Share this Job

Principal (Lead) Cyber Analyst

Date: 09-Nov-2022

Location: Malvern, England, GB

Company: QinetiQ

Role Purpose

Provide technical leadership of operational cyber defence capability to QinetiQ customers, including development, integration, improvement and optimisation of the various components and the overall customer facing capability across threat intelligence, defensive monitoring, threat hunting and incident analysis.


Key Accountabilities

  1. Develop and champion QinetiQ’s operational cyber defend integrated capability, including capability roadmap, to support QinetiQ’s cyber business objectives, taking account of the competitive market environment and in close collaboration with relevant stakeholders.
  2. Lead SOC detection content development capability, spanning cyber security monitoring, threat hunting and end-point detection and response.
  3. Leverage threat intelligence in the creation of bespoke detection content, including SIEM rules, threat hunts and EDR rules.
  4. Develop novel and bespoke approaches to SIEM-based detection and threat hunting with convincing evidenced rationale.
  5. Execute, improve, refine, and document threat hunting playbooks, queries, and visualisations.
  6. Coach and mentor SOC analysts to upskill wider capability.
  7. Lead SOC engagement with key customers at senior level.

        8.Contribute compelling cyber security monitoring, detection and threat hunting solutions to relevant bids.


Key Capabilities/Knowledge

  • Recognised by organisation as an expert in operational proactive and threat informed cyber defend monitoring and detection solutions provided to remote (3rd party) clients as a managed cyber security service
  • Excellent understanding and recognised by organisation as expert in the current cyber threat landscape, technical vulnerabilities, attack methodologies, threat actors and MITRE ATT&CK framework
  • Able to identify evidence, create compelling cases for, and oversee creation of, cyber security monitoring and threat hunting strategies in business and operational contexts that deliver benefits. Able to explain how threat hunting complements and enhances cyber security monitoring.
  • Able to lead cyber security monitoring and threat hunting capability, instilling confidence and earning credibility
  • Good awareness of Security Information and Event Management (SIEM), Big Data and Endpoint Detection & Response (EDR), technologies, and how to write rules and queries for them.
  • Able to identify relevant log sources required for effective content development and threat hunting. Able to create detection content across a wide range of tooling that follows industry best practice.
  • Able to identify suspicious and malicious events by manually reviewing logs, leveraging threat intelligence, and drilling down into further details. Able to deal with ambiguous log events.
  • Able to explain with justification to stakeholders at all levels the limitations in cyber security monitoring and/or threat hunting arising from inadequate log sources
  • Able to work independently, with guidance in only the most complex situations
  • Able to engage effectively with, and contribute to business winning activities such as bid writing.
  • Excellent IT skills, including knowledge of computer networks, operating systems, software, hardware and security
  • Outcome focused senior stakeholder engagement, influence & persuasion skills
  • Collaborate effectively across organisation and externally to achieve required outcomes


Experience & Qualifications



  • STEM degree or equivalent
  • Minimum of 5 years’ relevant experience in a cyber security monitoring environment


  • Experience in different sectors and domains including defence, wider UK Government, critical national infrastructure.
  • Experience leading junior analysts

Why join QinetiQ?

As we continue to grow into new markets around the world, there’s never been a more exciting time to join QinetiQ. The formula for success is our appetite for innovation and having the courage to take on a wide variety of complex challenges.

You’ll experience a unique working environment where teams from different backgrounds, disciplines and experience enjoy collaborating widely and openly as we undertake this exciting and rewarding journey. Through effective teamwork, and pulling together, you’ll get to experience what happens when we all share different perspectives, blend disciplines, and link technologies; constantly discovering new ways of solving complex problems in an diverse and inclusive environment where you can be authentic, feel valued and realise your full potential. Read more about our diverse and inclusive workplace culture here.  

Joining QinetiQ offers you an opportunity to work on a broad range of interesting defence-based projects with vast career progression across a global organisation in addition to competitive personal and professional benefits.  You’ll receive a highly competitive salary and benefits package: our basic salaries are very attractive as we constantly review what’s happening in the market. The range of benefits that we offer include, adaptive and flexible working, generous holiday entitlements, Health Cash Plan, Private Medical Insurance and Dental Insurance and much more. 

About QinetiQ

As a company of over 6,000 dedicated professionals, we are a world-centre of excellence in research and development and act as a catalyst for fast-track innovation, offering outstanding experimentation facilities, and technical, engineering and scientific expertise. QinetiQ is made up of dedicated experts in defence, aerospace, security and related markets, all working together to explore new ways of protecting what matters most. Being part of QinetiQ means being central to the safety and security of the world around us. Partnering with our customers, we help to save lives; reduce risks to society; and maintain the global infrastructure on which we all depend. Come and find out how you can play a role.

Please note that many roles in QinetiQ are subject to national security vetting. Applicants that already hold the appropriate level of vetting may be able to transfer it upon appointment, subject to approval. A number of roles are also subject to restrictions on access to information that mean factors such as nationality, previous nationalities held and the country in which you were born may have an effect on the roles that you can be employed in.