SOC Engineering Lead in London

BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.

BAE Systems are bidding to undertake the day to day operation of (and incremental improvement of) a dedicated Security Operations Centre (SOC) to support the defence of a major UK CNI organisation. The networks protected are predominantly hosted in Azure cloud platforms, with many systems within these environments that must be protected. The customer is committed to development of this improved SOC to be a benchmark of best practice and excellence in reflection of the significant threat that the protected systems are subject to. The SOC will be staffed by a blend of customer and BAE Systems staff, based in multiple locations, but with the day to day operations both remotely and in the customer’s premises. These roles require a minimum of SC clearance. Due to timelines for the start of operations, it will not be possible to sponsor new clearances so candidates must have existing clearances.

The SOC Engineering lead is responsible for planning and managing development, testing and implementation activities for both day to day activities - delivering new / updated rules and analytics for the Azure SIEM and SOAR platforms, and production of playbooks leading the Analytics and Rules (A&R) Teams prioritising and coordinating their activities across the various projects / releases – as well as long term improvement upgrades and activities. The day-to-day focus of the Engineering team which you will manage day to day is working with the Protective Monitoring, Threat Intelligence and wider SOC operations Teams to scope and define the requirements for tuning existing security use cases and creating new detection content. This includes planning each release and overseeing all design, development, testing and implementation activities. The strategic focus of the Engineering Lead is to ensure that the detection and monitoring technology remains optimised, current and tailored to the changing threat landscape, authority risk position and technology in use.

The SOC Engineering Lead is an IT and cyber technical specialist with deep knowledge of the Cyber Monitoring technologies and cyber threat tools, tactics, techniques and procedures and demonstrable experience of prior SOC Engineering roles of a similar nature, with clear understanding of how engineering impacts the people and process aspects of a SOC.

Responsibilities

• You will help grow and evolve the customer SOC capability by documenting the platforms, feeding back lessons learned and working with the wider team in establishing best practices and repeatable engineering processes.
• You will feed back requirements that you have captured during the project continually to appropriate customer and BAE Systems management teams to help to steer the SOC roadmap.
• You will work with technical project managers, engineers, solution architects, as well as the end-customer senior stakeholders. Given the CNI client focus of this role, flexibility in our designs and delivery methodologies is essential to ensure timely and potentially safety complaint delivery to the customer’s satisfaction.
• Oversee deployment / implementation activities ensuring that entry criteria are met, all planned activities are completed and that rollback plans are initiated where required.
• Develop, test and deploy updated and new content across the monitored estate in liaison with the Operations teams.
• Take playbooks from the wider SOC teams, develop technical aspects, seek approval, and deploy - sometimes directly and sometimes as a mentor to the team.
• Accountable for the maintenance of existing detection content to ensure it remains current and relevant to the monitored estate.
• Assess the effectiveness of new / updated rules and analytics to feed into future development activities.
• Review and approve all required documentation as part of a release or change including design, deployment, configuration and administration guides.
• Oversee and remain responsible for the maintenance of underlying Azure and off-Azure infrastructure related to the SOC.
• Obtain authorisation for implementing releases and changes through the Change Management process for ICT and SOC component changes.

Requirements

Technical

• Strong knowledge of how Azure security functions work as security controls as well as detection tools to protect large cloud estates; Produce content and playbooks on Sentinel to detect security breaches and recognise the importance of threat led Use Cases.
• Knowledge of SIEM/SOAR tools (Sentinel at a minimum) and other appropriate tooling e.g. SOAR, Threat Intelligence, traffic analysis tools etc. to identify signs of an intrusion, and advise where new/improved tooling could enhance the SOC operation.
• Deep knowledge and experience of operational ICT service delivery management.
• Working with a range of security tooling/technology.
• Strong understanding of security architecture, in particular networking.
• Detailed understanding of threat intelligence and threat actors, TTPs and operationalising threat intelligence.
• Understand TCP/IP component layers to identify normal and abnormal traffic.
• Experience of undertaking SOC Analyst activities would be beneficial.
• Experience developing wider SIEM/SOAR content highly desirable.

Non-technical

• Client side consulting, including stakeholder engagement and the ability to communicate insights and concepts to others (including briefing skills and report writing).
• Team Leadership.
• Coaching mindset – help and mentor team.
• Security process development.
• Able to understand and adapt to different cultures and hierarchical structures.
• Self-starter and capable of independent working.
• Team player and adept at working in multi-disciplinary and diverse teams.

We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day. By embracing technology, we can interact, collaborate and create together, even when we’re working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well-being. Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds – the best and brightest minds – can work together to achieve excellence and realise individual and organisational potential.