SOC Analyst

Location(s): UK, Europe & Africa : UK : London 

BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.
 

Job Title: SOC Analyst

Location: London - We offer a range of hybrid and flexible working arrangements – please speak to your recruiter about the options for this particular role

Grade: GG10

Referral Bonus: 5000

What You’ll Be Doing

BAE Systems have been contracted to provide Security Operations services to support the cyber defence of a number of UK CNI organisations. BAE Systems provides these services through either the stand up and delivery of a dedicated security operations centre to the that organisation, or through the integration of our own staff, team and expertise into the organisations existing Security Operations capabilities and teams.

The networks we protect may be a combination of on-premises and/or Azure and AWS cloud hosted platforms, in some cases with many hundred systems within these environments that must be protected.  In addition there may be scope for the monitoring non-enterprise IT environments, such as safety critical operational technology systems.

The SOCs may be staffed by a blend of customer and BAE Systems staff, based in multiple locations, but day to day operations will be mixed between delivery from our offices, with working from customer site locations within the UK. Whilst there may be the opportunity for hybrid working for this role – typically up to 2-3 days per week from home, some face-to-face on site working is essential to this role.

The SOC Analyst roles are ‘hands-on’ shift-based roles, working as part of a 24/7 operation with four shift teams working in a standard rotation.

They are responsible for utilising the SOC’s Security Incident and Event Management (SIEM) toolsets to detect and investigate potential Security and Service Incidents occurring within the monitored networks.

Responsibilities

• Senior Security Operations Analyst role, which includes
• Responsibilities may include some or all of:
  • Monitor, triage, analyse and investigate alerts, log data and network traffic using the customer and/or BAE Protective Monitoring platforms and wider resources to identify cyber-attacks / security incidents.
  • Depending on operational model  - ensure that the shift handover briefs is prepared and delivered to the incoming shift or on-call staff.
• Categorisation and escalation all suspected incidents in line with the Security Incident policy.
• Recognise potential, successful and unsuccessful intrusion attempts and compromises through reviews and further analysis of relevant event detail and incident summary information.
• Write up or update high quality security incident tickets using a combination of existing knowledge resources and independent research.
• Assist with remediation activities and conduct permitted remediation (or support customer stakeholders) to inhibit cyber-attacks, clean up IT systems and secure networks against repeat attacks.
• Produce or support production of security incident review reports to present information about the security incident and provide security improvement recommendations based on the security incident review.
• Support SIEM alert enrichment, case management and process optimisation and refinement.
• Support production and refinement of playbooks for use by SOC operations.
• Conduct/be part of threat-led exercises to support testing or response capability and education of wide organisational team
• Understand Threat Intelligence and its use in an operational environment
• Support and coach junior SOC analysts
• Act as an escalation point for junior analysts.

 Requirements

 Technical

• Understanding of Basic Python and/or scripting skills, Windows, OS X, and Linux
• Experience using Splunk & Splunk Enterprise Security and Sentinel, good demonstratable knowledge of SIEM query languages (SPL and KQL) and Dashboarding.
• Splunk Configuration [CIM Mapping],  Splunk Administration/Web Administration
  • Streamlining of queries
  • Understanding of props and transforms
  • Understanding of Log Sources and Data Ingestion.
  • CIM Mapping and Splunk Tuning for optimal queries
  • API Experience for logging and monitoring
• Working with a range of security tooling/technology
• Understanding of threat intelligence and threat actors, TTPs and operationalising threat intelligence. Experience of context into against UK CNI desirable.
• Experience with Identity Management systems (Entra/AAD) and MFA technologies
• Experience in investigating complex network intrusions (by state-sponsored groups or targeted ransomware attacks).
• Understand TCP/IP component layers to identify normal and abnormal traffic
• Experience with WAF/Firewalls
• Understanding of on-premise, cloud and hybrid networking (physical and virtual appliances)
• Certifications in Azure Security & Splunk including but not limited to Power user, Administration.
• Understanding of AWS &/or Azure cloud services
• Experience of Splunk (with ES) &/or Sentinel, content development experience desirable

 Non-technical

• Client side consulting, including stakeholder engagement and the ability to communicate insights and concepts to others (including briefing skills and report writing)
• Coaching mindset – Mentor junior analysts
• Security process development
• Able to understand and adapt to different cultures and hierarchical structures.
• Self-starter and capable of independent working
• Team player and adept at working in multi-disciplinary and diverse teams
• Ability to work on-site and remote, both business hours and on-call out of hours rota if needed

Benefits 

As well as a competitive pension scheme, BAE Systems also offer employee share plan, an extensive range of flexible discounted health, wellbeing and lifestyle benefits including including a green care scheme, private health plans and shopping discounts – you may also be eligible for an annual incentive.

Why BAE Systems?

This is a place where you’ll be able to make a real difference. You’ll be part of an inclusive culture which values diversity, rewards integrity and merit, and where you’ll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently under-represented within our industry including women, ethnic minorities, people with disabilities and LGBTQ+ individuals

We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments.

Please be aware that many roles at BAE Systems are subject to both security and export control restrictions. These restrictions such as your nationality, any nationalities which you previously may have held and your place of birth can restrict the roles you are able to perform within the organisation.

All applicants must as a minimum achieve Baseline Personnel Security Standard. Many roles also require higher levels of National Security Vetting where applicants must typically have 5 to 10 years

Life at BAE Systems Digital Intelligence 

We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day.

By embracing technology, we can interact, collaborate and create together, even when we’re working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well-being.

Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds – the best and brightest minds – can work together to achieve excellence and realise individual and organisational potential.

Division overview: Government

At BAE Systems Digital Intelligence, we pride ourselves in being a leader in the cyber defence industry, and Government contracts are an area we have many decades of experience in. Government and key infrastructure networks are critical targets to defend as the effects of these networks being breached can be devastating.

As a member of the Government business unit, you will defend the connected world and ensure the protection of nations. We all have a role to play in defending our clients, and this is yours.