Front Line Analyst - National Security - Leeds

Location(s): UK, Europe & Africa : UK : Leeds

BAE Systems Digital Intelligence is home to 4,500 digital, cyber, and intelligence experts. We work collaboratively across 10 countries to collect, connect, and understand complex data, enabling governments, armed forces, and commercial businesses to unlock digital advantage in demanding environments.

Job Title: Front Line Analyst

Requisition ID: 121791

Location: Leeds - We offer a range of hybrid and flexible working arrangements. Please speak to your recruiter about options for this role.

Grade: GG08

Referral Bonus: £2,000

• Conduct cyber security monitoring to detect hacking/malware intrusion attempts against customer IT.
• Perform full triage of detection alarms to identify the cause, such as active infection, intrusion attempt, or false positive.
• Identify and document attack sources, techniques, tactics, and procedures (TTPs), and assess attack extent.
• Capture and feed back attack chain details into detection capabilities.
• Ensure monitoring effectiveness by creating and updating SIEM/SOAR playbooks aligned with attacker TTPs.
• Use intrusion analysis skills to contribute to new detection techniques and research industry capabilities.
• Communicate with government or commercial security operation centers for root-cause analysis.
• Create low to medium complexity KQL analytics and hunt queries, conduct IOC and anomaly-based threat hunts, and identify root causes.
• Identify and tag incorrect alert logic and high false positive detection rules for review.
• Transform internal and partner threat intelligence into actionable detections.
• Coach junior analysts and colleagues as needed.
• Lead threat hunting workgroups during events for complex TTPs across industries.
• Deliver ad-hoc training and workshops to promote security awareness and team knowledge.
• Provide daily SITREPs on attacker activity to local teams.

• Knowledge of intrusion analysis on Windows end-user devices and servers.
• Knowledge of intrusion analysis on Azure, including attacker methods like 'living off the cloud' using Microsoft Graph API, app registrations, and managed identities.
• Ability to quickly research and learn new tools and techniques.
• Good working knowledge of MITRE ATT&CK Framework.
• Understanding of networking concepts and protocols (TCP/IP, UDP, DNS, DHCP, HTTP, etc.).
• Experience with intrusion analysis on Windows devices and Azure cloud architecture.
• Relevant certifications such as SANS GCIH, GCIA, or similar incident response/forensics certifications.
• Understanding of Operating System functionality and operations.
• Ability to develop hypotheses and perform threat hunting in Azure cloud or Windows device data.

• Degree in Cyber Security or related field.
• Certifications like CompTIA Network+ / Security+.
• CREST certifications - Intrusion Analyst, Cyber Threat Intelligence.
• Azure certifications - AZ900, SC200, SC900.
• AWS Cloud Essentials.
• SANS GCIH, GCIA, or similar.

We embrace hybrid working, allowing flexibility in when and where you work, including from home, offices, or client sites. We leverage technology to facilitate remote interaction, collaboration, and creation, promoting work-life balance and well-being.

Diversity and inclusion are core to our success. We foster a culture where diverse perspectives, skills, and backgrounds are valued, enabling us to achieve excellence and unlock individual and organizational potential.