Lead Content Detection Engineer – Leeds – National Security West

Location(s): UK, Europe & Africa : UK : Leeds 

BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.

Job Title: Lead Content Detection Engineer  
Requisition ID: 122532

Location: Leeds 

Grade: GG10

Referral Bonus: £5,000

About the Role

BAE Systems is recruiting an experienced Detection Engineering Lead to join our Security Operations Centre (SOC) supporting a Critical National Infrastructure (CNI) client. This role is a combination of technical and leadership and is responsible for setting the strategic direction of our Detection Engineering function, managing a small team of detection engineers, and ensuring the delivery of world-class security detection capabilities.

As the Detection Engineering Lead, you will take full ownership of the detection strategy, team development, and service delivery, working closely with senior stakeholders to meet contractual KPIs and drive continuous improvement across the function. This role reports directly to the Service Delivery Manager, but also will work closely with the threat intelligence lead and the SOC manager.

The Opportunity

In this role, you will define and maintain the overall detection strategy and roadmap for the Detection Engineering function, ensuring all initiatives and deliverables align to KPIs. You will be responsible for driving the direction of the engineering function, identifying opportunities for service improvements and efficiency enhancements through automation and tooling.

As a people manager, you will lead the Detection Engineering team's workload and professional development. This includes conducting regular meetings with your team to ensure they have the necessary support. You will foster a culture of continuous learning and technical excellence, through the delivery of knowledge to junior members of your team.

Operational ownership is a critical aspect of this position. You will take responsibility for business-as-usual operations and service improvement initiatives. Your ability to balance strategic thinking with operational accountability will be essential to success in this role.

Stakeholder engagement is a key responsibility. You will communicate detection efficacy; Key Performance Indicators; and continuous service improvements to the Service Delivery Manager, executives, and wider customer teams. The role requires you to make key strategic decisions, and advocate effectively for your team's requirements at senior levels.

Essential Skills and Experience

• Advanced proficiency in both Splunk and Microsoft Sentinel SIEM platforms
• Understanding and experience with AWS and Azure cloud environments
• An advanced understanding of KQL and SPL to write detections that are efficient, and high-fidelity
• Strong Python programming skills for developing and maintaining existing automation and Detection as Code pipelines
• Experience monitoring networks and working with threat intelligence, ideally understanding the MITRE ATT&CK framework
• Strong understanding of security detection methodologies and best practices
• Experience creating and presenting strategic direction and managing workloads
• Excellent communication and stakeholder management skills

Preferred Skills and Experience

• Experience with Detection as Code methodologies
• Proficiency in React or JavaScript for tooling development
• Experience in people management and team leadership

Certifications

Whilst not essential, the following courses and certifications are desirable, and we encourage and support successful candidates to continue their professional development, which can include:

• SANS courses: SEC599, SEC530, SEC699, FOR608, SEC541
• GIAC certifications: GDAT, GCIH, GCDA, GMON, GSOC, GDSA, GCED
• Other certifications: CISSP, ISSEP, CCSP; Vendor specific certifications from Splunk, AWS, or Microsoft

What We're Looking For

The ideal candidate will be a strategic thinker with strong decision-making capabilities and a proactive approach to problem-solving and continuous improvement. A commitment to team development, knowledge sharing, and staying current with emerging threats and technologies is essential.

About BAE Systems

BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.

Life at BAE Systems Digital Intelligence 

We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day.

By embracing technology, we can interact, collaborate and create together, even when we’re working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well-being.

Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds – the best and brightest minds – can work together to achieve excellence and realise individual and organisational potential.