Cyber Incident Response Lead

BAE Systems.
10 Jan 2019
13 Mar 2019
Job Type
The Applied Intelligence division of BAE Systems delivers solutions which protect and enhance the connected world. Everything we do creates a safer future.
We want to solve problems for our customers and by bringing together great minds, we can work together to make the world a safer place.
BAE Systems Applied Intelligence offers world class threat intelligence, incident response and penetration testing services. The Incident Response team are certified by the NCSC and the CPNI as a quality-assured cyber incident response provider for investigating a wide range of cyber attacks including espionage, targeted attacks, and financial fraud.

This role requires you to work as technical lead with the team alongside a team of technical experts, across several areas, and providing SME support on a range of complex problems and client engagements. This will include cross team working with other teams within our business, and client teams and stakeholders, including senior execs.

We are looking for a strong investigator who can lead and investigate complex incidents, therefore experience of running and managing multiple incidents is essential.
In addition, ability to act as technical lead across the immediate team, and other senior and lead investigators, and into the wider business is key to this role.
You should expect to manage a number of Analysts performing a range of tasks from digital forensics to analysis of network data logs, likely perform a range of technical work alongside them as well as manage the bigger picture of the incident and lead the investigation.
You will also engage with the client. As part of our highly skilled technical services team, and as a technical lead, you will also support other work, ranging from supporting security reviews of bespoke control systems to research into attack methods.

What you will be doing

  • Technical Lead within our Cyber Incident Response team
  • Technical oversight and support to the cyber incident response team, and wider cyber team.
  • Deliver high quality work to meet client expectations and project deadlines
  • Perform technical analysis tasks such as forensics, analysis of network logs, malware etc.
  • Manage team members and leading incident investigations
  • Attend client site for engagements where required (often managing the incident on their side)
  • Research and analysis of techniques and threat intelligence
  • Support bids and proposals for the technical services area, and support general business development
  • Understand where off the shelf tools are appropriate and identify opportunities for novel solutions
  • Have a keen interest in security and thrive on complex challenges

What we are looking for


  • Direct experience in one or more of the following domains (and their associated tools) preferably with a recognised qualification (such as GIAC, MCP, CREST CCIM, HIA or NIA)
    • Host forensics / intrusion analysis
    • Network intrusion analysis
    • Reverse Engineering
    • Malware analysis
    • Operating System internals and security (Essential to have Windows experience, other operating systems are desirable).
  • Experience leading investigations and managing incident analysts
  • Knowledge of malware behaviour and techniques employed by attackers to evade existing security controls
  • Self motivated and motivates others keeping morale and performance high


  • Experience in penetration testing, threat intelligence and detection of incidents / network monitoring
  • Knowledge of security applications or processes in one or more of the following platforms
    • Desktop operating systems (both Linux and Windows based)
    • SCADA and Industrial Control
    • Embedded systems
  • Consultancy experience
  • Existing Developed Vetting clearance
  • Excellent relationship building skills with stakeholders, vendors and suppliers.
  • Understanding of existing and emerging technologies
  • People management skills.
  • Experience of CESG/NCSC Cyber Incident Response scheme teams (As a member, or leader)
Security Clearance is required for this vacancy. If you are not currently Security Cleared, you will need to be eligible for this and willing to go through the process. For more guidance on National Security Vetting please click here.
About BAE Systems Applied Intelligence:
We help nations, governments and businesses around the world defend themselves against cyber crime, reduce their risk in the connected world, comply with regulation, and transform their operations.  We do this using our unique set of solutions, systems, experience and processes.
Our success is down to our people. The changing nature of our business means that we're constantly looking for the brightest talent to help us fulfil our ambitions. As an experienced professional, we'll entrust you with responsibility; this means that you'll have client contact, variety and support from day one.
We'll encourage and support you to develop your skills and reward you as you grow. Whatever your area of expertise, you'll be much more than just a job title; you'll be an integral part of the business where your individual contribution makes a difference every day. Great minds deserve great rewards, so we also offer a very competitive salary and benefits package.
Diversity and Inclusion:
As a company committed to inclusion, we welcome applicants from all backgrounds and on a full or part-time basis. Diverse perspectives and innovative thinking are fundamental to our continued success. As an international organisation we strongly support flexible working conditions to accommodate for working in different time zones, cultures, patterns and client facing environments. We encourage all our staff to think about how they and their teams can work flexibly to get the best balance and results for our organisation and every individual.
Division Overview: International Services and Solutions (IS&S)
International Services and Solutions (IS&S) exists to satisfy the Applied Intelligence strategy to grow in the international large-scale security market by leveraging government relationships and differentiated propositions. Our mission is to support those who defend nations, organisations and citizens from physical and cyber threats. As well as our traditional deep expertise in communications intelligence for governments and telecommunications companies, we help our customers collect, store, analyse, and extract intelligence from open source information and to fuse multiple data sources into insightful intelligence.
We also help our clients monitor cyber activity to identify new threats and threat actors within the cyber domain, locally and nationally, and build secure communications infrastructure. We are the home for advanced electronic capability within Applied Intelligence and solve our client's requirements with a mix of advanced software and hardware solutions combined with associated services offerings.
The IS&S structure includes five regions and our Core Capability teams. They are supported by a number of functions, including Business Development and Sales, Engineering, Operations and Delivery, Finance, HR, Commercial and Legal.

Help us secure a connected world by being an unseen hero. Apply now and be inspired.

Similar jobs

Similar jobs