Join to apply for the SOC Engineering Lead role at BAE Systems Digital Intelligence.
Location(s): UK, Europe & Africa – London & Leeds (hybrid/flexible options available).
Requisition ID: 122577 | Grade: GG11 | Referral Bonus: £5,000.
Role Description
BAE Systems will manage day‑to‑day operations for a dedicated Security Operations Centre (SOC) supporting a major UK CNI organisation. The SOC protects Azure‑hosted networks and will operate remotely and on‑premise. The role requires an existing SC clearance; sponsorship is not available.
The SOC Engineering Lead will plan and manage development, testing, and implementation activities for the Azure SIEM and SOAR platforms, prioritise and coordinate the Analytics & Rules (A&R) team, and drive long‑term improvements. You will work closely with Protective Monitoring, Threat Intelligence and SOC operations teams to scope requirements, tune use‑cases, and deploy new detection content.
Responsibilities
* Grow and evolve the customer SOC capability by documenting platforms, feeding back lessons learned, establishing best practices, and repeating engineering processes.
* Collaborate with technical project managers, engineers, solution architects, and senior customer stakeholders.
* Oversee deployment/implementation activities, ensure entry criteria are met, and initiate rollback plans when necessary.
* Develop, test and deploy updated and new detection content across the monitored estate.
* Take playbooks from SOC teams, develop technical aspects, seek approval, and deploy – acting as mentor when needed.
* Maintain existing detection content and assess effectiveness of new rules and analytics.
* Review and approve documentation for releases or change (design, deployment, configuration, and administration guides).
* Maintain underlying Azure and off‑Azure infrastructure related to the SOC.
* Obtain authorization for releases and changes through the Change Management process.
Requirements
Technical
* Strong knowledge of Azure security controls and detection tools; experienced with Sentinel playbooks and use‑case development.
* Experience with SIEM/SOAR tools, threat intelligence, and traffic analysis tools.
* Deep knowledge of operational ICT service delivery management.
* Understanding of security architecture, especially networking.
* Detailed knowledge of threat intelligence and threat actors, TTPs, and operationalising intelligence.
* Knowledge of TCP/IP layers and traffic analysis.
* Experience with SOC Analyst activities is beneficial.
* Experience developing wider SIEM/SOAR content highly desirable.
Non‑technical
* Client‑side consulting, stakeholder engagement, report writing and briefing skills.
* Team leadership and coaching mindset.
* Security process development.
* Cross‑cultural and hierarchical adaptability.
* Independent self‑starter and strong teamwork.
Why BAE Systems
We value diversity, integrity, and merit, and we provide a culture where you can make a real difference. We support candidates from under‑represented communities and offer reasonable adjustments for disabilities.
Internal Opportunity Note
Applicants should have completed 12 months in the relevant role and discuss internal opportunities with their line manager or HR Business Partner to support career development.
Life at BAE Systems Digital Intelligence
Hybrid working enables flexibility across multiple locations and supports work‑life balance and well‑being. Diversity and inclusion are core to our culture.
Division Overview
As part of the Government business unit, you will defend critical networks for the UK and key infrastructure, ensuring national security and protecting client data.
#J-18808-Ljbffr