Threat Hunter - National Security - Leeds

Social network you want to login/join with:

Client: BAE

Location: Gloucester, United Kingdom

Job Category: Other

-

EU work permit required: Yes

BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.

Job Title: Threat Hunter

Requisition ID: 121789

Location: Leeds - We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role.

Grade: GG10 - GG11

• Serve as the point of escalation for intrusion analysis, forensics, and Incident Response queries.
• Provide root cause analysis of complex findings and anomaly-based detections.
• Mentor team members and share knowledge via the SOC Knowledge Repository.
• Build relationships with external SOCs and cybersecurity researchers to identify analytics and threat intelligence.
• Develop complex KQL analytics and playbooks for detection in cloud and on-prem environments.
• Review open-source research on threats impacting cloud services and prioritize implementation.
• Research vulnerabilities, produce proof-of-concept exploits, and emulate adversary TTPs.
• Review red team activities and improve detection rules.
• Support forensic analysis and threat emulation to improve alert triage.
• Identify gaps in SOC processes and demonstrate improvements through exercises.
• Perform threat hunting, automation, and analytic enrichment tasks.
• Set vision and milestones for detection capabilities and influence team requirements.
• Adjust alert thresholds and suppressions based on signal-to-noise assessments.
• Define threat hunting initiatives based on real-world risks.
• Architect detection programs to reduce dwell time and optimize resources.
• Oversee operational practices and quality reviews.
• Lead team exercises and influence operational strategies.
• Devise technical interview questions and evaluate candidates.

• Experience in security testing practices and techniques.
• Knowledge of Azure, AWS preferred.
• Knowledge of Windows Active Directory and fundamentals.
• Networking fundamentals.
• Experience with CI/CD and source control.
• Experience in malware and anomaly detection development.
• Use of statistical methods for anomaly detection.
• Proficiency with Microsoft Sentinel/XDR and writing complex KQL analytics.
• Strong knowledge of current security threats.
• Ability to prioritize threats and assess detection effectiveness.
• Threat hunting or SOC analyst certifications.

We embrace hybrid working, allowing flexible locations and schedules. Diversity and inclusion are core to our culture, fostering a collaborative environment where varied perspectives thrive.