Location(s): UK, Europe & Africa: UK: Gloucester
BAE Systems Digital Intelligence is home to 4,500 digital, cyber, and intelligence experts. We work collaboratively across 10 countries to collect, connect, and understand complex data, enabling governments, armed forces, and commercial businesses to gain a digital advantage in demanding environments.
Job Title: Threat Hunter
Requisition ID: 121789
Location: Leeds – We offer hybrid and flexible working arrangements. Please discuss options with your recruiter.
Grade: GG10 – GG11
Referral Bonus: £5,000
Job Description
* Serve as the point of escalation for intrusion analysis, forensics, and incident response queries. Provide root cause analysis for complex, non-standard findings and anomalies.
* Mentor team members and share knowledge to enhance team capabilities.
* Contribute to the SOC Knowledge Repository, creating and updating content autonomously.
* Build relationships outside the HMG community with external SOCs and cybersecurity researchers to identify beneficial analytics, tradecraft, and threat intelligence.
* Develop complex KQL analytics and playbooks for detection rules against M365 environments and host-based analytics for Linux and Windows VMs.
* Review open-source research on threats impacting cloud services and prioritize implementation.
* Research vulnerabilities and produce proof-of-concept exploits to demonstrate potential compromises.
* Emulate adversary TTPs for training and detection evaluation.
* Review red team and pentest findings to improve detection rules.
* Provide forensic support and threat emulation to improve alert triage and accuracy.
* Identify gaps in SOC processes and data analysis, demonstrating the need for improvements through scenarios and red teaming.
* Perform non-routine and complex ID&A tasks, including threat hunting, automation, and analytics enrichment.
* Set vision and milestones for emulation and detection capabilities, influencing other teams.
* Adjust alert thresholds and suppressions based on signal-to-noise assessments and team risk appetite.
* Define threat hunting initiatives based on real-world risks.
* Architect detection processes to identify unusual behaviors, reduce dwell time, and optimize resource use.
* Oversee practices to improve daily operations and analyst activities.
* Lead operational team exercises and set detection strategy and goals.
* Influence team requirements for engineering, analysis, and continuous improvement.
* Devise and conduct technical interviews, evaluating candidate responses.
Experience
* Proven experience in security testing practices and techniques.
* Knowledge of Azure; AWS knowledge is desirable.
* Understanding of Windows Active Directory and Windows OS fundamentals.
* Knowledge of networking fundamentals.
* Experience with CI/CD and source control.
* Experience in writing malware and anomaly detection rules.
* Use of statistical methods for anomaly detection.
* Advanced practical experience with Microsoft Sentinel and/or Microsoft XDR.
* Proficiency in writing complex KQL analytics/searches.
* Strong awareness of the latest security threats.
* Ability to prioritize threats and assess detection effectiveness.
* Threat hunting or SOC analyst certifications are preferred.
Life at BAE Systems Digital Intelligence
We embrace hybrid working, allowing flexibility in when and where you work, including from home, offices, or client sites. We leverage technology to facilitate remote collaboration, promoting work-life balance and well-being.
Diversity and inclusion are core to our culture. We value employees' varied perspectives, skills, and backgrounds, fostering an environment where everyone can achieve excellence and reach their potential.
#J-18808-Ljbffr