LEONARDO vacancy search engine

You are here :  Home  ›  Vacancy list  ›  Job details

Senior Security Event Analyst

General information


Ref. 000449


Closing Date: 17/05/2019


Job Description

We're looking for a Senior Security Event Analyst to join the ARCHANGEL™ Protective Monitoring (ProMon) Team.


ARCHANGEL™ delivers specialist technical cyber security services to a range of clients across a variety of industries including construction, government, defence and aerospace. The ARCHANGEL™ ProMon Team sits within the Bristol Security Operations Centre and is responsible for providing thorough initial investigation into anomalous network activity that may lead to potential security incidents.


Beyond ARCHANGEL™, Leonardo and its Cyber Security division are a world leader in safety-through-technology, providing tailored solutions for customers in public administration, public safety and security, critical infrastructure, services, transport, post and logistics.


You will be joining our highly skilled team at our Bristol site. This is a great opportunity to bring your talents and form an integral part of Leonardo’s future. We can help you develop your skills and offer great opportunities to develop and grow, so why not join us!


At Leonardo, we believe that our employees work best when they are able to achieve balance between work and other aspects of life and so that you can enjoy the great city of Bristol! That’s why we are committed to designing policies and developing a working environment that promote the benefits and well-being of all our employees.


We want to support you and encourage you to fulfil your potential through:


  • Flex-leave schemes: We offer our employees the time and flexibility they need to enjoy a balanced life.
  • Annual leave: We offer 25 days holiday plus 8 bank holidays.
  • Learning & Development: We help assess your development needs in line with the role you wish to perform, and allow you to further develop your knowledge.
  • Award-winning pension scheme: Our multi-award-winning pension scheme includes generous employer contribution.
  • Employee discount schemes: We offer you and your family an attractive range of discounts from retail and cinema to hotel bookings and vehicles benefits.
  • Reserve Forces: We provide positive support to the Reserve Forces and allow employees who are Reservists to take additional time off.
  • Generous relocation package: We offer an excellent package to ease the move for people relocating for work.
  • Maternity, Paternity, parental, adoption and dependent leave: We care to ensure that we consider every aspect of your needs. All these policies are covered as part of our Work-Life Balance Policy.
  • Salary sacrifice schemes including childcare voucher scheme: We encourage working parents to save money on childcare by offering them several advantageous facilities and vouchers.
  • Career break: Where appropriate, we support our employees in pursuing other interests outside the workplace.


To find out about all of our Company benefits please visit: http://www.uk.leonardocompany.com/people-careers/people/company-benefits



Key Responsibility Areas

So let’s get down to what you will do!

  • Analyse network, application and system events in order to identify any potentially abnormal system behaviours and raise them as incidents for investigation
  • Perform and lead proactive analysis across client networks from knowledge of current threats and trends
  • Maintain and update the training plans for all security event analysts
  • Ensure all operational incidents, on-going tickets and relevant information is handed over to the oncoming shift in an effective and efficient manner, using the shift handover process and documentation (HOTO)
  • Ensure all tickets are quality checked before release to the customer
  • Provide continuous SME support, updates and recommended courses of action for on-going incidents raised within the SOC
  • Ensure sufficient staffing levels are available to meet the minimum staffing requirements of your shift to maintain 24/7/365 operations, advising the Principal Analyst/Head of Cyber Operations of any shortfalls at the earliest opportunity.  Additionally, provide support to NCIRC (NATO) as required
  • Manage shift training, user awareness, mandated security education as required or specified and promote additional professional furtherance amongst your shift
  • Act as the shift protective monitoring and SIEM SME 
  • Produce operational reporting to support both customer and internal information exchanges and briefing and awareness requirements
  • Maintain a broad and current understanding of evolving threats and vulnerabilities to ensure the maintenance of the security of our client networks
  • Sustain and manage the direct line management, coaching and mentoring of shift personnel
  • Continually assess and maintain the SOC  use cases and playbook including rule tuning efficiencies) for the Archangel SOC to maintain excellence within the service



Skills, Qualifications & Knowledge Required

We are looking for a motivated self-managed individual who is willing to help design and adapt a constantly evolving service; someone who can demonstrate above average analytical skills and liaise professionally with peers and customers even under pressure.


We would love for you to be able to talk about:

  • Experience in cyber security including protective monitoring and incident response, e.g. GIAC GMON, GCIA, GCIH or equivalent experience
  • SIEM (LogRhythm, Arcsight, Splunk, etc) and IDS (Snort) experience
  • Network security
  • Excellent communications skills
  • Mentoring and coaching
  • Ability to gain SC Clearance


These additional skills will also help:

  • SEC 503 – Intrusion Detection In-Depth
  • SEC 504 – Hacker Tools, Techniques, Exploits, and Incident Handling
  • SEC 511 – Continuous Monitoring and Security Operations
  • Knowledge of security appliances, e.g. FireEye, SourceFire, NIKSUN, Bluecoat, etc.
  • Report Writing
  • ITIL v3 Foundation in Service Management
  • Threat intelligence


The role will also involve

  • Ability to work independently and as part of a team
  • Ability to manage workload in pressurised environments; balancing time and quality constraints
  • Highly motivated, with the aptitude to learn new skills
  • Ability to work within a shift pattern covering 24/7/365 operations
  • Occasional travel may be required
  • Potential to provide temporary cover to NCIRC as required (travel to Mons may be required).


If this sounds like you why not apply and join our Bristol team!






Headquartered in Italy, Leonardo has over 45,600 employees. With its offices and industrial plants, the Company is present in 180 sites worldwide, with a significant industrial presence in four domestic markets (Italy, the UK, the U.S. and Poland) as well as strategic partnerships in the most important high potential international markets.


Contact information:

Recruitment Team

Email: leonardo.gb@mailhr.info

Phone: 0333 999 3379