Senior Cyber Security Analyst

• Flexible working: We offer our employees the time and flexibility they need to enjoy a balanced life through flexible hours and part time options.

• Custom working: The role may be a mixture of home-based and onsite.

• Flexible benefits: Our company-funded approach to flexible benefits allows employees to make choices appropriate for them. Each employee has access to a wide choice of lifestyle, health, and wellbeing options best suited to their individual lifestyle goals.

• Network groups: To demonstrate our ongoing commitment to diversity & inclusion we have network groups for:

• Carers (employees caring for families or friends)

• Enable (supporting people with disabilities)

• Equalise (development of a gender balanced workforce)

• Pride (promoting equality for all LGBTQ+ individuals)

• We also work in partnership with AFBE (Association for Black and Minority Ethnic Engineers).

• Training: Free access to professional learning platforms that provide more than 4,000 online courses. We also offer our team GOLD standard professional certification training such as SANS. You will be supported in your ongoing professional development though training and mentoring.

• Investors in People: We are proud recipients of the Investors in People Gold Award.

• Employee Assistance Programme: Providing free and confidential mental health support.

• Annual leave: We offer 25 days holiday, plus 8 bank holidays and twelve flexi days.

To find out about all of our Company benefits please visit: https://uk.leonardocompany.com/en/people-careers/life-at-leonardo/company-benefits

What you will do

• Analyse network, application, and system events to identify any potentially abnormal system behaviours and raise them as incidents for investigation.

• Perform and lead proactive analysis and threat hunting across client networks from knowledge of current threats and trends.

• Ensure all operational incidents, on-going tickets and relevant information is handled correctly in line with the Incident Handling processes.

• Ensure all tickets are quality checked before release to the customer.

• Produce operational reporting to support both customer and internal information exchanges and briefing and awareness requirements.

• Maintain a broad and current understanding of evolving threats and vulnerabilities to ensure the maintenance of the security of our client networks.

• Continually assess and maintain the SOC use cases and playbooks for the Archangel SOC to maintain excellence within the service.

• Act as a protective monitoring and SIEM SME during normal operations and as part of project teams looking to develop new solutions and capabilities.

• Provide continuous SME support, updates, and recommended courses of action for on-going incidents raised within the SOC.

• Provide continuity to the service as part of the operations team.

• Ensure sufficient staffing levels are available to meet the minimum staffing requirements of the shifts to maintain 24/7/365 operations, advising the SOC Security Operations Manager of any shortfalls at the earliest opportunity.

• Support analyst training, user awareness, mandated security education as required or specified and promote additional professional furtherance amongst the Protective Monitoring team.

• Sustain and manage the coaching and mentoring of Protective Monitoring Analysts

• Update the SOC Security Operations Manager with requirements for training plans for all Protective Monitoring Analysts.

You must be eligible for Security Clearance. For more information and guidance, please visit: https://www.gov.uk/government/publications/united-kingdom-security-vetting-clearance-levels.

We are looking for a motivated self-managed individual who is willing to help design and adapt a constantly evolving service; someone who can demonstrate above average analytical skills and liaise professionally with peers and customers even under pressure.

Essential

• Experience in cyber security including protective monitoring and incident response, e.g. GIAC GMON, GCIA, GCIH or equivalent experience.

• SIEM (LogRhythm, Splunk, etc) and IDS (Snort) experience

• Network and Host security experience.

• Threat intelligence

• Threat Hunting

• Excellent communications skills

• Mentoring and coaching

• Ability to gain SC Clearance

Desirable

• SANS SEC 503 Intrusion Detection in Depth or equivalent

• SANS SEC 504 Incident Handling, Hacker Tools, and Techniques or equivalent

• SANS SEC 508 Advanced Incident Response, Threat Hunting, and Digital Forensics or equivalent

• SANS SEC 511 Continuous Monitoring and Security Operations or equivalent

We are relentless about inclusion. We understand an inclusive environment is one that welcomes everyone as they are. We see diversity as a strength. We still have some way to go to achieving diverse teams across our whole business. We would like you to be part of our journey to creating that better balance and welcome applications from all individuals from all walks of life as we build a stronger company together.