Cyber Intel Analyst
Job Reference:
LM People Job Code/Title:
Location:
Programme / Functional Group:
ISGS11483
E2552I / Cyber Intel Analyst
Farnborough
IS&GS - Security and Defence - Various
Description of Business Environment:
The Lockheed Martin UK Commercial Markets team deliver cyber security programmes
to public and private sectors in UK and Europe. Supporting these programmes, the
Cyber Analysts play a crucial role in delivering subject matter expertise in the area of
Computer Network Defence to customers
Specific Job Description:
The position responsibilities include, but are not limited to: Incident Response (aiding
customers and working under an Incident Lead throughout the incident response
processes), forensic analysis (handling compromised machines and supporting data to
identify malicious activity), developing thorough incident reports, delivering threat &
awareness/education briefings, coordination of process development & technical writing,
Cyber training, dealing with external entities/interfaces and supporting Customer
capability
The successful candidate will be required to be able to utilise security data provided
from various customer based sources (IDS, routers, SIEMS, firewalls, hosts) as well as
external data sources (Industry portals, mailing lists, newsgroups, etc) to both establish
and maintain understanding of the current threat landscape allowing for the
recommendations of effective mitigations, and reviewing appropriate data sources for
indications of adversary activity.
The position requires moderate understanding of networking, system administration,
digital forensics, architectures and security elements to include, but are not limited to:
•
Firewalls
•
Intrusion detection systems
•
Routers
•
Proxies
The candidate must also have the ability to quickly learn new analysis techniques with
guidance from other senior team members, and is required to successfully research and
maintain proficiency in tools, techniques and countermeasures.
Strong communication skills (both written and verbal), customer service and teaming
skills (both internally and with external agencies) are utilised extensively on a daily
basis. The Cyber Intelligence Analyst is also required to produce cohesive technical
intelligence reports. Ability to obtain a UK security clearance and to adhere to the
highest standards of ethics and professional conduct are an absolute must.
The candidate will be expected learn how to effectively employ the processes and tools
used within the Lockheed Martin UK Cyber Practice to detect and respond to the
Advance Persistent Threat (APT) and other sophisticated threats.
The successful candidate will:
•
Contribute to the Incident Response process,
•
Be part of the UK Cyber Practice and provide support to:
o Commercial Contract Work
o Incidents
o Incident escalation
o Incident communication
o Incident tracking
•
Support the Kill Chain process by applying the LM intelligence based response
process to understand how derived intelligence is translated into cost effective actions to
improve security posture;
•
Provide support to the Security Intelligence Centre:
•
Contribute to ancillary duties as needed such as updating process
documentation, tool evaluations.
Required Skills:
•
Unix/Linux background & related work experience
•
Host and network based forensics experience
•
Familiarity with information security tools and processes
•
Ability to obtain and maintain a UK Security Clearance
•
Ability and willingness to travel overseas for prolonged periods of time
Desired Skills
•
Relevant Professional Certifications
•
Programming/scripting experience, specifically Python
•
Tools proficiencies
•
Demonstrated excellent customer service and teaming skills
•
Understanding of networking, system administration, architectures and security
elements
•
Strong communication skills (both written and verbal)
Standard Job Description:
Responsible for maintaining the integrity and security of enterprise-wide cyber systems
and networks. Supports cyber security initiatives through both predictive and reactive
analysis, articulating emerging trends to leadership and staff. Coordinates resources
during enterprise incident response efforts, driving incidents to timely and complete
resolution. Employs advanced forensic tools and techniques for attack reconstruction,
including dead system analysis and volatile data collection and analysis. Supports
internal HR/Legal/Ethics investigations as forensic subject matter expert. Performs
network traffic analysis utilising raw packet data, net flow, IDS, and custom sensor
output as it pertains to the cyber security of communications networks. Reviews threat
data from various sources and develops custom signatures for Open Source IDS or
other custom detection capabilities.
Correlates actionable security events from various sources including Security
Information Management System (SIMS) data and develops unique correlation
techniques. Utilizes understanding of attack signatures, tactics, techniques and
procedures associated with advanced threats. Develops analytical products fusing
enterprise and all-source intelligence. May conduct malware analysis of attacker tools
providing indicators for enterprise defensive measures, and reverse engineer attacker
encoding protocols. Interfaces with external entities including law enforcement
organizations, intelligence community organizations and other government agencies
such as the Department of Defence.
Typical Minimum Education & Experience:
Ideally require a Bachelors degree from an accredited college and capability typically
achieved through proven professional experience. Will also consider individuals with
equivalent experience / combined education.
Considered experienced, but still a learner.