What you’ll be doing
You’ll be part of a holistic security engineering team, implementing BT-wide, multi-system, complex design, holistic use case development and management. This will require close collaboration with teams responsible for specific security capabilities in our federated security engineering approach. Core to this are the following accountabilities:
1. Designing, implementing and managing security detection use cases across a range of technologies to ensure timely alerting of security events and incidents to Security Operations staff.
2. Responding to specific threats and intelligence to enable insight from security capabilities at the pace of incidents in support of incident technical bridges.
3. Continuously improving threat detection capabilities by tuning and optimising existing use cases and retiring use cases no longer providing value.
4. Collaborate regularly across Protect BT Group stakeholders and engineering teams to quickly respond to new use cases
5. Act as a security use case subject matter expert, responding to requests, working with wider teams, making priority decisions and deciding the best action to regularly advance our threat detection capabilities
6. Proactively adapting and maintaining threat intelligence and detection capabilities to ensure we provide the best possible environment to keep BT safe.
7. Enhance data enrichment by integrating threat intelligence feeds and contextual information.
8. Contribute to security engineering projects, transitions, and transformations.
9. Work closely with security operations and associated security incident response systems
10. Stay informed about emerging threats and security best practices.
11. Drive end to end automation across the eco system of security capabilities to drive efficiency and speed of response to cyber threats.
12. Collaboration with commercial security teams where BT consumes our commercial propositions for internal use.
Skills Required for the Role
Communication:
13. Able to effectively communicate across multiple engineering teams
14. Coordinate across multiple teams to work towards a common goal
15. Collaborate with a wider range of stakeholders, reporting progress and adapting quickly to feedback
Delivery:
16. Responsible for the delivery and in life management of complex use cases
17. Coordinating rapid responses to changes in the threat landscape
18. Working across multiple stakeholders to ingest, parse, index and consume data feeds required to evolve our threat hunting ability
19. Drive automation of data ingestion, transformation and loading tasks
Design:
20. Responsible for designing complex security use case detection logic
21. Documenting design decisions and communicating with engineering teams
22. Proactively understanding how we can get more value from SIEM and other tooling to continually mature our capabilities
23. Design, develop, and maintain data pipelines using Logstash, part of the Elastic Stack.
Data Cleaning and Enrichment with Elasticsearch:
24. Utilize Elastics for efficient data storage and retrieval.
25. Implement data validation, enrichment, and indexing.
26. Collaborate with data analysts to create meaningful search experiences.
Database Architecture and Scaling with Elastic:
27. Optimize data storage and retrieval mechanisms within Elastic clusters.
28. Design and Implement sharding, replication, and index management strategies.
Security and Compliance with Elastic Security:
29. Set up access controls, authentication, and encryption using Elastic Security features.
30. Ensure compliance with data protection regulations.
Performance Tuning with Elastic and Logstash:
31. Fine-tune query performance using Elastic indices and mappings.
32. Monitor Logstash pipelines and optimize resource utilization.
Kibana Visualization and Monitoring:
33. Leverage Kibana for data visualization, dashboards, and real-time monitoring.
34. Create custom visualizations to track data quality metrics and system performance.
Kafka integration
Experience Required for the Role
MANDATORY
35. Experience working in the threat intelligence / threat hunting environment
36. Knowledge of working on a SIEM/big data/ threat hunting capability
37. Experience in cyber security implementation and support
38. Knowledge of security best practices, regulatory requirements and standards
39. ELK stack awareness
40. Knowledge of the MITRE ATT&CK framework
PREFERRED
41. Experience supporting complex cyber security or IT projects.
42. Actively worked on a SIEM solution and experience of use case detection/creation
43. Detailed knowledge of Elastic architecture
Benefits
44. On target 10% on target bonus
45. BT Pension scheme, minimum 5% Employee contribution, BT contribution 10%
46. From January 2025, equal family leave: receive 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate. It’s for all parents, no matter how your family is made up.
47. Enhanced women’s health support: including help with menopause symptoms, cancer screenings, period care and more.
48. 25 days annual leave (not including bank holidays), increasing with service
49. 24/7 private virtual GP appointments for UK colleagues
50. 2 weeks carer’s leave
51. World-class training and development opportunities
52. Option to join BT Shares Saving schemes.