Countermeasure Analyst

Welcome to Haleon. We’re a purpose-driven, world-class consumer company putting everyday health in the hands of millions. In just three years since our launch, we’ve grown, evolved and are now entering an exciting new chapter – one filled with bold ambitions and enormous opportunity.
Our trusted portfolio of brands – including Sensodyne®, Panadol®, Advil®, Voltaren®, Theraflu®, Otrivin®, and Centrum® – lead in resilient and growing categories. What sets us apart is our unique blend of deep human understanding and trusted science.
Now it’s time to fully realise the full potential of our business and our people. We do this through our Win as One strategy. It puts our purpose – to deliver better everyday health with humanity – at the heart of everything we do. It unites us, inspires us, and challenges us to be better every day, driven by our agile, performance-focused culture.

Responsibilities:

This position is critical to protecting Haleon’s corporate assets and managing its day-to-day operational cyber security defences. It involves the proactive, in-depth analysis of sophisticated threat actors in order to develop and implement countermeasures. It requires an understanding of the adversary’s tactics, techniques and procedures at a deep, technical level, moving beyond traditional security monitoring. The primary goal is to shift the company’s security posture from reactive defence to proactive, adversary-centric operations.

The position holder will:

• Define and execute threat hunts to search for undetected malicious activity within the organisation’s IT and OT environments.
• Develop hypotheses, methodologies and tooling to proactively search for indicators of compromise (IOCs) and indicators of attack (IOAs) that evade automated defences.
• Support Red team activities that simulate realistic, multi-layered attacks against the organisation’s people, processes and technology, thereby rigorously testing the effectiveness of the Security Operations / Cyber Incident Response Teams.
• Detect and neutralises advanced threats in the early stages of the kill chain, minimising breach impact and improving overall organisational resilience.
• Supports the tuning of all security tooling and the development of bespoke correlation rules / use cases aligned to business operations, internal risk profiles and current threat intelligence. Define high-fidelity detection signatures, behavioural analytics, and security control policies to specifically counter known and emerging adversary tactics.
• Be a key member of the Cyber Incident Response Team (CIRT) during major cyber incidents.
• Establish and maintain relationships with other investigation and remediation teams within the company, working closely with them to address the full spectrum of security issues.
• Undertake efforts in developing security awareness training for the broader organisation.
• Tackle complex, evolving cybersecurity challenges requiring innovation and adaptability.
• Make high-stakes decisions under pressure, balancing rapid response with thorough investigation.
• Collaborate with Threat Intelligence to groom threat feeds and help translate findings.

The role requires a deep understanding of the cybersecurity landscape, including industry-specific threats and compliance requirements. It also requires a strategic knowledge of the business environment, regulatory landscape, and competitor capabilities. They holder must also be able to navigates regulatory requirements, emerging technologies, and human factors in cybersecurity.

Required Skills and Experience:

• Three years in cybersecurity, with some experience of responding to significant cyber incidents involving Organised Crime and Nations State threat actors.

Preferred Skills and Experience

• Bachelor’s degree in Computer Science, Cyber Security or related field (or equivalent experience).
• Experience of working in a Cyber Security Operations Centre.
• Experience working across international manufacturing.
• Understanding of security controls and how they are used to detect and respond
• Knowledge of common network protocols, edge routing technologies, firewall/IDS/IPS, SIEM, EDR/XDR.
• Ability to communicate complex problems succinctly.
• Ability to work within a team environment, sharing workload and responsibility.
• CISSP, GCIA, GCDA, GSOC, GCIH.

 Job Posting End Date

Haleon are committed to mobilising our purpose in a way that represents the diverse consumers and communities who rely on our brands every day. It guides us in creating an inclusive culture, where different backgrounds and views are valued and respected – all in support of understanding and best serving the needs of our consumers and unleashing the full potential of our people. It’s important to us that Haleon is a place where all our employees feel they truly belong.
During the application process, we may ask you to share some personal information, which is entirely voluntary. This information ensures we meet certain regulatory and reporting obligations and supports the development, refinement, and execution of our inclusion and belonging programmes that are open to all Haleon employees. 
The personal information you provide will be kept confidential, used only for legitimate business purposes, and will never be used in making any employment decisions, including hiring decisions.

If you require a reasonable adjustment or accommodation or other assistance to apply for a job at Haleon at any stage of the application process, please let your recruiter know by providing them with a description of specific adjustments you are requesting. We’ll provide all reasonable adjustments to support you throughout the recruitment process and treat all information you provide us in confidence. 

The Haleon recruitment team will contact you using a Haleon email account (@haleon.com). If you are not sure whether the email you received is from Haleon, please get in touch.