical infrastructure, services, transport, post and logistics.

You will be joining our highly skilled team at our Bristol site. This is a great opportunity to bring your talents and form an integral part of Leonardo?s future. We can help you develop your skills and offer great opportunities to develop and grow, so why not join us!

How will we support you?

We offer fantastic opportunities for learning, development & professional growth. We want to support you & encourage you to fulfil your potential through:

Flex-leave schemes: We offer our employees the time & flexibility they need to enjoy a balanced life

Supportive relocation package: If you?re not local already, we can make arrangements to get help you move to the area.

Award-winning pension scheme: Our multi-award-winning pension scheme includes generous employer contribution

Annual leave: We offer 25 days holiday plus 8 bank holidays

Employee discount schemes: We offer you and your family an attractive range of discounts from retail and cinema to hotel bookings and vehicles benefits

Career break: Where appropriate, we support our employees in pursuing other interests outside the workplace

Salary sacrifice schemes including childcare voucher scheme: We encourage working parents to save money on childcare by offering them several advantageous facilities & vouchers

To find out about all of our Company benefits please visit:

(url removed)

We are looking for creative thinkers who have a passion for applying technology to solve real world problems and developing our next generation of world beating products and services

What you will do

Analyse network, application and system events in order to identify any potentially abnormal system behaviours and raise them as incidents for investigation

Perform and lead proactive analysis and threat hunting across client networks from knowledge of current threats and trends

Ensure all operational incidents, on-going tickets and relevant information is handled correctly in line with the Incident Handling processes

Ensure all tickets are quality checked before release to the customer

Produce operational reporting to support both customer and internal information exchanges and briefing and awareness requirements

Maintain a broad and current understanding of evolving threats and vulnerabilities to ensure the maintenance of the security of our client networks

Continually assess and maintain the SOC use cases and playbooks for the Archangel SOC to maintain excellence within the service

Act as a protective monitoring and SIEM SME during normal operations and as part of project teams looking to develop new solutions and capabilities

Provide continuous SME support, updates and recommended courses of action for on-going incidents raised within the SOC

Provide continuity to the service as part of the operations team.

Ensure sufficient staffing levels are available to meet the minimum staffing requirements of the shifts to maintain 24/7/365 operations, advising the Lead Analyst/Head of Service Operations of any shortfalls at the earliest opportunity.

Manage analyst training, user awareness, mandated security education as required or specified and promote additional professional furtherance amongst the ProMon team

Sustain and manage the direct line management, coaching and mentoring of ProMon Analysts

Maintain and update the training plans for all security event analysts

What we are looking for

We are looking for a motivated self-managed individual who is willing to help design and adapt a constantly evolving service; someone who can demonstrate above average analytical skills and liaise professionally with peers and customers even under pressure.


Experience in cyber security including protective monitoring and incident response, e.g. GIAC GMON, GCIA, GCIH or equivalent experience

SIEM (LogRhythm, Splunk, etc) and IDS (Snort) experience

Network and Host security experience

Threat intelligence

Threat Hunting

Excellent communications skills

Mentoring and coaching

Ability to gain SC Clearance


GIAC Certification

Knowledge of security appliances, e.g. FireEye, SourceFire, Bluecoat, etc.

IT Service Management Tool experience (Service Now, Footprints)

Report Writing

ITIL v3 Foundation in Service Management

The role will also involve

Ability to work independently and as part of a team

Ability to manage workload in pressurised environments; balancing time and quality constraints

Highly motivated, with the aptitude to learn new skills

Ability to manage small to medium sized projects and be part of larger project teams

Occasional travel may be required

May be required to cover the shift analysts in case of sickness or holiday

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert