Shift Lead Senior SOC Analyst - National Security
Location(s): UK, Europe & Africa : UK : Leeds
BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.
About the role
BAE Systems Digital Intelligence have been contracted to undertake the day to day operation of (and incremental improvement of) a dedicated Security Operations Centre (SOC) to support the defence of a major UK CNI organisation. The networks protected are predominantly hosted in Azure and AWS cloud platforms, with many hundred systems within these environments that must be protected. The customer is committed to development of this improved SOC to be a benchmark of best practice and excellence in reflection of the significant threat that the protected systems are subject to.
The SOC is staffed by a blend of customer and BAE Systems staff, based in multiple locations, but with the day to day operations based from our Leeds office.
We are looking for additional Senior SOC Analysts who will act as shift leads. These are ‘hands-on’ shift based roles, working as part of a 24/7 operation with four shift teams working in a standard rotation. You will be responsible for utilising the SOC’s SIEM and SOAR toolsets to detect and investigate potential Security and Service Incidents occurring within the monitored networks.
These roles require a minimum of SC clearance and candidates need to be prepared to undergo DV clearance.
Due to the nature of the SOC contract, these roles are office based full-time.
- Manage the shift and liaise with the Operations manager to agree leave and training in line with minimum staffing levels.
- Ensure that the shift handover brief is prepared and delivered to the incoming shift
- Monitor, triage, analyse and investigate alerts, log data and network traffic using the Protective Monitoring platform and Internet resources to identify cyber-attacks / security incidents.
- Categorise all suspected incidents in line with the Security Incident policy
- Recognise potential, successful and unsuccessful intrusion attempts and compromises through reviews and further analysis of relevant event detail and incident summary information.
- Write up high quality security incident tickets using a combination of existing knowledge resources and independent research.
- Assist with remediation activities and conduct permitted remediation (or support customer stakeholders) to inhibit cyber-attacks, clean up IT systems and secure networks against repeat attacks.
- Produce security incident review reports to present information about the security incident and provide security improvement recommendations based on the security incident review.
- Understand Threat Intelligence and its use in an operational environment
- Support incident response to national scale incidents in a coaching capacity
- Work with other teams within BAE to improve services on the basis of customer needs.
- Produce new workflows for automation into SOAR tools for common attack types.
- Continually improve the service and review use cases and propose changes and enhancements in line with the changing threat.
Skill and experience required
- Basic Python and/or scripting skills, Windows, OS X, and Linux
- Experience using Splunk and Sentinal
- Working with a range of security tooling/technology
- Strong understanding of security architecture, in particular networking
- Detailed understanding of threat intelligence and threat actors, TTPs and operationalising threat intelligence.
- Experience in investigating complex network intrusions (by state-sponsored groups or targeted ransomware attacks).
- Understand TCP/IP component layers to identify normal and abnormal traffic
- Understanding of AWS &/or Azure cloud services
- Experience of Splunk (with ES) &/or Sentinel, content development experience desirable
- Client side consulting, including stakeholder engagement and the ability to communicate insights and concepts to others (including briefing skills and report writing)
- Coaching mindset: the longer term role is not to do the job for the customers, but to mentor them to do it themselves.
- Security process development
- Able to understand and adapt to different cultures and hierarchical structures.
- Self-starter and capable of independent working
- Team player and adept at working in multi-disciplinary and diverse teams
- Software engineering experience
- Penetration testing skills
Life at BAE Systems Digital Intelligence
We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day.
By embracing technology, we can interact, collaborate and create together, even when we’re working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well-being.
Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds – the best and brightest minds – can work together to achieve excellence and realise individual and organisational potential.
Division overview: Capabilities
At BAE Systems Digital Intelligence, we pride ourselves in being a leader in the cyber defence industry, and Capabilities is the engine that keeps the business moving forward. It is the largest area of Digital Intelligence, containing our Engineering, Consulting and Project Management teams that design and implement the defence solutions and digital transformation projects that make us a globally recognised brand in both the public and private sector.
As a member of the Capabilities team, you will be creating and managing the solutions that earn us our place in an ever changing digital world. We all have a role to play in defending our clients, and this is yours.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
More jobs like this
Madrid, Spain Madrid, Spain Full TimeSenior Senior-levelUSD 60K - 112K * USD 60K+ *
Senior Support Operations - Program Manager - Vulnerability ManagementAgile Analytics Automation Compliance Computer Science Data Analytics +7
Career development Equity Fitness / gym Flex vacation Insurance +2
Kyiv, Kyiv city, Ukraine … Kyiv, Kyiv city, Ukraine - Remote Full TimeSenior Senior-levelUSD 42K - 78K * USD 42K+ *
Junior Web Analyst for anti-malware product - Remote/WorkAnywhereCloud Linux Malware Privacy
Career development Flex hours Flex vacation Medical leave Unlimited paid time off
Martlesham Heath, Ipswich, United … Martlesham Heath, Ipswich, United Kingdom Full TimeSenior Senior-levelUSD 60K - 112K * USD 60K+ *
Senior Manager- Future Cyber DefenceAnalytics Artificial Intelligence Computer Science Strategy
Career development Competitive pay Flex hours Salary bonus Team events
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Consultant infrastructure sécurité H/F jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Product Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Ingénieur DevSecops H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Security Specialist jobs
- Open Senior Cyber Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Analytics-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs
- Open IDS-related jobs
- Open CI/CD-related jobs
- Open APIs-related jobs
- Open Splunk-related jobs