Incident Response Specialist

Incident Response Specialist

BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts who work collaboratively across 10 countries to collect, connect and understand complex data. Our team investigates some of the most complex nation‑state threat actors and intrusions on a daily basis.

Location: Primarily home‑based with international travel (approximately one week every two months and occasional office visits in Frimley, Guildford, Manchester, Gloucester and London).

Grade: GG10
Referral Bonus: £5,000

• Lead the investigation of cyber‑attacks against customers as part of the global Incident Response team.
• Develop tradecraft in investigating complex attacks and mentor new joiners.
• Conduct forensic analysis of Windows, Linux and macOS systems.
• Analyze log files such as firewall, proxy and DNS logs.
• Assess tools, techniques and procedures of different actors ranging from hacktivist and criminal to state‑sponsored groups.

• Strong subject matter expertise in investigating and responding to cyber intrusions.
• Two or more years of experience investigating complex network intrusions (state‑sponsored groups or targeted ransomware attacks).
• Experience using forensic tools such as EnCase, Velociraptor, Timesketch and Cellebrite UFED.
• Awareness of EDR tools such as Crowd Strike, Sentinel One, Microsoft Defender for Endpoint or Tanium.
• Self‑starter with the ability to identify problems early and develop solutions using own initiative.
• Ability to communicate complicated technical challenges in business language for stakeholders ranging from IT teams to C‑level executives.
• Ability to write Incident Response reports concisely and proficiently, and to use graphics to illustrate scenarios or datasets.
• Willingness to travel for international engagements.

• Knowledge of or willingness to learn scripting/programming languages such as Python, Power Shell and C#.
• Familiarity with the threat landscape and knowledge of threat actors and campaigns.
• Certifications such as CREST (CCIM, CCHIA, CCNIA, or CCMRE) or GIAC (GEIR, GCFE, GCFA, GNFA, or GREM) are an advantage.

This is a place where you’ll be able to make a real difference. You’ll be part of an inclusive culture that values diversity of thought, rewards integrity and merit, and where you’ll be empowered to fulfil your potential. We welcome people from all backgrounds and aim to make our recruitment process as inclusive as possible.

Many roles at BAE Systems are subject to security and export control restrictions, meaning nationality, prior nationalities and place of birth can affect eligibility. All applicants must achieve at least the Baseline Personnel Security Standard. Some roles require higher levels of National Security Vetting, typically requiring 5‑10 years of continuous residency in the UK.

We are embracing Hybrid Working: you may work from home, another BAE Systems office or a client site, some or all of the time. This flexibility helps balance work and personal life, enhancing well‑being. Diversity and inclusion remain integral to our success.

Mid‑Senior level