Job Title: SOC Engineering Lead
Location: London, UK
Grade: GG11
Referral Bonus: £5,000
Overview
BAE Systems are bidding to undertake the day‑to‑day operation of (and incremental improvement of) a dedicated Security Operations Centre (SOC) to support the defence of a major UK CNI organisation. The networks protected are predominantly hosted in Azure cloud platforms, with many systems within these environments that must be protected. The customer is committed to developing this improved SOC to be a benchmark of best practice and excellence, reflecting the significant threat that the protected systems face.
The SOC will be staffed by a blend of customer and BAE Systems staff, based in multiple locations, with day‑to‑day operations both remotely and on the customer’s premises. These roles require a minimum of SC clearance; sponsorship for new clearances is not possible, so candidates must have existing clearances.
As SOC Engineering Lead, you will plan and manage development, testing and implementation activities for day‑to‑day operations—delivering new or updated rules and analytics for the Azure SIEM and SOAR platforms—and produce playbooks leading the Analytics and Rules (A&R) Teams. You will also prioritise and coordinate activities across various projects and releases, and drive long‑term improvement upgrades and activities.
The engineering team you will manage works with Protective Monitoring, Threat Intelligence and wider SOC operations to scope and define requirements for tuning existing security use cases and creating new detection content. You will plan each release and oversee design, development, testing and implementation.
Responsibilities
* Grow and evolve the customer SOC capability by documenting platforms, feedback lessons learned and working with the wider team to establish best practices and repeatable engineering processes.
* Work with technical project managers, engineers, solution architects and end‑customer senior stakeholders; flexibility in designs and delivery methodologies is essential for timely, safety‑compliant delivery.
* Oversee deployment/implementation activities, ensuring entry criteria are met, all planned activities are completed and rollback plans are initiated where required.
* Develop, test and deploy updated and new content across the monitored estate in liaison with Operations teams.
* Take playbooks from wider SOC teams, develop technical aspects, seek approval and deploy—directly or as a mentor to the team.
* Accountable for maintenance of existing detection content to keep it current and relevant.
* Assess effectiveness of new/updated rules and analytics to inform future development.
* Review and approve all required documentation for releases or changes, including design, deployment, configuration and administration guides.
* Oversee and remain responsible for maintenance of underlying Azure and off‑Azure infrastructure related to the SOC.
* Obtain authorisation for implementing releases and changes through the Change Management process for ICT and SOC component changes.
Requirements – Technical
* Strong knowledge of Azure security functions and detection tools for large cloud estates; produce content and playbooks on Sentinel to detect security breaches.
* Knowledge of SIEM/SOAR tools (Sentinel at a minimum) and other appropriate tooling such as SOAR, Threat Intelligence, traffic analysis tools to identify intrusion signs.
* Deep knowledge and experience of operational ICT service delivery management.
* Experience working with a range of security tooling/technology.
* Strong understanding of security architecture, especially networking.
* Detailed understanding of threat intelligence and threat actors, TTPs and operationalising threat intelligence.
* Understand TCP/IP component layers to identify normal and abnormal traffic.
* Experience undertaking SOC Analyst activities would be beneficial.
* Experience developing wider SIEM/SOAR content highly desirable.
Requirements – Non‑Technical
* Client‑side consulting, including stakeholder engagement and ability to communicate insights and concepts, briefing skills and report writing.
* Team leadership.
* Coaching mindset – help and mentor team.
* Security process development.
* Ability to understand and adapt to different cultures and hierarchical structures.
* Self‑starter and capable of independent working.
* Team player adept at working in multidisciplinary and diverse teams.
Why BAE Systems?
This is a place where you’ll be able to make a real difference. You’ll be part of an inclusive culture that values diversity, rewards integrity, merit and where you’re empowered to fulfil your potential. BAE welcomes candidates from all backgrounds, particularly those under‑represented in industry – women, ethnic minorities, people with disabilities and LGBTQ+ individuals. Recruitment processes are inclusive; if you have a disability or health condition that may affect assessment, speak to a recruiter about reasonable adjustments.
PLEASE NOTE
You're expected to have completed 12 months in role prior to applying for an advertised vacancy and you should also discuss the internal opportunity with your line manager to ensure sustained business continuity and further support your career development. If you can’t talk to your line manager, contact your HR Business Partner.
Should you be invited for interview, you will give consent for the Recruitment team to contact you and your line manager regarding your application. This vacancy is eligible for the UK Employee Referral Scheme. Amount: £5,000.
Life at BAE Systems Digital Intelligence
We embrace Hybrid Working. You may work from home, another BAE Systems office or client site, at different times of day. Technology enables collaboration across locations. Hybrid Working increases flexibility and work-life balance.
Diversity and inclusion are integral to our success. We celebrate varied perspectives, skills and life experiences and strive for excellence together.
Division Overview: Government
We are a leader in cyber defence, with many decades of experience in Government and key infrastructure contracts. These networks are critical to defend; breaches could be devastating. As part of the Government business unit, you will defend the connected world and protect our clients.
Seniority Level
* Mid‑Senior level
Employment Type
* Contract
Job Function
* Engineering and Information Technology
* Defense and Space Manufacturing
EEO Statement
BAE is an equal opportunity employer. We welcome candidates from all backgrounds, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals.
#J-18808-Ljbffr