Front Line Analyst - National Security - Leeds

BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.

Job Description:

• Conducting Cyber Security Monitoring to detect hacking/malware intrusion attempts against customer IT.
• Full triage of detection alarms to accurately identify the cause of the alarm, be it active infection, attempted intrusion or a clear reason for false positive.
• Conduct full “Identification” of any detected attacks (successful or failed) to understand and document the source of the attack, the Techniques, Tactics and Procedures (TTPs) used in the attack from start to finish and the extent (breadth and depth) of the attack.
• Capturing/documenting full attack chain details of detected attacks (successful and failed) and feeding them back into detection capability.
• Responsible for ensuring monitoring effectiveness and efficiency via the creation and updating of SIEM/SOAR playbooks, in line with changing attacker techniques tactics and procedures (TTP’s).
• Use Intrusion Analysis skills and experience to provide input to new detection techniques and research new detection capabilities produced by Industry.
• Ad-hoc communications with government or commercial security operations centres as part of root-cause analysis.
• Creation of low-medium complexity KQL analytics and hunt queries, conducting IOC and anomaly-based threat hunts, including root cause identification of findings.
• Identification and tagging of incorrect alert logic/high false positive detection rules for the attention of senior analysts.
• Consume Threat Intelligence from internal and partner tools and transform into actionable hunting and detections.
• Coaching of junior analysts and colleagues when required.
• Lead Threat Hunting workgroups during Hunting Events for specific complex TTPs, across multiple industries and departments.
• Deliver ad-hoc training/workshops intra-org which encourage User Awareness of security risk, and uplift other team members with new knowledge.
• Provide daily SITREPs to local teams regarding attacker activity.
• Knowledge of Intrusion Analysis on Windows end user devices and servers.
• Knowledge of Intrusion Analysis on Azure, including attacker methods of ‘living off the cloud’ such as use of Microsoft Graph API, app registrations and managed identities.
• Ability to quickly research and learn about new tools and techniques.
• Good working knowledge of MITRE ATT&CK Framework.
• Good working knowledge of networking concepts & protocols (TCP/IP, UDP, DNS, DHCP, HTTP, etc.).
• Relevant SANS or similar incident response/forensics or host and analysis certifications.
• Understanding of Operating System functionality and operations.
• Develop hypothesis and perform threat hunting in Azure cloud or Windows Device data.

Desirable Qualifications:

• Degree-level education in Cyber Security or related area.
• AWS Cloud Essentials.
• SANS GCIH, GCIA or similar.

We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day. By embracing technology, we can interact, collaborate and create together, even when we’re working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well-being.

Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds – the best and brightest minds – can work together to achieve excellence and realise individual and organisational potential.