LOCATION(S): UK, EUROPE & AFRICA : UK : LEEDS
BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.
-
JOB DESCRIPTION
Conducting Cyber Security Monitoring to detect hacking/malware intrusion attempts against customer IT.
- Full triage of detection alarms to accurately identify the cause of the alarm, be it active infection, attempted intrusion or a clear reason for false positive.
- Conduct full “Identification” of any detected attacks (successful or failed) to understand and document the source of the attack, the Techniques, Tactics and Procedures(TTPs) used in the attack from start to finish and the extent (breadth and depth) of the attack.
- Capturing/documenting full attack chain details of detected attacks (successful and failed) and feeding them back into detection capability.
- Responsible for ensuring monitoring effectiveness and efficiency via the creation and updating of SIEM/SOAR playbooks, in line with changing attacker techniques tactics and procedures (TTP’s)
- Use Intrusion Analysis skills and experience to provide input to new detection techniques and research new detection capabilities produced by Industry. Eg documenting requirements for new capabilities/techniques and associated dependencies for consideration by the Intrusion Analysis Lead for prioritisation.
- Ad-hoc communications with government or commercial security operations centres as part of root-cause analysis
- Creation of low-medium complexity KQL analytics and hunt queries, conducting IOC and anomaly-based threat hunts, including root cause identification of findings
- Identification and tagging of incorrect alert logic/high false positive detection rules for the attention of senior analysts.
- Consume Threat Intelligence from internal and partner tools and transform into actionable hunting and detections.
- Coaching of junior analysts and colleagues when required
- Lead Threat Hunting workgroups during Hunting Events for specific complex TTPs, across multiple industries and departments.
- Deliver ad-hoc training/workshops intra-org which encourage User Awareness of security risk, and uplift other team members with new knowledge.
Provide daily SITREPs to local teams regarding attacker activity
Expereince:
- Knowledge of Intrusion Analysis on Windows end user devices and servers.
- Knowledge of Intrusion Analysis on Azure, including attacker methods of ‘living off the cloud’ such as use of Microsoft Graph API, app registrations and managed identities
- Ability to quickly research and learn about new tools and techniques
- Good working knowledge of MITRE ATT&CK Framework
Good working knowledge of networking concepts & protocols (TCP/IP, UDP, DNS, DHCP, HTTP, etc.)
- Intrusion Analysis on Windows Devices and Azure Cloud Architecture.
- Relevant SANS or similar incident response/forensics or host and analysis certifications
- Understanding of Operating System functionality and operations
- Develop hypothesis and perform threat hunting in, Azure cloud or Windows Device data
Desirable Qualifications:
- Degree-level education in Cyber Security or related area
- CompTIA Network+ / Security+
- CREST – Intrusion Analyst, Cyber Threat Intelligence
- Azure – AZ900, SC200, SC900
- AWS Cloud Essentials
SANS GCIH, GCIA or similar
Linked-in
Google