Front Line Analyst – National Security – Leeds

Location(s): UK, Europe & Africa : UK : Leeds

BAE Systems Digital Intelligence is home to 4,500 digital, cyber, and intelligence experts. We work across 10 countries to collect, connect, and understand complex data, enabling governments, armed forces, and commercial businesses to unlock digital advantage in demanding environments.

Job Title: Front Line Analyst

Requisition ID: 121791

Location: Leeds – We offer hybrid and flexible working arrangements. Please speak to your recruiter about options for this role.

Grade: GG08

Referral Bonus: £2,000

• Conduct Cyber Security Monitoring to detect hacking/malware intrusion attempts against customer IT.
• Perform full triage of detection alarms to identify the cause, such as active infection, intrusion attempts, or false positives.
• Identify and document attack sources, techniques, tactics, and procedures (TTPs) used in detected attacks, from start to finish.
• Capture and feed attack chain details into detection capabilities.
• Ensure monitoring effectiveness by creating and updating SIEM/SOAR playbooks, adapting to evolving attacker TTPs.
• Use Intrusion Analysis skills to contribute to new detection techniques and research industry capabilities.
• Communicate with government or commercial security operations centers for root-cause analysis.
• Create low to medium complexity KQL analytics and hunt queries, conduct IOC and anomaly-based threat hunts.
• Identify and tag incorrect alert logic or high false positive detection rules for review.
• Transform Threat Intelligence into actionable detections.
• Coach junior analysts and colleagues as needed.
• Lead Threat Hunting workgroups during events for complex TTPs across industries.
• Deliver ad-hoc training and workshops to promote security awareness and knowledge sharing.
• Provide daily SITREPs on attacker activity.

• Knowledge of Intrusion Analysis on Windows devices and servers.
• Knowledge of Intrusion Analysis in Azure, including attacker methods like ‘living off the cloud’ using Microsoft Graph API, app registrations, and managed identities.
• Ability to research and learn new tools and techniques quickly.
• Good understanding of the MITRE ATT&CK Framework.
• Strong knowledge of networking concepts and protocols (TCP/IP, UDP, DNS, DHCP, HTTP).
• Experience in Intrusion Analysis on Windows Devices and Azure Cloud Architecture.
• Relevant certifications such as SANS or similar in incident response/forensics.
• Understanding of Operating System functionality and operations.
• Ability to develop hypotheses and perform threat hunting in Azure cloud or Windows data.

• Degree in Cyber Security or related field.
• Certifications like CompTIA Network+/Security+, CREST (Intrusion Analyst, Cyber Threat Intelligence), Azure AZ900, SC200, SC900, AWS Cloud Essentials, SANS GCIH, GCIA.

We embrace hybrid working, allowing flexibility in when and where we work, to support work-life balance and well-being.

Diversity and inclusion are core to our culture. We value varied perspectives, skills, and backgrounds, fostering a collaborative environment where everyone can achieve their potential.