LEONARDO vacancy search engine

You are here :  Home  ›  Vacancy list  ›  Job details

Cyber Incident Response Analyst

General information


Ref. 000356


Closing Date: 18/02/2019


Job Description


We’re looking for a Cyber Incident Response Analyst specialising in host forensics and malware analysis to join the ARCHANGEL™ Cyber Incident Response Team (CIRT).




ARCHANGEL™ delivers specialist technical cyber security services to a range of clients across a variety of industries including construction, government, defence and aerospace. The ARCHANGEL™ Cyber Incident Response Team sits within the Bristol Security Operations Centre and is responsible for providing thorough technical investigation of incidents escalated by the Security Operations Centre, managing and preparing for cyber security incidents on client estates, and providing specialist consultancy services including malware analysis, digital forensics and cyber response capability development.

Beyond ARCHANGEL™, Leonardo and its Cyber Security division are a world leader in safety-through-technology, providing tailored solutions for customers in public administration, public safety and security, critical infrastructure, services, transport, post and logistics.


What will you be doing?


A typical day includes investigating alerts from security appliances on our client’s estates, researching better ways to detect, analyse and respond to emerging threats based on cyber threat intelligence and maintaining our core capabilities and services through proper reporting, documentation and process development. In the event of a confirmed or suspected cyber security incident, you’ll be responsible for advising clients on the best course of action or taking the reigns and confidently understanding the extent, impact and possible remedial action, while capturing appropriate intelligence and supporting evidence during an investigation. Response may be conducted remotely or on client site.

You’ll also have the opportunity to get involved in our consulting engagements, which might see you training our clients on-site in best practice for cyber response, conducting investigations or supporting our cyber consulting team as a technical specialist.


Who would suit this role?


This role would ideally suit a seasoned incident responder, malware analyst or digital forensics investigator with experience of conducting enterprise-scale investigations, threat hunting or malware analysis. It would also suit a systems administrator looking to enter the field of incident response.





Key Responsibility Areas


Your key responsibility areas will include:


  • Reporting directly to the Senior Cyber Incident Response Analyst, supporting the professional delivery of all Cyber Incident Response services
  • Acting as the subject matter specialist in malware analysis for threat intelligence or during an ongoing incident
  • Advising clients on how to best respond to any given incident, from boardroom to boots-on-the-ground
  • Advising clients on how to best implement mitigation measures which might prevent or limit future incidents
  • Providing specialist cyber knowledge to clients and to the internal team
  • Conducting threat hunting across available security devices and through operating system native or custom tooling and capability
  • Developing threat intelligence such as the creation of YARA, OpenIOC and Snort signatures from the analysis of malware samples and output of incident investigations


How will we support you?


We offer fantastic opportunities for learning, development and professional growth. As a team, we dedicate time to research projects and encourage our specialists to get involved in the InfoSec community in Bristol and beyond, promoting sharing and constant development.


We want to support you and encourage you to fulfil your potential through:


  • Flex-leave schemes: We offer our employees the time and flexibility they need to enjoy a balanced life
  • Annual leave: We offer 25 days holiday plus 8 bank holidays
  • Supportive relocation package: to make your move to Bristol even more attractive
  • Award-winning pension scheme: Our multi-award-winning pension scheme includes generous employer contribution
  • Employee discount schemes: We offer you and your family an attractive range of discounts from retail and cinema to hotel bookings and vehicles benefits
  • Reserve Forces: We provide positive support to the Reserve Forces and allow employees who are Reservists to take additional time off
  • Free parking: This is available on or near all our sites
  • Salary sacrifice schemes including childcare voucher scheme: We encourage working parents to save money on childcare by offering them several advantageous facilities and vouchers
  • Career break: Where appropriate, we support our employees in pursuing other interests outside the workplace


To find out about all of our Company benefits please visit: http://www.uk.leonardocompany.com/people-careers/people/company-benefits


Why should you be in Bristol?


Bristol is regularly voted one of the world’s best places to live. It’s perfect - a small city that feels like a big city, handily placed for seaside and scenery, but hardly cut off from the rest of the country. It has a brilliant food and drink scene and tonnes of culture. It’s famed for Banksy, Brunel and the invention of Ribena – and it’s a quirky city that attracts people of all ages. Whether floating above the city in a hot-air balloon, or spending a day in the foodie quarter of Wapping Wharf, you’ll never be bored!



Skills, Qualifications & Knowledge Required


We’re looking for somebody that has:


  • Excellent knowledge of the inner workings of Windows Operating Systems
  • Excellent knowledge of how malware works and experience in tearing it apart to understand its capabilities and draw out actionable threat intelligence
  • Some knowledge of the fundamentals of Unix systems including MacOS and Linux distributions(Debian, Ubuntu, CentOS, etc)
  • Excellent knowledge of host-based investigations including digital forensic principles and practices
  • Excellent report writing skills
  • Ability to create YARA, OpenIOC and Snort signatures
  • Fundamental knowledge of common networking and routing protocols (e.g. TCP/IP), services (e.g. TLS, DNS, SMTP) and how they interact to provide network communications
  • Some experience of packet-level analysis, firewall and hypervisor administration, network appliance log analysis and management of network intrusion detection and prevention systems
  • Some knowledge of Cyber Security Incident Response processes and procedures
  • Some knowledge of Cyber Threat Intelligence creation, management and use
  • Some experience in winning commercial bids and delivering technical services
  • Some experience in developing and delivering commercial cyber security consulting services
  • Practical programming knowledge or experience in writing scripts in languages such as Python, PowerShell and Bash.


The role will also involve:


  • Occasional travel whilst conducting incident response work
  • Ability to attain SC clearance (minimum)






Headquartered in Italy, Leonardo has over 45,600 employees. With its offices and industrial plants, the Company is present in 180 sites worldwide, with a significant industrial presence in four domestic markets (Italy, the UK, the U.S. and Poland) as well as strategic partnerships in the most important high potential international markets.


Contact information:

Recruitment Team

Email: leonardo.gb@mailhr.info

Phone: 0333 999 3379