Senior SOC Analyst and Penetration Tester

Job Description
BAE Systems is expanding our cybersecurity team to build and sustain a mission-focused solution for a restricted Intelligence Community customer. As our Senior SOC Analyst and Penetration Tester, you'll play a pivotal role in shaping this new capability. You'll anticipate threats, think like a determined and well-equipped adversary, and deliver expert mitigation strategies to ensure the system's continued security and resilience. If you're driven, have something to prove, and thrive in high-stakes environments, we want you to help us outsmart emerging threats and harden our defenses. The ideal candidate will have hands-on experience in penetration testing and a strong grasp of both cloud and traditional network security. This position reports directly to the Program Manager and works closely with junior analysts to help grow their skills.
Key Responsibilities:

• Perform offensive penetration testing on a variety of systems, including cloud environments (primarily AWS, but also Azure, Google, Oracle) and traditional network/system security (Cisco networking, Windows, RHEL, etc.).
• Identify and exploit potential vulnerabilities across systems and infrastructure, using both overt and covert methods.
• Provide clear, actionable recommendations for mitigating identified risks.
• Communicate complex technical findings to senior management, translating risks and mitigation strategies into terms that are easily understood and provide a compelling case for the necessary investment to mitigate the identified threats.
• Coach junior SOC analysts and provide guidance on security response and mitigation techniques for real-world or simulated attacks.
• Proactively research and maintain situational awareness of the most common and emerging threat sets relevant to DoD and IC customers and discern which threats pose the greatest risk to our platform based on a deep understanding of customer mission use cases.
• Collaborate closely with the customer's cybersecurity team to develop and deliver briefings that outline emerging threats, their potential impact, and recommended mitigation strategies.
• Design, implement, and manage security monitoring and detection tools, such as SIEM systems, to ensure comprehensive visibility into security events and threats.
• Develop, implement, and maintain incident response plans, procedures, and playbooks to ensure effective and efficient response to security incidents.
• Analyze and correlate security event data from various sources, including logs, network traffic, and threat intelligence feeds, to identify potential security threats and incidents.
• Manage and prioritize multiple projects and tasks simultaneously, including penetration testing engagements and SOC operations, to meet organizational objectives.

XYZ
Required Education, Experience, & Skills
Qualifications:

• 10+ years of total experience in cybersecurity, with at least 5 years directly focused on penetration testing.
• Experience with DoD environments is required, with IC-specific experience highly desired.
• Strong experience in both cloud security (AWS, Azure, Google, Oracle) and traditional network/system security (Cisco networking, Windows, RHEL).
• Proven ability to explain complex technical risks to non-technical management in a clear and concise manner.
• Ability to think like a nation-state threat actor and proactively test and exploit vulnerabilities in the system.
• Ability to coach and mentor junior staff, particularly in the context of real-world threat simulation.

Required Certifications:

• OSCP (Offensive Security Certified Professional)
• GIAC Penetration Tester (GPEN)

Preferred Education, Experience, & Skills
Desired Certifications:

• OSCE (Offensive Security Certified Expert)
• Certified Red Team Professional (CRTP)

Pay Information
Full-Time Salary Range: $130355 - $221603
Please note: This range is based on our market pay structures. However, individual salaries are determined by a variety of factors including, but not limited to: business considerations, local market conditions, and internal equity, as well as candidate qualifications, such as skills, education, and experience.
Employee Benefits: At BAE Systems, we support our employees in all aspects of their life, including their health and financial well-being. Regular employees scheduled to work 20+ hours per week are offered: health, dental, and vision insurance; health savings accounts; a 401(k) savings plan; disability coverage; and life and accident insurance. We also have an employee assistance program, a legal plan, and other perks including discounts on things like home, auto, and pet insurance. Our leave programs include paid time off, paid holidays, as well as other types of leave, including paid parental, military, bereavement, and any applicable federal and state sick leave. Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards. Other incentives may be available based on position level and/or job specifics.
About BAE Systems Intelligence & Security
BAE Systems, Inc. is the U.S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it's what we do at BAE Systems. Working here means using your passion and ingenuity where it counts - defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a team-making a big impact on a global scale. At BAE Systems, you'll find a rewarding career that truly makes a difference.
Intelligence & Security (I&S), based in McLean, Virginia, designs and delivers advanced defense, intelligence, and security solutions that support the important missions of our customers. Our pride and dedication shows in everything we do-from intelligence analysis, cyber operations and IT expertise to systems development, systems integration, and operations and maintenance services. Knowing that our work enables the U.S. military and government to recognize, manage and defeat threats inspires us to push ourselves and our technologies to new levels.
This position will be posted for at least 5 calendar days. The posting will remain active until the position is filled, or a qualified pool of candidates is identified.