Cyber Security Analyst

Job Description: We are looking for a Cyber Security Analyst to join the ARCHANGEL ProMon Team. ARCHANGEL delivers specialist technical cyber security services to clients across industries including construction, government, defence and aerospace. The ARCHANGEL ProMon Team sits within the Bristol Service Operations Centre (SOC) and provides initial investigation into anomalous network activity that may lead to potential security incidents. Leonardo and its Cyber Security division are leaders in safety-through-technology, serving customers in public administration, public safety and security, critical infrastructure, services, transport, post and logistics. You will join our Bristol team and contribute to Leonardo's future. We are committed to a work environment that promotes well-being and balance for all employees.

So let’s get down to what you will do as a Cyber Security Analyst!

• Provide monitoring, alerting and incident handling services within the SOC in line with SLAs and within the 24/7/365 shift pattern
• Act as the initial analytical reference point for identifying and quantifying the nature and extent of security incidents, and offer initial professional advice relating to possible business impact to reduce Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR)
• Advise on incident containment measures through recommended initial actions to customers in collaboration with the Incident Response (IR) Team
• Provide advice relating to potential mitigation measures to prevent or limit future reoccurrence in collaboration with the IR Team
• Understand Incident Response, Cyber Kill Chain, Threat Modelling and pertinent Attack Vectors
• Collaborate across the team to create pertinent Playbooks and Use Cases
• Perform proactive analysis across client networks by staying abreast of current threats and trends
• Develop and maintain knowledge of current and emerging threats affecting the managed service
• Review recurring false positive firings and assist in tuning SIEM and IDS rules to reduce false positives and maintain effective security alerting
• Ensure all operational incidents, ongoing tickets and relevant information are handed over to the oncoming shift using the shift handover process
• Assist in the creation of reporting for management and clients on security incidents and threat intelligence trends when required

• Excellent communication at all levels; ability to work with customers and clearly explain what is happening
• Experience in Cyber Security, e.g. Protective Monitoring, Incident Response, Security Engineering
• SIEM (LogRhythm, ArcSight, Splunk, etc) and IDS (Snort) experience
• Strong knowledge of IT security best practices, common attack types and detection/prevention methods
• Experience analysing and interpreting system, security and application logs to diagnose faults and identify abnormal behaviours
• Strong organisational skills and attention to detail
• Ability to work independently and as part of a team
• Highly motivated with the aptitude to learn new skills
• Ability to work within a Hybrid Remote Working shift pattern covering 24/7/365 operations
• Occasional travel may be required

Additional Skills

• SANS SEC 503 Intrusion Detection in Depth or equivalent
• SANS SEC 504 Incident Handling, Hacker Tools and Techniques or equivalent
• SANS SEC 508 Advanced Incident Response, Threat Hunting, and Digital Forensics or equivalent
• SANS SEC 511 Continuous Monitoring and Security Operations or equivalent
• Exposure to IT service management best practices such as ITIL
• Knowledge of standards and guidelines such as ISO27001, GDPR principles and GPG-13
• Threat Intelligence experience
• Report Writing

This is not an exhaustive list; we welcome applicants even if you do not have experience in all the items above. The most important skill is a good attitude and willingness to learn.

This role is subject to pre-employment screening in line with the UK Government’s Baseline Personnel Security Standard (BPSS). Personnel applying must have the ability to obtain SC clearance at a minimum. An additional range of Personnel Security Controls referred to as National Security Vetting (NSV) may apply; this could include meeting the eligibility requirements for The Security Check (SC) or Developed Vetting (DV).

For more information and guidance please visit: https://careers.uk.leonardo.com/gb/en/security-and-vetting

Leonardo is committed to building an inclusive, accessible, and welcoming workplace. We offer a comprehensive, company-funded benefits package supporting wellbeing, career development, and work–life balance.

• Time to Recharge: Generous leave with up to 12 additional flexi-days per year.
• Secure your Future: Pension scheme with up to 15% employer contribution.
• Your Wellbeing Matters: Free access to mental health support, financial advice, and employee networks promoting inclusion and diversity.
• Rewarding Performance: Bonus scheme for management level and below.
• Never Stop Learning: Access to 4,000+ online courses via Coursera and LinkedIn Learning.
• Refer a friend: Refer-a-friend rewards.
• Tailored Perks: Flexible benefits including private healthcare, dental, family cover, discounts, and more.
• Flexible working: Hybrid options; discuss part-time possibilities for this role.

For a full list of company benefits please visit our website.

Leonardo is a global leader in Aerospace, Defence, and Security. We employ over 53,000 people worldwide, with significant UK presence. We are committed to an inclusive, accessible workplace and welcome applicants with accessibility requirements.

Be part of something bigger - apply now!

Primary Location: GB - Bristol - Coldharbour Lane

Contract Type: Permanent

Hybrid Working: Onsite