Cyber Threat Analyst - National Security West

BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.

BAE Systems have been contracted to undertake the day-to-day operation of (and incremental improvement of) a dedicated Security Operations Centre (SOC) to support the defence of a major UK Critical National Infrastructure (CNI) organisation. The networks protected are predominantly hosted in cloud platforms, with many hundred systems within these environments that must be protected. The customer is committed to development of this improved SOC to be a benchmark of best practice and excellence in reflection of the significant threat that the protected systems are subject to. This role requires a minimum of SC clearance with the potential for DV Clearance in the future. This role reports to the Delivery Lead/PMO.

The Role

• Responsible for and capable of independently creating Threat Hunt Hypotheses, running Threat Hunts at a regular cadence.
• Responsible for and capable of translating Threat Hunt Hypotheses into KQL Queries, running those KQL queries and then independently triaging the results.
• Experienced with and have sufficient knowledge of attacker TTP’s.
• Have a deep understanding of Advanced Persistent Threat groups and the ability to conduct in-depth research.
• Able to independently verify the results of Threat Hunts, refining the queries where necessary.
• Experienced in Incident Response and Management.
• Responsible for the quality of all Threat Hunt Reports, ensuring that output is delivered at the highest possible standard.
• Responsible for ensuring that all relevant process is effectively documented and regularly reviewed.
• Responsible for providing well-reasoned and sound analysis, context and predictions into relevant deliverables.
• Responsible for assessing the maturity of the function within the client and identifying areas for improvement, productising those improvements and delivering them.
• Be a point of contact for intrusion analysis, forensics and Incident Response queries.
• Able to provide root cause analysis of non-standard analytic findings and anomaly detections for which a playbook does not yet exist.
• Responsible for ensuring that during times of reduced capacity that all ADHOC and regular products are completed and are at a sufficient quality for distribution.
• In-depth knowledge of the various techniques and frameworks used within the Cyber Threat Intelligence Domain, including the Cyber Kill Chain and MITRE ATT&CK.
• Development of new analytics and playbooks that result in creation of new detection rules/analytics.

Requirements

Technical

• 3+ years’ experience in Cyber Threat Intelligence, and conducting research and investigating cyber threats in a technical capacity.
• Experience in technical incident response and management.
• An expert understanding of current and emerging threats related to government and CNI.
• Demonstrate a high-level knowledge of Windows operating systems and the Azure Landscape.
• Demonstrate a high-level knowledge of core networking concepts and technologies.
• Demonstrate a high-level knowledge of and experience operating within cloud platforms.

Non-Technical

• Bachelor’s Degree in Cybersecurity, Computer Science or equivalent.
• Experience in a SOC/Threat Intelligence/Vulnerability Management field.
• Excellent written and verbal communication skills with the ability to communicate the risk, potential impact and importance of detailed technical information to non-technical and senior stakeholders.
• Team player and adept at working in a multi-disciplinary and diverse team.
• Self-motivated and motivates others, keeping morale and performance high.
• Ability to mentor others.

Desirable Qualifications:

• Degree-level education in Cyber Security or related area.
• SANS GNFA, GCIH, GCIA, GCTD CySA+ AWS – Cloud Essentials, Security.
• EC-Council Certified Ethical Hacker or demonstrable equivalent experience.

We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day. By embracing technology, we can interact, collaborate and create together, even when we’re working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well-being.

Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds – the best and brightest minds – can work together to achieve excellence and realise individual and organisational potential.