Junior SOC Analyst – Leeds – National Security West
Location: Leeds, United Kingdom.
BAE Systems Digital Intelligence provides cyber and intelligence solutions across 10 countries. We operate a dedicated Security Operations Centre (SOC) to support a major UK Critical National Infrastructure (CNI) organisation, with day‑to‑day operations based in Leeds.
The SOC is a 24/7, shift‑rotated team that uses SIEM and SOAR to detect and investigate security incidents. Candidates must hold a current SC clearance and be eligible for DV clearance.
Responsibilities
* Monitor, triage, analyse and investigate alerts, log data and network traffic using the protective monitoring platform and internet resources.
* Categorise all suspected incidents in line with the Security Incident policy.
* Recognise potential intrusion attempts and compromises through reviews and analysis of event detail.
* Write high‑quality security incident tickets using existing knowledge resources and independent research.
* Assist with remediation activities or support customer stakeholders to inhibit cyber‑attacks and secure networks.
* Produce security incident review reports and recommend improvements.
* Understand threat intelligence and apply it in an operational environment.
* Support incident response to national‑scale incidents in a coaching capacity.
* Work with other BAE teams to improve services based on customer needs.
Requirements
Technical Skills
* Basic Python or scripting, familiarity with Windows, macOS and Linux.
* Experience with Splunk and Sentinel.
* Working knowledge of security tooling and technology stacks.
* Strong understanding of security architecture, particularly networking.
* Deep knowledge of threat intelligence, threat actors, TTPs and operationalising intelligence.
* Experience investigating complex network intrusions (state‑sponsored or ransomware).
* Understanding of TCP/IP stack layers to identify normal and abnormal traffic.
* Knowledge of AWS and/or Azure cloud services.
* Experience with Splunk Enterprise Security and Sentinel, content development desirable.
Non‑Technical Skills
* Client‑side consulting, stakeholder engagement and clear communication.
* Security process development.
* Ability to adapt to diverse cultures and hierarchical structures.
* Self‑starter capable of independent work.
Desirable
* Software engineering experience.
* Penetration testing skills.
Benefits
Hybrid working: flexible mix of office, home and client sites. Referral bonus of £5,000.
#J-18808-Ljbffr