Front Line Analyst – National Security – Leeds

Location(s): UK, Europe & Africa: UK: Leeds

BAE Systems Digital Intelligence is home to 4,500 digital, cyber, and intelligence experts. We work across 10 countries to collect, connect, and understand complex data, enabling governments, armed forces, and commercial businesses to unlock digital advantages in demanding environments.

Job Title: Front Line Analyst

Requisition ID: 121791

Location: Leeds – We offer hybrid and flexible working arrangements. Please discuss options with your recruiter.

Grade: GG08

Referral Bonus: £2,000

• Conduct cybersecurity monitoring to detect hacking/malware intrusion attempts against customer IT systems.
• Triaging detection alarms to identify causes such as active infections, intrusion attempts, or false positives.
• Identify and document attack sources, techniques, tactics, and procedures (TTPs), and assess attack scope.
• Document attack chain details and update detection capabilities accordingly.
• Maintain monitoring effectiveness by creating and updating SIEM/SOAR playbooks, adapting to evolving TTPs.
• Use intrusion analysis skills to contribute to new detection techniques and research industry capabilities.
• Coordinate with government or commercial security operation centers for root cause analysis.
• Create KQL analytics and hunt queries, conduct IOC and anomaly-based threat hunts.
• Identify and tag incorrect alert logic or high false positive detection rules for review.
• Transform internal and partner threat intelligence into actionable detections.
• Coach junior analysts and colleagues as needed.
• Lead threat hunting workgroups during complex TTPs across industries.
• Deliver training and workshops to promote security awareness and knowledge sharing.
• Provide daily SITREPs on attacker activity.

• Knowledge of intrusion analysis on Windows devices and servers.
• Experience with intrusion analysis in Azure, including attacker methods like ‘living off the cloud’ (e.g., Microsoft Graph API, app registrations, managed identities).
• Ability to research and learn new tools and techniques quickly.
• Good working knowledge of MITRE ATT&CK framework.
• Understanding of networking concepts and protocols (TCP/IP, UDP, DNS, DHCP, HTTP).
• Experience with intrusion analysis on Windows and Azure cloud architecture.
• Relevant certifications such as SANS GCIH, GCIA, or similar.
• Understanding of operating system functionalities.
• Develop hypotheses and perform threat hunting in Azure cloud or Windows device data.

• Degree in Cyber Security or related field.
• Certifications like CompTIA Network+, Security+, CREST (Intrusion Analyst, Cyber Threat Intelligence), Azure (AZ900, SC200, SC900), AWS Cloud Essentials.
• SANS GCIH, GCIA, or similar certifications.

We embrace hybrid working, allowing flexibility in when and where you work, including from home, offices, or client sites. We foster a culture of diversity and inclusion, encouraging employees of varied backgrounds and perspectives to collaborate and achieve excellence.