An operational cyber researcher is able to plan and perform research into a wide range of systems and technologies with a focus on discovering and exploiting weaknesses in their design or implementation. The role provides technical guidance for customers as well as supporting bids and proposals. An operational cyber researcher has broad skills which generally involve, but are not limited to, the following activities:
- Exploratory Research.
- Vulnerability & Technical Research.
- Experimental Development.
Researchers undertaking exploratory research are expected to:
- Rapidly summarise and assess new domains.
- Provide domain knowledge for technical analysis, experimental development and subsequent engineering.
Researchers undertaking vulnerability & technical research are expected to:
- Know which pen-testing and reverse engineering tools and methodologies are appropriate to a given problem.
- Have experience of advanced vulnerability assessment techniques such as fuzzing and code injection.
Researchers undertaking experimental development are expected to:
- Develop, assess and prioritize prototype and simulated capabilities.
Mandatory Skills and Experience Required
A wide range of skills are required for Operational Research. The number one skill is being able to think systematically and take logical steps towards deconstructing a complex system. For lower-level work, an intermediate/advanced understanding of how computers work is important (eg knowing the difference between the heap and the stack, and between compiled and interpreted languages).
More required skills for this role include:
- Technical writing
- Presentation skills
- Innovative problem solving
- Team working
- Scripting (e.g. with Python)
- Rapid development of prototypes or simulations (e.g. with C#)
Other Desirable Skills and Experience
As well as the above, an Operational Cyber Researcher will need skills and experience in at least one of the areas below. An ideal candidate will cover several areas.
- Network traffic analysis
- Reverse engineering
- Vulnerability analysis
- Exploit development
- OSINT and interacting with SMEs
- Developing new research skills as appropriate
- Technical Leadership
- Team management
- Network architecture and security
- Risk assessment
- Systems engineering
- Architectural frameworks
- Processor architecture
- Operating systems and firmware
- Standard and domain-specific protocols and data formats
- Software development life cycle
- Assured development practices (at a high-level)
A wide range of tools exist, and the researcher should be able to determine which are most appropriate for a given task. Types of tools used include:
- Scripting languages (e.g. Python);
- Traffic capture and analysis tools (e.g. Wireshark);
- Disassemblers (e.g. IDA Pro);
- Debuggers (e.g. gdb);
- Decompilers (e.g. Hex-Rays Decompiler);
- Virtualization environments;
- Integrated development environments;
- Domain-specific simulation and development tools.
Security Clearance is required for this vacancy. If you are not currently Security Cleared, you will need to be eligible for this and willing to go through the process. For more guidance on National Security Vetting please click here.
Life at BAE Systems Applied Intelligence
We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day. By embracing technology, we can interact, collaborate and create together, even when we’re working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance wellbeing.
Diversity and inclusion are integral to the success of BAE Systems Applied Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds – the best and brightest minds – can work together to achieve excellence and realise individual and organisational potential.
About BAE Systems Applied Intelligence
We use our intelligence-led insights to help defend Governments, Nations and Societies from cyber-attacks and financial crime. Our customers depend on our evolving capabilities to help them safely grow their organisations. Our unprecedented access to threat intelligence, world-leading analysts and market-leading technology means we can help them to adapt, evolve and stay ahead of the criminals.
Division overview: Government
At BAE Systems Applied Intelligence, we pride ourselves in being a leader in the cyber defence industry, and Government contracts are an area we have many decades of experience in. Our Government business unit houses four of our critical client groups: UK National Security, Global National Security, defence and central government. Government and key infrastructure networks are critical targets to defend as the effects of these networks being breached can be devastating.
As a member of the Government business unit, you will defend the connected world and ensure the protection of nations. We all have a role to play in defending our clients, and this is yours.