Threat Hunter - National Security - Leeds

BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, enabling governments, armed forces, and businesses to unlock digital advantages in demanding environments.

Leeds - Flexible and hybrid working arrangements available. Please discuss options with your recruiter.

GG10 - GG11

• Serve as the point of escalation for intrusion analysis, forensics, and incident response queries.
• Provide root cause analysis for complex, non-standard findings and anomaly detections.
• Mentor team members and share knowledge via the SOC Knowledge Repository.
• Build relationships with external SOCs and cybersecurity researchers to identify useful analytics and threat intelligence.
• Develop complex KQL analytics and playbooks for detection in M365, Linux, and Windows environments.
• Review open-source research on threats impacting cloud services and prioritize implementation.
• Research vulnerabilities, produce proof-of-concept exploits, and emulate adversary TTPs for training and detection testing.
• Review red team and pentest findings to improve detection rules.
• Support forensic investigations and threat emulation to improve alert accuracy.
• Identify gaps in SOC processes and demonstrate improvements through scenarios and exercises.
• Perform complex threat hunting, automation, and analytic enrichment tasks.
• Set vision and milestones for detection capabilities, influencing team efforts.
• Adjust alert thresholds and suppressions based on signal-to-noise assessment and team risk appetite.
• Define threat hunting initiatives based on real-world risks.
• Architect detection programs to identify unusual behaviors and reduce dwell time.
• Oversee operational practices to enhance quality and effectiveness.
• Lead team exercises and influence requirements for engineering and analysis teams.
• Conduct technical interviews and evaluate candidates.

• Experience in security testing practices and techniques.
• Knowledge of Azure, AWS is desirable.
• Familiarity with Windows Active Directory, Windows OS fundamentals, and networking fundamentals.
• Experience with CICD, source control, and writing malware and anomaly detections.
• Use of statistical methods for anomaly detection.
• Practical expertise in Microsoft Sentinel/XDR and complex KQL analytics.
• Strong knowledge of current security threats and threat prioritization skills.
• Threat hunting or SOC analyst certifications preferred.

We support hybrid working, enabling flexible work locations and schedules to promote work-life balance and well-being.

Diversity and inclusion are core to our culture. We value employees from diverse backgrounds and perspectives, working together to achieve excellence.