Location(s): UK, Europe & Africa : UK : Leeds 

BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.

SOC TI and Vulnerability Lead  

Role description

BAE Systems have been contracted to undertake the day to day operation of (and incremental improvement of) a dedicated Security Operations Centre (SOC) to support the defence of a major UK CNI organisation.  The networks protected are predominantly hosted in Azure and AWS cloud platforms, with many hundred systems within these environments that must be protected.  The customer is committed to development of this improved SOC to be a benchmark of best practice and excellence in reflection of the significant threat that the protected systems are subject to.

The SOC will be staffed by a blend of customer and BAE Systems staff, based in multiple locations, but with the day to day operations based from our Leeds office (due to the need for customer network access available at this location).

The Threat Intelligence Lead collates relevant Threat Intelligence (TI) for the SOC. This includes understanding vulnerabilities, cyber defences and the attack paths that an attacker may use to gain access to the monitored estate.

The day-to-day focus of the Threat Intelligence Lead is establishing and maintaining threat data sources, defining threat intelligence requirements and developing high quality TI outputs tailored for the SOC and in support on incident management and response. This includes performing research, developing reports and briefings and, ensuring the latest and most appropriate IoCs are installed on the detection platforms across the whole SOC along with providing the relevant context to the SOC analysts.

These roles require a minimum of DV clearance.  Due to timelines for the start of operations, it will not be possible to sponsor new clearances so candidates must have existing clearances.

Position is expected to work from company offices on a full time basis although some home working may be possible.

Responsibilities

• Produce and maintain threat assessments to provide a clear understanding of the customer threat landscape.
• Maintain the IoC database tailored to the monitored environment and threats and ensure changes are pushed to the detection systems in a timely manner.
• Maintain threat profiles and threat modelling and applicability to the monitored estate along with updating the modelling to detail what detection and controls are in place to mitigate the threats.
• Gather and maintain a set of TI requirements that define the threats that will be monitored, tracked and researched by the TI Team.
• Oversee the collection, collation and maintenance of threat data collected from open and closed sources and ensure it appropriately validated.
• Conduct analysis and research to determine the identity, motivations, relationships, targets / victims, capabilities, tooling and infrastructure of threat groups relevant to customer.

Requirements

Technical

• Working in a Threat Intelligence team developing threat intelligence products for technical and non-technical audiences.
• Performing malware analysis and reverse engineering.
• Conducting threat assessments and defining threat intelligence requirements.
• Developing and maintaining threat data sources.
• Advanced knowledge of Windows and Linux operating systems and use of the command line.
• Advanced knowledge of core networking concepts and technologies e.g. TCP/IP.
• Intermediate knowledge of malware behaviour and techniques employed by attackers to evade security controls.
• Intermediate knowledge of malware analysis and reverse engineering techniques.

Non-technical

• Client side consulting, including stakeholder engagement and the ability to communicate insights and concepts to others (including briefing skills and report writing)
• Able to understand and adapt to different cultures and hierarchical structures.
• Team player and adept at working in multi-disciplinary and diverse teams

•  Proven analytical skills capable of solving new and complex technical problems.
• Excellent written and verbal communication skills with the ability to communicate the impact and importance of detailed technical information to non-technical and senior audiences.
• Leading and managing small teams of highly skilled technical people.
• Managing and building relationships with customer and internal stakeholders.
• Self-motivated and motivates others keeping morale and performance high.

Life at BAE Systems Digital Intelligence 

We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day.

By embracing technology, we can interact, collaborate and create together, even when we’re working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well-being.

Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds – the best and brightest minds – can work together to achieve excellence and realise individual and organisational potential.