Lead SOC Analyst - Shift Lead

Location(s): UK, Europe & Africa: UK: Leeds

BAE Systems Digital Intelligence is home to 4,500 digital, cyber, and intelligence experts. We work collaboratively across 10 countries to collect, connect, and understand complex data, enabling governments, nation states, armed forces, and commercial businesses to unlock digital advantage in demanding environments.

Job Title: Lead SOC Analyst
Requisition ID: #

Location: Leeds

Grade: GG10 - GG11
Referral Bonus: £5,000

Role description

BAE Systems has been contracted to operate and improve a dedicated Security Operations Centre (SOC) supporting a major UK CNI organization. The networks are primarily hosted on Azure and AWS cloud platforms, with numerous systems requiring protection. The SOC aims to set a benchmark of best practice and excellence against significant threats.

The SOC team comprises customer and BAE Systems staff across multiple locations, with daily operations based in Leeds for network access reasons.

These are 'hands-on' shift roles within a 24/7 operation, involving working in four rotation shifts. Responsibilities include utilizing the SOC’s SIEM tools to detect and investigate security incidents within monitored networks.

Candidates must hold a minimum of SC clearance, with readiness for DV clearance.

Responsibilities

- Prepare and deliver shift handover briefs
- Monitor, triage, analyze, and investigate alerts and logs for security incidents
- Categorize incidents per policy
- Recognize intrusion attempts and compromises through detailed review
- Document incidents with quality tickets and research
- Support remediation efforts to mitigate attacks and secure systems
- Produce incident review reports with improvement recommendations
- Use threat intelligence operationally
- Support national incident response in a coaching capacity
- Collaborate with teams to enhance services
- Develop workflows for automation with SOAR tools
- Continuously review and improve service offerings

Requirements

Technical

- Basic scripting skills (Python or similar), Windows, OS X, Linux
- Experience with Splunk and Sentinel
- Familiarity with security tools and architecture, especially networking
- Understanding of threat intelligence, TTPs, and operationalization
- Experience investigating complex intrusions, including state-sponsored and ransomware
- Knowledge of TCP/IP layers and network traffic analysis
- Understanding of AWS and/or Azure cloud services
- Content development experience with Splunk (ES) and/or Sentinel is desirable

Non-technical

- Client engagement, stakeholder communication, briefing, and report writing skills
- Mentoring and coaching mindset
- Security process development
- Cultural adaptability and hierarchical awareness
- Self-motivated and capable of independent work
- Team-oriented and experienced in diverse teams

Desirable

- Software engineering experience
- Penetration testing skills

Life at BAE Systems Digital Intelligence

We embrace hybrid working, allowing flexible locations and schedules. We value diversity and inclusion, fostering a culture where varied perspectives and backgrounds lead to excellence and organizational growth.