Threat Intelligence Specialist
Role details
Job location
Tech stack
Job description
Location: Hybrid - This role can be based from our Frimley, London or Manchester offices and we would expect a minimum of 1 day a week in the office
We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role
What you'll be doing
Investigating cyber intrusions and threat activity in the Middle East region as part of our global Threat Intelligence team.
- Discover, analyse, document, and track advanced threat actor campaigns
- Conduct research on threat actors (from hacktivist to criminal to state), and their tools, techniques, and procedures (TTPs) using commercial and open sources.
- Produce finished intelligence reports related to state and criminal threats, with insights into attacker techniques and identified campaigns, including actionable mitigation and detection guidance.
- Work in a collaborative environment with other technical specialists, intelligence analysts, and customer facing consultants.
- Support intelligence analysts with malware analysis and incident responders with technical expertise.
Requirements
- Experience tracking actors or campaigns and their associated tactics, techniques, and tools.
- Strong understanding of the cyber threat landscape and ability to communicate relevant insights to customers.
- Self-starter with ability to identify problems early and develop solutions using own initiative.
- Technical skills with an interest in one or more of the following: open source intelligence investigations, digital forensics, infrastructure analysis, threat hunting, or malware reverse engineering.
- Understanding of networking fundamentals such as HTTP, TCP/IP, DNS and other core protocols.
- Experience writing Python scripts.
- Ability to document and explain technical details clearly and concisely in writing and graphics for technical and non-technical audiences.
Desirable skills:
- Experience querying commercial and open sources, such as Shodan, Censys, etc.
- Familiarity with malware sandboxing and using the output to pivot and find additional activity.
- Experience in threat hunting and creating file/network traffic signatures using Yara and Snort.
- Experience with cloud environments, including AWS and Azure.
- Experience writing Python scripts., We are looking for a candidate with a strong understanding of the cyber threat landscape and a passion for technical analysis who is excited to become part of a growing team.
Benefits & conditions
As well as a competitive pension scheme, BAE also offers employee share plans, an extensive range of flexible discounted health, wellbeing & lifestyle benefits, including a green car scheme, private health plans and shopping discounts - you may also be eligible for an annual incentive
Why BAE Systems?
This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity of thought, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome people from all backgrounds and want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments.
