Threat Intelligence Technical Specialist

BAE Systems Digital Intelligence is home to 4,800 digital, cyber and intelligence experts. We work collaboratively across 16 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.

• Responsibilities

Investigate cyber intrusions and threat activity as part of the global Threat Intelligence team.

Discover, analyse, document, and track advanced threat actor campaigns through malware reverse engineering.

Conduct research on threat actors (from hacktivist to criminal to state), and their tools, techniques, and procedures (TTPs) using commercial and open sources.

Produce finished intelligence reports related to state and criminal threats, with insights into attacker techniques and identified campaigns, and including actionable mitigation and detection guidance.

Develop tools to assist with automation of malware analysis tasks and tracking of threat actors.

Work in a collaborative environment with other technical specialists, intelligence analysts, and customer facing consultants.

Experience tracking actors or campaigns and their associated tactics, techniques, and tools.

Strong understanding of the cyber threat landscape and ability to communicate relevant insights to customers.

Self-starter with ability to identify problems early and come up with solutions using own initiative.

Technical skills with an interest in one or more of the following : open source intelligence investigations, digital forensics, infrastructure analysis, threat hunting, or malware reverse engineering.

Reverse engineering of scripts, including PowerShell, JavaScript, and VBScript.

Understanding of networking fundamentals such as HTTP, TCP / IP, DNS and other core protocols.

Experience writing Python scripts.

Ability to document and explain technical details clearly and concisely in writing and graphics for technical and non-technical audiences.

Experience querying commercial and open sources, such as Shodan, Censys, etc.

Familiarity with malware sandboxing and using the output to pivot and find additional activity.

Experience in threat hunting and creating file / network traffic signatures using Yara and Snort.

Experience with cloud environments, including AWS and Azure.

We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day.

By embracing technology, we can interact, collaborate and create together, even when we're working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well-being.

Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds - the best and brightest minds - can work together to achieve excellence and realise individual and organisational potential.

At BAE Systems Digital Intelligence, we pride ourselves in being a leader in the cyber defence industry, and Capabilities is the engine that keeps the business moving forward. It is the largest area of Digital Intelligence, containing our Engineering, Consulting and Project Management teams that design and implement the defence solutions and digital transformation projects that make us a globally recognised brand in both the public and private sector.

As a member of the Capabilities team, you will be creating and managing the solutions that earn us our place in an ever changing digital world. We all have a role to play in defending our clients, and this is yours.