Threat Hunter – National Security – Leeds

Location(s): UK, Europe & Africa: UK: Gloucester

BAE Systems Digital Intelligence is home to 4,500 digital, cyber, and intelligence experts. We work across 10 countries to collect, connect, and analyze complex data, enabling governments, armed forces, and businesses to achieve digital advantages in demanding environments.

Job Title: Threat Hunter

Requisition ID: 121789

Location: Leeds – hybrid and flexible working arrangements available. Please consult your recruiter for details.

Grade: GG10 – GG11

Referral Bonus: £5,000

• Serve as the point of escalation for intrusion analysis, forensics, and incident response queries. Provide root cause analysis for complex, non-standard findings and anomalies without existing playbooks.
• Mentor team members and share knowledge proactively.
• Contribute to the SOC Knowledge Repository by creating and updating documentation independently.
• Build relationships externally with other SOCs and cybersecurity researchers to identify analytics, threat intelligence, and tradecraft that benefit the Blue Team. Communicate funding and prioritization suggestions and lead implementation when needed.
• Develop complex, anomaly-based KQL analytics and playbooks for detection in M365, Linux, and Windows environments.
• Review open-source research on threats affecting cloud services and VMs, prioritizing and implementing relevant findings.
• Research vulnerabilities, produce proof-of-concept exploits, and emulate adversary TTPs for training and detection evaluation.
• Review red team and pentest findings to improve detection rules.
• Provide forensic support and threat emulation to improve alert triage and accuracy.
• Identify gaps in SOC processes, data collection, and analysis, demonstrating the need for improvements through scenarios and red teaming.
• Perform complex threat hunting, automation, and analytic enrichment tasks.
• Set vision and milestones for emulation and detection capabilities, influencing other teams.
• Adjust alert thresholds and suppressions based on risk assessments.
• Define threat hunting initiatives based on real-world risks.
• Architect detection programs to identify unusual behaviors, reduce dwell time, and optimize resource use.
• Oversee practices that enhance daily operations, including quality reviews.
• Lead operational strategy and team exercises, collaborating across functions.
• Contribute to team requirements, including engineering and continuous improvement.
• Design and conduct technical interviews, evaluating candidate responses.

• Proven experience in security testing practices and techniques.
• Knowledge of Azure, with AWS knowledge preferred.
• Understanding of Windows Active Directory and Windows OS fundamentals.
• Networking fundamentals experience.
• Experience with CI/CD and source control systems.
• Experience in developing malware and anomaly detections.
• Use of statistical methods for anomaly detection.
• Proficiency with Microsoft Sentinel and/or XDR.
• Strong skills in writing complex KQL analytics/searches.
• Awareness of current security threats.
• Ability to prioritize threats effectively.
• Understanding factors affecting detection effectiveness.
• Threat hunting or SOC analyst certifications preferred.

We support hybrid working, enabling flexible work arrangements from home, offices, or client sites, promoting work-life balance and well-being.

Diversity and inclusion are core to our culture. We value diverse perspectives and backgrounds, fostering an environment of excellence and innovation.