We're looking for a Senior Cyber Security Event Analyst to join the ARCHANGEL? Protective Monitoring (ProMon) Team.
ARCHANGEL? delivers specialist technical cyber security services to a range of clients across a variety of industries including government, defence, homeland security, CNI and aerospace. The ARCHANGEL? ProMon Team sits within the Bristol Service Operations Centre and is responsible for providing thorough initial investigation into anomalous network activity that may lead to potential security incidents.
Beyond ARCHANGEL?, Leonardo and its Cyber Security division are a world leader in safety-through-technology, providing tailored solutions for customers in public administration, public safety and security, critical infrastructure, services, transport, post and logistics.
You will be joining our highly skilled team at our Bristol site. This is a great opportunity to bring your talents and form an integral part of Leonardo?s future. We can help you develop your skills and offer great opportunities to develop and grow, so why not join us!
How will we support you?
We offer fantastic opportunities for learning, development & professional growth. We want to support you & encourage you to fulfil your potential through:
Flex-leave schemes: We offer our employees the time & flexibility they need to enjoy a balanced life
Supportive relocation package: If you?re not local already, we can make arrangements to get help you move to the area.
Award-winning pension scheme: Our multi-award-winning pension scheme includes generous employer contribution
Annual leave: We offer 25 days holiday plus 8 bank holidays
Employee discount schemes: We offer you and your family an attractive range of discounts from retail and cinema to hotel bookings and vehicles benefits
Career break: Where appropriate, we support our employees in pursuing other interests outside the workplace
Salary sacrifice schemes including childcare voucher scheme: We encourage working parents to save money on childcare by offering them several advantageous facilities & vouchers
To find out about all of our Company benefits please visit:
We are looking for creative thinkers who have a passion for applying technology to solve real world problems and developing our next generation of world beating products and services
What you will do
Analyse network, application and system events in order to identify any potentially abnormal system behaviours and raise them as incidents for investigation
Perform and lead proactive analysis and threat hunting across client networks from knowledge of current threats and trends
Ensure all operational incidents, on-going tickets and relevant information is handled correctly in line with the Incident Handling processes
Ensure all tickets are quality checked before release to the customer
Produce operational reporting to support both customer and internal information exchanges and briefing and awareness requirements
Maintain a broad and current understanding of evolving threats and vulnerabilities to ensure the maintenance of the security of our client networks
Continually assess and maintain the SOC use cases and playbooks for the Archangel SOC to maintain excellence within the service
Act as a protective monitoring and SIEM SME during normal operations and as part of project teams looking to develop new solutions and capabilities
Provide continuous SME support, updates and recommended courses of action for on-going incidents raised within the SOC
Provide continuity to the service as part of the operations team.
Ensure sufficient staffing levels are available to meet the minimum staffing requirements of the shifts to maintain 24/7/365 operations, advising the Lead Analyst/Head of Service Operations of any shortfalls at the earliest opportunity.
Manage analyst training, user awareness, mandated security education as required or specified and promote additional professional furtherance amongst the ProMon team
Sustain and manage the direct line management, coaching and mentoring of ProMon Analysts
Maintain and update the training plans for all security event analysts
What we are looking for
We are looking for a motivated self-managed individual who is willing to help design and adapt a constantly evolving service; someone who can demonstrate above average analytical skills and liaise professionally with peers and customers even under pressure.
Experience in cyber security including protective monitoring and incident response, e.g. GIAC GMON, GCIA, GCIH or equivalent experience
SIEM (LogRhythm, Splunk, etc) and IDS (Snort) experience
Network and Host security experience
Excellent communications skills
Mentoring and coaching
Ability to gain SC Clearance
Knowledge of security appliances, e.g. FireEye, SourceFire, Bluecoat, etc.
IT Service Management Tool experience (Service Now, Footprints)
ITIL v3 Foundation in Service Management
The role will also involve
Ability to work independently and as part of a team
Ability to manage workload in pressurised environments; balancing time and quality constraints
Highly motivated, with the aptitude to learn new skills
Ability to manage small to medium sized projects and be part of larger project teams
Occasional travel may be required
May be required to cover the shift analysts in case of sickness or holiday