Incident Response Specialist

Location(s): UK, Europe & Africa : UK : Frimley
UK, Europe & Africa : UK : London
UK, Europe & Africa : UK : Manchester 

BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.

Job Title: Incident Response Specialist

Requisition ID:

Location: Mainly home based with International travel, approximately 1 week every 2 months and occasional travel to the offce - Frimley, Guildford, Manchester, Gloucester, London

Grade: GG10 

Referral Bonus: £5,000

BAE Systems Digital Intelligence offers world class Incident Response services to customers across the globe. Our team investigates some of the most complex nation state threat actors and intrusions on a daily basis. We have a vacancy for a Digital Forensics & Incident Response Specialist. The successful candidate would be expected to conduct forensic analysis of Windows, Linux and macOS systems, analyse log files such as firewall, proxy and DNS logs, lead incident response investigations, threat research and malware-based investigations. Members of the Incident Response team are encouraged to learn about other areas of the wider business (such as Threat Intelligence and Security Testing), and there will be opportunities to cross train and upskill if the successful applicant is interested.

We are looking for candidates with a strong technical background and deep understanding of the threat landscape that can be applied during emergency response and ongoing threat research.

Responsibilities:

• Lead the investigation of cyber-attacks against our customers as part of the global Incident Response team.

• Development of tradecraft in investigating complex attacks and mentoring of new joiners.

• Conduct forensic analysis of Windows, Linux and macOS systems.

• Perform analysis of log files such as firewall, proxy and DNS logs.

• Assessment of tools, techniques, and procedures of different actors ranging from hacktivist and criminal to state-sponsored groups.

Requirements:

• Strong subject matter expertise in investigating and responding to cyber intrusions.

• Two years or more experience in investigating complex network intrusions (by state-sponsored groups or targeted ransomware attacks).

• Experience using forensic tools such as EnCase, Velociraptor, Timesketch and Cellebrite UFED.

• Awareness of EDR tools such as Crowd Strike, SentinelOne, Microsoft Defender for Endpoint or Tanium.

• Self-starter with ability to identify problems early and develop solutions using own initiative.

• Ability to communicate complicated technical challenges in business language for a range of stakeholders, from IT teams to C-level executives.

• Ability to write Incident Response reports concisely and proficiently, as well as use graphics to illustrate scenarios or datasets.

• Willingness to travel for international engagements

Desirable skills:

• Knowledge of or willingness to learn scripting/programming languages such as Python, PowerShell and C#.

• Familiarity with the threat landscape and knowledge of threat actors and campaigns.

• Certifications such as CREST (CCIM, CCHIA, CCNIA, or CCMRE) or GIAC (GEIR, GCFE, GCFA, GNFA, or GREM) are an advantage.

Why BAE Systems?

This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity of thought, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome people from all backgrounds and want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments.

Please be aware that many roles at BAE Systems are subject to both security and export control restrictions. These restrictions mean that factors such as your nationality, any nationalities you may have previously held, and your place of birth can restrict the roles you are eligible to perform within the organisation. All applicants must as a minimum achieve Baseline Personnel Security Standard. Many roles also require higher levels of National Security Vetting where applicants must typically have 5 to 10 years of continuous residency in the UK depending on the vetting level required for the role, to allow for meaningful security vetting checks.

Life at BAE Systems Digital Intelligence 

We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day.

By embracing technology, we can interact, collaborate and create together, even when we're working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well-being.

Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds – the best and brightest minds – can work together to achieve excellence and realise individual and organisational potential.