Senior Threat Detection Analyst

Location: Preston, Frimley or Filton. We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role.

Salary: Circa £50,000 depending on experience and skills.

• Triage, analyse and investigate alerts, log data and network traffic using the monitoring platforms and Internet resources to identify cyber‑attacks / security incidents.
• Delivery of core triage function as part of 24/7 protective monitoring services across a range of networks/services.
• Act as a mentor and as an escalation point within the team for technical queries.
• Ensure timely and accurate communication of incidents to IT, network or security teams across BAE Systems.
• Escalate suspected major security incidents / investigations where support is required.
• Define monitoring use cases and develop prototype rules with minimal supervision for example in response to intelligence or gaps in defences.
• Contribute to the development of the services through people, process and technology where appropriate.
• Build a comprehensive knowledge of BAE Systems IT systems to support monitoring activities and tailor remediation recommendations to systems.
• Contribute to and help define requirements for future security capabilities along with the Lead Analyst.

Essential:

• Technical background with experience of technologies including but not limited to firewalls, IDS/IPS, Active Directory, endpoint protection, Windows Server, Linux, networking, cloud and vulnerability management.
• Analytical background and comfortable analysing and interpreting large and complex data sets and articulating the story behind any observations along with providing conclusions and recommendations.
• Knowledge and experience of using tools to dissect common threats to produce usable IOCs, e.g., malicious document analysis.
• Detailed knowledge of the current threat landscape, the TTPs frequently employed in those attacks and how we can investigate and mitigate these.

Desirable:

• Background of prior experience of working in an information and/or cyber security environment (government or commercial sector).
• Previous experience working within Cyber Operations utilising SIEM platforms.
• Relevant security certifications such as CISSP, SSCP, CEH, GCIH or GCIA.

As well as a competitive pension scheme, BAE Systems also offers employee share plans, an extensive range of flexible discounted health, wellbeing and lifestyle benefits, including a green car scheme, private health plans and shopping discounts – you may also be eligible for an annual incentive.

Cyber Operations is responsible for protecting BAE Systems from cyber attack by various threat actors. Not only do we protect BAE Systems and its employees, indirectly we protect those who protect us – who serve in our military and rely on the products and services we create. Across threat intelligence, detection, incident response and now active defence we work to evolve cyber operations as a world class capability.

This is a place where you’ll be able to make a real difference. You’ll be part of an inclusive culture that values diversity of thought, rewards integrity and merit, and where you’ll be empowered to fulfil your potential. We welcome people from all backgrounds and want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments.

Please be aware that many roles at BAE Systems are subject to both security and export control restrictions. These restrictions mean that factors such as your nationality, any nationalities you may have previously held, and your place of birth can restrict the roles you are eligible to perform within the organisation. All applicants must as a minimum achieve Baseline Personnel Security Standard. Many roles also require higher levels of national security vetting where applicants must typically have 5 to 10 years of continuous residency in the UK depending on the vetting level required for the role, to allow for meaningful security vetting checks.

Closing Date: 14th January 2026

We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.

Due to the festive season, there may be a delay in the processing of your application. Your application is important to us, and we will respond as soon as possible. Thank you for your understanding.