Leonardo Bristol, England, United Kingdom
We are looking for a Cyber Security Analyst to join the ARCHANGEL™ Protective Monitoring (ProMon) Team. ARCHANGEL™ delivers specialist technical cyber security services to a range of clients across construction, government, defence and aerospace.
Role Summary
The ProMon Team sits within the Bristol Service Operations Centre (SOC) and is responsible for providing thorough initial investigation into anomalous network activity that may lead to potential security incidents.
Responsibilities
* Provide monitoring, alerting and incident handling services within the SOC in line with SLAs and within the 24/7/365 shift pattern.
* Act as the initial analytical reference point for identifying and quantifying the nature and extent of a security incident and offering initial professional advice relating to potential business impact to reduce MTTD and MTTR.
* Advise on incident containment measures through recommended initial actions to customers in collaboration with the Incident Response (IR) Team.
* Provide advice on potential mitigation measures to prevent or limit future reoccurrence in collaboration with the IR Team.
* Understand Incident Response, the Cyber Kill Chain, Threat Modelling and pertinent Attack Vectors.
* Work collaboratively across the team to create pertinent Playbooks, Use Cases, etc.
* Perform proactive analysis across client networks by staying abreast of current threats and trends.
* Develop and maintain a credible knowledge of current and emerging threats likely to affect the integrity of the managed service you are protecting.
* Review recurring false‑positive firings and assist in tuning SIEM and IDS rules to reduce false positives and maintain good alerting.
* Ensure all operational incidents, ongoing tickets and relevant information are handed over to the oncoming shift in an effective and efficient manner, using the shift handover process and documentation (HOTO).
* When required, assist in the creation of reporting for management and clients on security incidents and threat intelligence trends.
Qualifications
* Excellent communication skills at all levels; must be able to explain what is going on to customers.
* Experience in Cyber Security (Protective Monitoring, Incident Response, Security Engineering).
* Experience with SIEM (LogRhythm, Arcsight, Splunk, etc.) and IDS (Snort).
* Sound knowledge of IT security best practice, common attack types and detection/prevention methods.
* Proven experience analysing and interpreting system, security and application logs to diagnose faults and spot abnormal behaviours.
* Great organisational skills and attention to detail.
* Ability to work independently and as part of a team.
* Highly motivated with an aptitude to learn new skills.
* Ability to work within a Hybrid Remote Working shift pattern covering 24/7/365 operations.
* Occasional travel may be required.
Additional Skills
* SANS SEC 503 Intrusion Detection in Depth or equivalent.
* SANS SEC 504 Incident Handling, Hacker Tools and Techniques or equivalent.
* SANS SEC 508 Advanced Incident Response, Threat Hunting, and Digital Forensics or equivalent.
* SANS SEC 511 Continuous Monitoring and Security Operations or equivalent.
* Exposure to IT service management best practices such as ITIL.
* Knowledge of standards & guidelines such as ISO27001, GDPR principles and GPG-13.
* Threat Intelligence experience.
* Report writing.
Security Clearance
This role requires pre‑employment screening in line with the UK Government’s Baseline Personnel Security Standard (BPSS). Applicants must be able to obtain a Security Certificate (SC) clearance at a minimum. National Security Vetting (NSV) may also apply.
Benefits
* Time to Recharge – generous leave with up to 12 flexi‑days each year.
* Secure your Future – award‑winning pension scheme with up to 15% employer contribution.
* Your Wellbeing Matters – free access to mental health support, financial advice and employee‑led networks championing inclusion and diversity.
* Rewarding Performance – bonus scheme for employees at management level and below.
* Never Stop Learning – free access to 4,000+ online courses via Coursera and LinkedIn Learning.
* Refer a friend – financial reward through our referral programme.
* Tailored Perks – spend up to £500 annually on flexible benefits including private healthcare, dental, family cover, tech & lifestyle discounts, gym memberships and more.
* Flexible working – hybrid working options for part‑time or full‑time schedules.
Location & Contract
Primary Location: GB - Bristol - Coldharbour Lane
Contract Type: Permanent
Hybrid Working: Onsite
#J-18808-Ljbffr