Threat Intelligence Specialist

Location(s): UK, Europe & Africa: UK: Frimley || UK, Europe & Africa: UK: London || UK, Europe & Africa: UK: Manchester

Job Title: Threat Intelligence Specialist

Location: Hybrid – This role can be based from our Frimley, London or Manchester offices and we would expect a minimum of 1 day a week in the office. We offer a range of hybrid and flexible working arrangements – please speak to your recruiter about the options for this particular role.

• Investigating cyber intrusions and threat activity in the Middle East region as part of our global Threat Intelligence team.
• Discover, analyse, document, and track advanced threat actor campaigns.
• Conduct research on threat actors (from hacktivist to criminal to state), and their tools, techniques, and procedures (TTPs) using commercial and open sources.
• Produce finished intelligence reports related to state and criminal threats, with insights into attacker techniques and identified campaigns, including actionable mitigation and detection guidance.
• Work in a collaborative environment with other technical specialists, intelligence analysts, and customer facing consultants.
• Support intelligence analysts with malware analysis and incident responders with technical expertise.

• Experience tracking actors or campaigns and their associated tactics, techniques, and tools.
• Strong understanding of the cyber threat landscape and ability to communicate relevant insights to customers.
• Self‑starter with ability to identify problems early and develop solutions using own initiative.
• Technical skills with an interest in one or more of the following: open source intelligence investigations, digital forensics, infrastructure analysis, threat hunting, or malware reverse engineering.
• Understanding of networking fundamentals such as HTTP, TCP/IP, DNS and other core protocols.
• Experience writing Python scripts.
• Ability to document and explain technical details clearly and concisely in writing and graphics for technical and non‑technical audiences.

• Experience querying commercial and open sources, such as Shodan, Censys, etc.
• Familiarity with malware sandboxing and using the output to pivot and find additional activity.
• Experience in threat hunting and creating file/network traffic signatures using Yara and Snort.
• Experience with cloud environments, including AWS and Azure.
• Experience writing Python scripts.

BAE Systems Digital Intelligence offers world‑class threat intelligence services to customers across the globe. Our team investigates some of the most complex nation‑state threat actors and intrusions on a daily basis. We currently have a vacancy for an experienced Threat Intelligence Specialist focussed on threats to the Middle East region in our team.

We are looking for a candidate with a strong understanding of the cyber threat landscape and a passion for technical analysis who is excited to become part of a growing team.

As well as a competitive pension scheme, BAE also offers employee share plans, an extensive range of flexible discounted health, wellbeing & lifestyle benefits, including a green car scheme, private health plans and shopping discounts – you may also be eligible for an annual incentive.

This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity of thought, rewards integrity and merit, and where you'll be empowered to fulfil your potential. We welcome people from all backgrounds and want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments.

Please be aware that many roles at BAE Systems are subject to both security and export control restrictions. These restrictions mean that factors such as your nationality, any nationalities you may have previously held, and your place of birth can restrict the roles you are eligible to perform within the organisation. All applicants must, as a minimum, achieve Baseline Personnel Security Standard. Many roles also require higher levels of National Security Vetting where applicants must typically have 5 to 10 years of continuous residency in the UK depending on the vetting level required for the role, to allow for meaningful security vetting checks.