Senior Security Event Analyst – 2050
The Security & Information Systems Division (S&IS) is a pivotal innovator, supplying safety through technology, to provide our customers with more efficient, safe and secure products and services, whatever their requirements.
The S&IS Division is a world leader in safety-through-technology, providing tailored solutions for customers in public administration, public safety and security, critical infrastructure, services, transport, large companies, post and logistics.
S&IS (UK) is at the forefront of supplying technology and services for both civil and defence markets, in both the UK and around the world, to enhance the capabilities of its Customers.
We are looking for creative thinkers who have a passion for applying technology to solve real world problems and developing our next generation of world beating products.
Leonardo is looking to recruit Senior (Level 2) Security Event Analysts contracted out of its site in Bristol, with International Assignment. The role will require candidate’s significant experience in the analysis and handling of network security related events and security event management, with experience of working at expert level as a security event analyst or cyber tools specialist in multiple areas of cyber technologies.
Security Clearance SC minimum (NATO SECRET required).
As the Senior Security Event Analyst working embedded within the NCIRC customer working environment, the successful candidate will be required to use their in-depth knowledge gained from both experience and qualifications in the Cyber Defence arena to work on advanced cyber-attacks against one of the largest cyber implementations outside of North America. This will include the utilisation of log analysis, IDS/IPS, FPC and forensics tools across a distributed sensor network. The SSEA will be required to provide leadership, mentoring and guidance to other staff members within the Event Analysis team.
Key Responsibility Areas
- Support to Level 1 Event Analysts:
- Reviewing of tickets;
- Support for analysis of events;
- Retrieval and support in the analysis of Full Packet Captures (FPC);
- Provision of in-depth analysis after ticket escalation;
- New threat analysis;
- Vulnerability Assessment scanning;
- Signature creation e.g. SNORT rules;
- Test and evaluation of signatures and rules prior to deployment in the operational environment;
- Evaluation and implementation of sensor tuning requests;
- Online research, such as creating new signatures, developing new methods of detecting andmonitoring new threats, keeping abreast of developments in the cyber arena;
- Assistance in the support of legacy cyber sensor products;
- Provision of On the Job Training (OJT) for the Level 1 event analysts, including tools familiarisation;
- Creation and updating of Standard Operating Procedures (SOPs) and Security Policies;
- Creation of a monthly report to the Customer and the Business;
- Adhoc taskings from the Incident Management Section (IMS) in support to investigations;
- Occasional deputisation for NCIA Subject Matter Experts (when required);
- Monthly knowledge transfer meetings for information exchange with the internal cell.
Skills, Qualifications & Knowledge Required
- Significant experience in the analysis and handling of network security related events and security event management.
- Essential to have one of more professional SANS (e.g., GSEC, GCIA) or CISSP certifications.
Expert level of management and analysis of (i.e. Security Event Analyst experience), or configuration, operation, troubleshooting and management (i.e. Tools Specialist) in at least three of the following areas, and a high level of experience in several of the other areas:
- ArcSight products,
- Network Based Intrusion Detection Systems (NIDS),
- Host Based Intrusion Detection Systems (HIDS),
- Network security appliances and networking devices and associated management software,
- A variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, Security Appliances),Computer Incident Response Centre (CIRT), Computer Emergency Response Team (CERT)
- Computer forensics tools (stand alone, online and network)
- Computer security tools (Vulnerability Assessment, Antivirus, Protocol Analysis, AntiVirus, Protocol Analysis, AntiSpyware, etc.),
- Secure web design and development,
- Military communication systems and networks,
- Network, system and application level troubleshooting techniques.
- Personal Attributes
- Ability to manage workload for themselves in pressurised environments to Time, Quality and Standards
- Ability to communicate technical solutions to both technical and nontechnical audiences
- Security clearances to SC minimum (NATO SECRET required)
- Ability to mentor staff
- Ability to work on International Assignment embedded in customer location in mainland Europe
- Ability to become SC/DV/NS cleared.
- This is an office based project role using a variety of equipment including display screen equipment, working full time hours which can often be in a demanding environment.
- Travel is required in mainland UK and throughout Europe.
Why join Leonardo?
At Leonardo, we believe that our employees work best when they are able to achieve balance between work and other aspects of life. That's why we are committed to designing policies and developing a working environment that promote the benefits and well-being of all our employees.
We want to support you and encourage you to fulfil your potential through:
- Flexible working and additional flex-leave schemes: We offer our employees the time and flexibility they need to enjoy a balanced life.
- Annual leave: We offer 25 days holiday plus bank holidays.
- Learning & Development: We help assess your development needs in line with the role you wish to perform, and allow you to further develop your knowledge.
- Award-winning pension scheme: Our multi-award-winning pension scheme includes generous employer contribution.
- Employee discount schemes: We offer you and your family an attractive range of discounts from retail and cinema to hotel bookings and vehicles benefits.
- Generous relocation package: We offer an excellent package to ease the move for people relocating for work.
- Maternity leave: We have very flexible working arrangements and advantageous Maternity Policy
- Free parking: This is available on or near all our sites.
- Reserve Forces: We provide positive support to the Reserve Forces and allow employees who are Reservists to take additional time off.
- Salary sacrifice schemes including childcare voucher scheme: We encourage working parents to save money on childcare by offering them several advantageous facilities and vouchers.
- Paternity, parental, adoption and dependent leave: We care to ensure that we consider every aspect of your needs. All these policies are covered as part of our Work-Life Balance Policy.
- Career break: Where appropriate, we support our employees in pursuing other interests outside the workplace.