Lead SOC Analyst - Shift Lead

Location(s): UK, Europe & Africa: UK: Leeds

BAE Systems Digital Intelligence is home to 4,500 digital, cyber, and intelligence experts. We collaborate across 10 countries to analyze complex data, enabling governments, armed forces, and commercial entities to gain a digital advantage in demanding environments.

Job Title: Lead SOC Analyst
Requisition ID: 121667

Location: Leeds

Grade: GG10 - GG11

Referral Bonus: £5,000

Role description

BAE Systems has been contracted to operate and improve a dedicated Security Operations Centre (SOC) supporting a major UK CNI organization. The SOC primarily protects networks hosted in Azure and AWS cloud platforms, with hundreds of systems involved. The goal is to establish a benchmark of best practice in security operations, reflecting the significant threats faced by these systems.

The SOC team comprises customer and BAE Systems staff across multiple locations, with daily operations based in Leeds for network access reasons.

The SOC Analyst roles are shift-based, working in a 24/7 environment with four rotating teams. Responsibilities include using SIEM tools to detect and investigate security incidents within monitored networks.

These roles require at least SC clearance, with a readiness to undergo DV clearance.

• Prepare and deliver shift handover briefs
• Monitor, triage, analyze, and investigate alerts and log data to identify cyber-attacks or security incidents
• Classify suspected incidents according to policy
• Detect intrusion attempts and compromises through analysis of event details
• Document security incidents thoroughly and accurately
• Assist with remediation activities to mitigate cyber threats and secure systems
• Generate incident review reports with security improvement recommendations
• Utilize threat intelligence in operational activities
• Support incident response efforts, including coaching
• Collaborate with other teams to enhance services based on client needs
• Develop workflows for automation in SOAR tools
• Continuously review and improve security use cases and threat response strategies

Requirements

Technical Skills

• Basic scripting skills in Python or similar, familiarity with Windows, OS X, Linux
• Experience with Splunk and Sentinel
• Knowledge of security tools and technologies
• Strong understanding of security architecture and networking
• Knowledge of threat intelligence, TTPs, and operationalization
• Experience investigating complex network intrusions
• Understanding TCP/IP traffic analysis
• Experience with AWS and/or Azure cloud services
• Content development experience with Splunk (ES) and/or Sentinel is desirable

Non-technical Skills

• Client engagement and stakeholder communication skills
• Mentoring and coaching mindset
• Experience in security process development
• Cultural adaptability and hierarchical awareness
• Self-motivated and independent working ability
• Teamwork and collaboration skills in diverse environments

Desirable Skills

• Software engineering background
• Penetration testing capabilities

Life at BAE Systems Digital Intelligence

We support hybrid working, allowing flexible locations and schedules. Our culture emphasizes diversity and inclusion, fostering a collaborative environment where varied perspectives drive excellence.