Join to apply for the Lead SOC Analyst - Shift Lead role at BAE Systems Digital Intelligence
2 days ago Be among the first 25 applicants
Join to apply for the Lead SOC Analyst - Shift Lead role at BAE Systems Digital Intelligence
Location(s): UK, Europe & Africa : UK : Leeds
BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.
Job Title: Lead SOC Analyst
Requisition ID: 121667
Location: Leeds
Grade: GG10 - GG11
Referral Bonus: £5,000
Role Description
BAE Systems has been contracted to operate and improve a dedicated Security Operations Centre (SOC) supporting a major UK CNI organisation. The networks are mainly hosted in Azure and AWS cloud platforms, with hundreds of systems to protect. The goal is to develop a SOC that is a benchmark of best practice, reflecting the significant threats faced.
The SOC will be staffed by a mix of customer and BAE staff across multiple locations, with daily operations based in Leeds for network access reasons.
The SOC Analyst roles are hands-on, shift-based roles within a 24/7 operation, responsible for using SIEM tools to detect and investigate security incidents within the monitored networks.
Roles require at least SC clearance and readiness for DV clearance.
Responsibilities
1. Prepare and deliver shift handover briefs.
2. Monitor, triage, analyze, and investigate alerts and logs to identify cyber-attacks/security incidents.
3. Classify suspected incidents per security policies.
4. Recognize intrusion attempts and compromises through detailed review and analysis.
5. Write high-quality security incident tickets using knowledge resources and research.
6. Assist with remediation activities to mitigate cyber-attacks and secure systems.
7. Produce incident review reports with recommendations for security improvements.
8. Understand and utilize Threat Intelligence operationally.
9. Support incident response to national-scale incidents, mentoring where appropriate.
10. Collaborate with other teams to enhance services based on customer needs.
11. Create workflows for automation in SOAR tools for common attack types.
12. Continuously review and improve the service and use cases based on evolving threats.
Requirements
Technical
* Basic scripting skills (Python or similar), experience with Windows, OS X, Linux.
* Experience with Splunk and Sentinel.
* Knowledge of security tools/technologies.
* Strong understanding of security architecture, especially networking.
* Knowledge of threat intelligence, TTPs, and operationalizing threat intelligence.
* Experience investigating complex network intrusions.
* Understanding TCP/IP layers for traffic analysis.
* Knowledge of AWS and/or Azure cloud services.
* Experience with Splunk (including ES) and content development is desirable.
Non-technical
* Client engagement skills, including reporting and briefing.
* Mentoring and coaching mindset.
* Security process development skills.
* Ability to adapt to different cultures and hierarchies.
* Self-motivated and independent working capability.
* Team player with experience in diverse teams.
Desirable
* Software engineering experience.
* Penetration testing skills.
Life at BAE Systems Digital Intelligence
We embrace hybrid working, allowing remote, office, or client-site work, supported by technology for collaboration. Diversity and inclusion are core to our culture, fostering a workplace where varied perspectives and backgrounds contribute to excellence.
Additional Information
* Seniority level: Mid-Senior level
* Employment type: Full-time
* Job function: Information Technology
* Industries: IT Services and IT Consulting
#J-18808-Ljbffr