Cyber Threat Analyst - National Security West

Location(s): UK, Europe & Africa: UK: Leeds

BAE Systems Digital Intelligence is home to 4,500 digital, cyber, and intelligence experts. We work collaboratively across 10 countries to collect, connect, and understand complex data, enabling governments, nation states, armed forces, and commercial businesses to unlock digital advantages in demanding environments.

Job Title: Cyber Threat Analyst
Requisition ID: #

Location: Leeds and surrounding area
Grade: GG08 - GG09
Referral Bonus: £5,000


BAE Systems has been contracted to operate and improve a dedicated Security Operations Centre (SOC) to support the defense of a major UK Critical National Infrastructure (CNI) organization. The networks protected are primarily cloud-hosted with numerous systems requiring protection. The customer aims to develop this SOC to be a benchmark of best practice, reflecting the significant threats faced.

This role requires at least SC clearance, with potential for DV clearance in the future.

Reporting to the Delivery Lead/PMO, the role involves:

• Creating Threat Hunt Hypotheses and running Threat Hunts regularly
• Translating hypotheses into KQL queries, executing them, and triaging results
• Understanding attacker TTPs and APT groups for in-depth research
• Verifying and refining Threat Hunt queries
• Experience in Incident Response and Management
• Ensuring high-quality Threat Hunt Reports and documentation
• Providing analysis, context, and predictions
• Assessing and improving the function's maturity, including productization of improvements
• Being a point of contact for intrusion analysis, forensics, and incident response queries
• Completing ad-hoc and regular products during capacity constraints
• Deep knowledge of cyber threat intelligence frameworks like Cyber Kill Chain and MITRE ATT&CK
• Developing new analytics and playbooks for detection rules

• 3+ years in Cyber Threat Intelligence, research, and investigation
• Experience in incident response and management
• Knowledge of threats to government and CNI
• Strong open-source research skills
• High-level understanding of Windows, Azure, networking, and cloud platforms

• Bachelor’s Degree in Cybersecurity, Computer Science, or equivalent
• Experience in SOC, Threat Intelligence, or Vulnerability Management
• Excellent communication skills for technical and non-technical audiences
• Team player, self-motivated, and able to mentor

• Degree in Cyber Security or related
• SANS certifications (GNFA, GCIH, etc.)
• CySA+, CREST certifications, Azure and AWS security certifications, EC-Council CEH

We embrace hybrid working, providing flexibility to work from home, offices, or client sites. We foster diversity and inclusion, encouraging a culture where varied perspectives and backgrounds thrive to achieve excellence.