Cyber Defence Analyst

The Cyber Defence Analyst will be expected to contribute to the growth and development of the CSOC.  You will work with a wide variety of stakeholders to ensure, the Leidos CSOC, a Defensive Cyber Security capability, can support a customer’s Cyber Resilience, protecting them with a 24 x 7 Threat Detection and Response service, mitigating their risk of Cyber Attack.

The successful candidate will be able to demonstrate experience from a CSOC background or be able to demonstrate sufficient transferable Cyber Security knowledge, qualifications, aptitude, and passion to quickly learn the Cyber Defence Analyst role. 

To succeed in the role the candidate must be capable of working under pressure, delivering on multiple customer accounts and have an appetite to progress and develop their own Cyber Security career.  The role will be working within the CSOC, adhering to a matrix managed environment, reporting operationally to the CSOC Lead and accountable to the CSOC Manager.

What will I be doing?

• Maintain the integrity and security of Cyber Security systems and networks.
• Support Cyber Security initiatives through both predictive and reactive analysis, articulating emerging trends to leadership and staff.
• Use data collected from Cyber Defence tools firewalls, IDS, network traffic, UEBA (User Entity Behaviour Analysis), Security Orchestration and Automated Response (SOAR) etc. to analyse events that occur within the environments.
• Respond to and correlate alerts from various detective and preventative Cyber Security tools such as Security Information Event Monitoring (SIEM), End Point Protection (EPP), End Point Detection and Response (EDR), XDR (Extended DR), Web Application Firewall (WAF), and Firewalls.
• Proactively detect suspicious activity, vulnerabilities, and security misconfigurations before they can be exploited by adversaries impacting Confidentiality, Integrity and Availability which could lead to a Cyber Security Incident.
• Inspection and correlation of logs from multiple sources to identify repeating patterns and Indicators of Compromise (IOC).
• Continuously scan the Threat Horizon to report and classify Threats according to impact which could potentially damage a client’s network or solution.
• Engage with various security communities to review and share knowledge on IOC’s and Threats.
• Follow and develop the Cyber Security Incident Response Process.
• Follow and develop Playbooks.
• Apply Cyber Security Incident Prioritisation Criteria to classify and rate Cyber Security Incidents.
• Define and coordinate the application of countermeasures to mitigate Threats which can be used in action plans to respond to Cyber Security Incidents
• Ensure confidentiality and discretion is practiced when dealing with multiple clients to demonstrate professionalism and evidence their information is not shared with others.
• Run Vulnerability Assessment tools to measure compliance with security updates and security patches.
• Member of a Team who are responsible for making multiple daily CSOC checks to detect and respond to suspicious activity or alerts.
• Concisely and with detail record the events of a Cyber Security Incident and their own actions to deliver an effective handover during shift changes.
• Strive to continuously improve CSOC processes and procedures.
• Collaborate closely with stakeholders from other Technology stacks to contribute to the Cyber Security Incident Response.
• As part of a team perform table top scenarios and produce lessons learned.

What does Leidos need from me?

• Experience of Sentinel, Microsoft XDR and Microsoft Defender variants, and Elastic Security, or displays aptitude to learn how to work with a SIEM.
• Experience and knowledge of SIEM tools, Cyber Security Incident Response, Vulnerability Management and Cyber Threat Intelligence.
• Experience of investigating Cyber Security incidents and supporting root cause analysis or can demonstrate transferable skills and acumen to learn and excel at it.
• Understanding of the Confidentiality, Integrity, and Availability (CIA) triad.
• Understanding of current trends for malware, ransomware and Advanced Persistent Threats affecting Cloud Platforms and On-Premises solutions.
• Experience of working with the disciplines of a Change Controlled environment.
• An understanding of the OSI 7 network layers.
• An understanding of the TCP/IP network layers.
• An understanding of network and boundary protection controls for both Cloud and On-Premises solutions including but not limited to Firewalls, Network Access Control Lists, Network Security Groups, DDoS Protection, VPN’s, Mail Gateways, Web Proxies, Load Balancers including Web Application Firewalls, Intrusion Prevention System, and Intrusion Detection Systems.

Communication and Soft Skills

• Good verbal and written communication skills required for hand overs, reports, and documenting events during a Cyber Security Incident.
• Positive and initiative-taking attitude, a collaborator, works well in a team environment, open to taking feedback to learn, able to cope with team dynamics with differing viewpoints and can also work with minimal supervision.
• Ability to build strong relationships with customers and internal stakeholders.
• Ability to logically analyse a problem and identify a plan to fix or remediate.
• Ability to track market trends and suppliers to keep at the forefront of Cyber Security Technology.
• Ability to manage multiple streams of work, prioritising, and escalating, as necessary.
• An initiative-taker who can see past obstacles driving a solution through to completion.
• Agility and flexibility to cover shifts at short notice to ensure the CSOC can continue to protect its customers

Desirable

• Exposure to working on or within HMG classified systems or programs

Clearance Requirements:

• Due to the nature of the work candidates must be British and non-dual national
• Candidates will need to be eligible to hold DV clearance
• Clearance to start role: SC