What you’ll be doing
1. Design, build, automate and operate TSA aligned Privileged Access Workstations, Privilege Access Management and Identity Access Management platforms supporting the live network and critical applications.
2. Ensure platforms are secure, resilient and highly available, meeting agreed service levels and supporting 24/7 operations.
3. Embed security controls by design, translating TSA and BT security requirements into implemented, testable technical controls.
4. Monitor, maintain and continuously improve platform reliability, performance and security posture.
5. Assess and manage security risk and control maturity, using threat modelling, security assessments, and resilience testing to inform design and investment decisions.
6. Respond to incidents and service issues, participating in an on-call rota to support PAW, PAM and IAM services in live operation.
7. Work closely with architecture, service and operations teams to deliver compliant, and operable secure access solutions.
8. Produce and maintain technical documentation and compliance evidence to support TSA assurance and audit activities.
9. Potential line management opportunities but not essential to have experience in it
Skills Required for the Role
10. Hands on engineering experience designing, building, automating, hardening as well as operating secure access and identity services for live, business critical environments.
11. Comfortable making mistakes, learning from them, fixing them, and moving on.
12. Experience producing clear technical documentation and compliance evidence to support audit and assurances activities.
13. Understanding of identity, authentication, authorisation and/or privileged access concepts within enterprise and network centric environments.
14. Confidence working across Windows and Linux platforms, directory services, networking and secure remote access technologies.
15. Ability to operate calmly under pressure, troubleshoot complex technical issues and restore service safely on live systems.
16. Strong collaboration skills.
17. A proactive approach to learning, continuously developing technical depth across security technologies.
18. Clear and effective communication skills, able to explain technical issues, risks and decisions to a range of stakeholders.
Experience Required for the Role
19. Knowledge of any of the below is advantageous:
20. Windows/Linux server ecosystem. PKI. Identity Access Management. Firewalls/ VPN / ZTNA. Proxy servers. Privileged Access Management. PowerShell scripting and Ansible.
21. Technical design, build and delivery.
22. Writing security operating procedures.
23. Security control integration.
24. Security hardening & hygiene.
25. Working in regulated environment
26. 24/7 technical operations.
Benefits
27. On target 10% on target bonus
28. BT Pension scheme, minimum 5% Employee contribution, BT contribution 10%
29. From January 2025, equal family leave: receive 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate. It’s for all parents, no matter how your family is made up.
30. Enhanced women’s health support: including help with menopause symptoms, cancer screenings, period care and more.
31. 25 days annual leave (not including bank holidays), increasing with service
32. 24/7 private virtual GP appointments for UK colleagues
33. 2 weeks carer’s leave
34. World-class training and development opportunities
35. Option to join BT Shares Saving schemes.