SOC Analyst

at  BAE Systems

LOCATION(S): UK, EUROPE & AFRICA : UK : LEEDS

BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.

REQUIREMENTS

Technical

• Basic Python and/or scripting skills, Windows, OS X, and Linux
• Experience using Splunk and Sentinal
• Working with a range of security tooling/technology
• Strong understanding of security architecture, in particular networking
• Detailed understanding of threat intelligence and threat actors, TTPs and operationalising threat intelligence.
• Experience in investigating complex network intrusions (by state-sponsored groups or targeted ransomware attacks).
• Understand TCP/IP component layers to identify normal and abnormal traffic
• Understanding of AWS &/or Azure cloud services
• Experience of Splunk (with ES) &/or Sentinel, content development experience desirable

Non-technical

• Client side consulting, including stakeholder engagement and the ability to communicate insights and concepts to others (including briefing skills and report writing)
• Security process development
• Able to understand and adapt to different cultures and hierarchical structures.
• Self-starter and capable of independent working

• Monitor, triage, analyse and investigate alerts, log data and network traffic using the Protective Monitoring platform and Internet resources to identify cyber-attacks / security incidents.
• Categorise all suspected incidents in line with the Security Incident policy
• Recognise potential, successful and unsuccessful intrusion attempts and compromises through reviews and further analysis of relevant event detail and incident summary information.
• Write up high quality security incident tickets using a combination of existing knowledge resources and independent research.
• Assist with remediation activities (or support customer stakeholders) to inhibit cyber-attacks, clean up IT systems and secure networks against repeat attacks.
• Produce security incident review reports to present information about the security incident and provide security improvement recommendations based on the security incident review.
• Understand Threat Intelligence and its use in an operational environment
• Support incident response to national scale incidents in a coaching capacity
• Work with other teams within BAE to improve services on the basis of customer needs.