Lead SOC Analyst - Shift Lead

Location(s): UK, Europe & Africa : UK : Leeds

BAE Systems Digital Intelligence is home to 4,500 digital, cyber, and intelligence experts. We work collaboratively across 10 countries to collect, connect, and understand complex data, enabling governments, armed forces, and commercial businesses to unlock digital advantage in demanding environments.

Job Title: Lead SOC Analyst
Requisition ID: 121667

Location: Leeds

Grade: GG10 - GG11

Referral Bonus: £5,000

BAE Systems has been contracted to operate and improve a dedicated Security Operations Centre (SOC) supporting a major UK CNI organization. The SOC primarily protects networks hosted in Azure and AWS cloud platforms, with hundreds of systems involved. The goal is to develop a benchmark of best practice and excellence, reflecting the significant threats faced.

The SOC team will be a mix of customer and BAE Systems staff, with daily operations based in Leeds for network access reasons. The SOC Analyst roles are shift-based, working as part of a 24/7 operation across four teams. Responsibilities include using SIEM tools to detect, investigate, and respond to security incidents within monitored networks.

These roles require at least SC clearance, with potential for DV clearance.

• Prepare and deliver shift handover briefs.
• Monitor, triage, analyze, and investigate alerts, logs, and network traffic to identify cyber-attacks or security incidents.
• Classify suspected incidents according to policy.
• Recognize intrusion attempts and compromises through analysis of event details.
• Write high-quality security incident tickets using knowledge resources and independent research.
• Assist with remediation activities to inhibit attacks, clean systems, and secure networks.
• Produce incident review reports and recommend security improvements.
• Understand and utilize Threat Intelligence in operations.
• Support incident response to national-scale incidents, offering coaching.
• Collaborate with other teams to enhance services based on customer needs.
• Create workflows for automation in SOAR tools for common attack types.
• Continuously review and improve the service, proposing changes in response to evolving threats.

• Basic Python/scripting skills; Windows, OS X, Linux
• Experience with Splunk and Sentinel
• Knowledge of security tools and technologies
• Strong understanding of security architecture, especially networking
• Knowledge of threat intelligence, TTPs, and operationalization
• Experience investigating complex network intrusions
• Understanding TCP/IP layers for traffic analysis
• Experience with AWS and/or Azure cloud services
• Experience with Splunk (with ES) and Sentinel, content development preferred

• Client consulting, stakeholder engagement, and communication skills
• Mentoring and coaching mindset
• Security process development
• Ability to adapt to different cultures and hierarchies
• Self-motivated and independent working skills
• Team player, capable of working in diverse teams

• Software engineering experience
• Penetration testing skills

We embrace hybrid working, allowing flexibility in location and hours. We foster a culture of diversity and inclusion, valuing different perspectives and backgrounds to achieve excellence.