BAE Systems Digital Intelligence (formerly Detica) hires cleared cyber professionals for UK Gov, defence and intelligence customers. Expect heavy emphasis on clearance, mission and trade-craft.
Walk me through how you'd run an IR engagement inside a classified environment without internet-connected tooling.
Air-gapped toolkit (offline EDR triage, manual collection scripts, hash-based IOC matching), staged evidence transfer via approved cross-domain, manual upstream reporting, careful documentation for clearance audit trail.
How do you reason about an APT's likely next move?
Diamond Model: adversary capability + infrastructure + victim + TTPs. Cross-reference with MITRE ATT&CK + recent FVEY advisories. Build hypothesis, prioritise hunt queries, brief customer at SC level.
A junior analyst wants to share an indicator on public Twitter. How do you handle it?
Stop, redirect to MISP / approved sharing channel, brief on attribution / sources-and-methods risk, refresher training, log the event. Not a disciplinary unless repeated.
Why BAE over a Big-4 cyber practice?
Mission proximity, cleared work, deep adversary tradecraft, longer engagement lifecycles, ability to work on platforms not products.
Tell me about your most operationally significant incident.
STAR — pick something with measurable mission impact. Avoid anything you can't discuss in an unclassified setting.
You need to be eligible for SC (5 years UK residency) or DV (10 years). Active clearance is preferred but BAE will sponsor.
No — major sites in Guildford, Gloucester, London, Leeds. Some roles require on-site presence in secure facilities.
Lower base, but pension + benefits are strong and cleared roles command a premium in the market.
Premium members get the full round structure, signals, and AI-graded practice.