hackajob is collaborating with BAE Critical Skills to connect them with exceptional professionals for this role.
Job Title: External Attack Surface Management Analyst
Job Location: Preston or Frimley - Hybrid-2 days a month onsite. We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role.
\Circa £45,000 depending on skills and experience
Join BAE Systems and you’ll be part of something bigger. As a valued member of our global colleague network, you’ll bring your unique skills and perspectives to help pioneer progress and protect what matters most. n Working within Cyber Operations, you will help safeguard BAE Systems against evolving cyber threats by supporting and enhancing the External Attack Surface Management (EASM) capability across people, process, and technology. You will contribute to an intelligence-led approach to cyber operations, ensuring external assets are identified, assessed, and continuously tested. The role supports detection assurance by identifying shadow IT and unmanaged exposures, providing confidence to leadership that security controls and monitoring capabilities are effective and aligned to organisational security standards.
\Proactively discover, track, and maintain visibility of external attack surface assets, including unknown and shadow IT exposures
Investigate and validate externally visible exposures, assessing real-world risk, attacker relevance, and exploitability
Monitor changes in external exposure, identifying new assets, regressions, and emerging risks across the estate
Collaborate with Threat Intelligence and Cyber Operations to align exposure findings with attacker activity and remediation priorities
Produce clear, actionable reporting on external exposures, trends, and security posture to support risk reduction and decision-making
\Good understanding of external reconnaissance techniques, OSINT, and how attackers identify and profile internet-facing assets
Proven experience in attack surface discovery, asset enumeration, and identifying unknown or shadow IT exposures
Good investigative mindset with the ability to analyse incomplete or ambiguous external data and determine genuine security risk
Experience working with internet-facing protocols and data sources (e.g. Not only do we protect BAE systems and its employees, indirectly we protect those who protect us – who serve in our military and rely on the products and services we create across Threat Intelligence, Detection, Incident Response and now Active Defence we work to evolve cyber operations as a world class capability.
\You’ll be recognised for your contribution and enjoy rewards tailored to what’s most important to you and your family - support for your financial and personal wellbeing, as well as a balanced lifestyle. n We’re committed to building an inclusive workplace where everyone feels valued and supported. We know that a diversity of backgrounds, perspectives and experiences strengthens our teams and is vital to the work we do.
#LI-Hybrid