Junior SOC Analyst – National Security West
Posted 7 days ago by BAE Systems
Negotiable
Undetermined
Hybrid
Leeds, England, United Kingdom
Summary: The Junior SOC Analyst role at BAE Systems Digital Intelligence involves monitoring and investigating security incidents within a dedicated Security Operations Centre (SOC) that supports a major UK Critical National Infrastructure (CNI) organization. The position requires existing security clearances and entails working in a hands-on, shift-based environment as part of a 24/7 operation. Analysts will utilize SIEM and SOAR tools to detect potential security threats and contribute to incident response and remediation efforts. The role emphasizes collaboration and continuous improvement in security practices to protect critical systems hosted in cloud environments.
Key Responsibilities:
- Monitor, triage, analyse and investigate alerts, log data and network traffic to identify cyber-attacks/security incidents.
- Categorise all suspected incidents in line with the Security Incident policy.
- Recognise potential, successful and unsuccessful intrusion attempts and compromises through analysis of event details.
- Write high-quality security incident tickets using knowledge resources and independent research.
- Assist with remediation activities to inhibit cyber-attacks and secure networks.
- Produce security incident review reports with recommendations for security improvements.
- Understand and operationalise Threat Intelligence in an operational environment.
- Support incident response to national scale incidents in a coaching capacity.
- Collaborate with other teams to improve services based on customer needs.
Key Skills:
- Basic Python and/or scripting skills.
- Experience with Windows, OS X, and Linux.
- Experience using Splunk and Sentinel.
- Strong understanding of security architecture and networking.
- Detailed understanding of threat intelligence and threat actors.
- Experience in investigating complex network intrusions.
- Understanding of TCP/IP component layers.
- Knowledge of AWS and/or Azure cloud services.
- Client-side consulting and stakeholder engagement skills.
- Security process development experience.
- Self-starter with the ability to work independently.
- Desirable: Software engineering experience and penetration testing skills.
Salary (Rate): undetermined
City: Leeds
Country: United Kingdom
Working Arrangements: hybrid
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Location(s): UK, Europe & Africa : UK : Leeds
BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.
Job Title: Junior SOC Analyst
Requisition ID: 121686
Location: Leeds
Grade: GG07 -GG08
BAE Systems have been contracted to undertake the day to day operation of (and incremental improvement of) a dedicated Security Operations Centre (SOC) to support the defence of a major UK CNI organisation. The networks protected are predominantly hosted in Azure and AWS cloud platforms, with many hundred systems within these environments that must be protected. The customer is committed to development of this improved SOC to be a benchmark of best practice and excellence in reflection of the significant threat that the protected systems are subject to. The SOC will be staffed by a blend of customer and BAE Systems staff, based in multiple locations, but with the day to day operations based from our Leeds office (due to the need for customer network access available at this location).
The SOC Analyst roles are ‘hands-on’ shift based roles, working as part of a 24/7 operation with four shift teams working in a standard rotation. They are responsible for utilising the SOC’s SIEM and SOAR toolsets to detect and investigate potential Security and Service Incidents occurring within the monitored networks. These roles require a minimum of SC clearance and be prepared to undergo DV clearance. Due to timelines for the start of operations, it will not be possible to sponsor new clearances so candidates must have existing clearances.
Responsibilities
- Monitor, triage, analyse and investigate alerts, log data and network traffic using the Protective Monitoring platform and Internet resources to identify cyber-attacks / security incidents.
- Categorise all suspected incidents in line with the Security Incident policy
- Recognise potential, successful and unsuccessful intrusion attempts and compromises through reviews and further analysis of relevant event detail and incident summary information.
- Write up high quality security incident tickets using a combination of existing knowledge resources and independent research.
- Assist with remediation activities (or support customer stakeholders) to inhibit cyber-attacks, clean up IT systems and secure networks against repeat attacks.
- Produce security incident review reports to present information about the security incident and provide security improvement recommendations based on the security incident review.
- Understand Threat Intelligence and its use in an operational environment
- Support incident response to national scale incidents in a coaching capacity
- Work with other teams within BAE to improve services on the basis of customer needs.
Requirements
Technical
- Basic Python and/or scripting skills, Windows, OS X, and Linux
- Experience using Splunk and Sentinal
- Working with a range of security tooling/technology
- Strong understanding of security architecture, in particular networking
- Detailed understanding of threat intelligence and threat actors, TTPs and operationalising threat intelligence.
- Experience in investigating complex network intrusions (by state-sponsored groups or targeted ransomware attacks).
- Understand TCP/IP component layers to identify normal and abnormal traffic
- Understanding of AWS &/or Azure cloud services
- Experience of Splunk (with ES) &/or Sentinel, content development experience desirable
Non-technical
- Client side consulting, including stakeholder engagement and the ability to communicate insights and concepts to others (including briefing skills and report writing)
- Security process development
- Able to understand and adapt to different cultures and hierarchical structures.
- Self-starter and capable of independent working
Desirable
- Software engineering experience
- Penetration testing skills
Life at BAE Systems Digital Intelligence
We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day. By embracing technology, we can interact, collaborate and create together, even when we’re working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well-being.
Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds – the best and brightest minds – can work together to achieve excellence and realise individual and organisational potential.
Division overview: Government
At BAE Systems Digital Intelligence, we pride ourselves in being a leader in the cyber defence industry, and Government contracts are an area we have many decades of experience in. Government and key infrastructure networks are critical targets to defend as the effects of these networks being breached can be devastating. As a member of the Government business unit, you will defend the connected world and ensure the protection of nations. We all have a role to play in defending our clients, and this is yours.