What you’ll be doing
SIEM Solution Development:
1. Collaborate with security analysts and architects to design and implement SIEM solutions using Elasticsearch.
2. Optimize SIEM rules, alerts, and dashboards for efficient threat detection.
Collaboration:
3. Collaborate effectively with others to drive forward key security objectives
4. Presentation and documentation writing (to both technical and business audiences)
Query Optimization and Performance Tuning:
5. Write efficient Elasticsearch queries to retrieve relevant security events.
6. Monitor and manage the performance of the SIEM infrastructure.
Security Engineering:
7. Contribute to security engineering projects, transitions, and transformations.
8. Work closely with security operations and associated security incident response systems
9. Stay informed about emerging threats and security best practices.
Data Ingestion and Enrichment:
10. Configure Elasticsearch pipelines for data ingestion from various sources, primarily from Kafka
11. Enhance data enrichment by integrating threat intelligence feeds and contextual information.
12. Keep abreast of relevant technologies in the area
13. Reading, attending briefings and talks.
14. Contribute to the running of your team.
15. Knowledge-sharing,
16. In team discussions,
17. Defining and improving working procedures
18. Organisation of team events.
19. Help colleagues in the team to grow by mentoring when required.
20. Keep abreast of relevant news and updates at BT. This may entail the following: attending briefings and talks.
21. Agree personal goals with the Team Lead for the year and work towards achieving these.
Skills Required for the Role
Essential:
Security and Compliance with Elastic Security:
22. Set up access controls, authentication, and encryption using Elastic Security features.
23. Ensure compliance with data protection regulations.
Detection Rule Development:
24. Ability to create, test, and optimise detection rules to identify suspicious activities and potential threats based on the MITRE ATT&CK Framework
Performance Tuning with Elasticsearch and Logstash:
25. Fine-tune query performance using Elasticsearch indices and mappings.
26. Monitor Logstash pipelines and optimize resource utilization.
Kibana Visualization and Monitoring:
27. Leverage Kibana for data visualization, dashboards, and real-time monitoring.
28. Create custom visualizations to track data quality metrics and system performance.
Elastic integration
29. Integration of the SIEM with critical systems to provide alerting, monitoring, data enrichment.
ETL Processes with Logstash:
30. Design, develop, and maintain data pipelines using Logstash, part of the Elastic Stack.
31. Automate data ingestion, transformation, and loading tasks.
Beats for Data Collection:
32. Agent and Agent Policy Management: Proficiency in configuring and managing agents, including setting up agent policies for various operation systems.
33. Ensure seamless data flow from endpoints to the Elastic Stack.
Data Cleaning and Enrichment with Elasticsearch:
34. Utilize Elasticsearch for efficient data storage and retrieval.
35. Implement data validation, enrichment, and indexing.
36. Collaborate with data analysts to create meaningful search experiences.
Database Architecture and Scaling with Elasticsearch:
37. Optimize data storage and retrieval mechanisms within Elasticsearch clusters.
38. Implement sharding, replication, and index management strategies.
End-to-End Solution Delivery:
39. Expertise in taking ownership of a requirement from start to finish, including gathering detailed requirements, designing, and implementing robust, innovative solutions.
Experience Required for the Role
Mandatory
40. Bachelor’s/Master’s degree in Computer Science, Information Systems, Engineering, or other related fields
41. 5+ years of engineering experience in delivering cybersecurity solutions
42. Experience in key cyber technologies such as SIEM technologies (Elastic preferred), vulnerability management, access management and other commonly used Enterprise security controls. Ideally from both a development and operational perspective
Advantageous:
43. SIEM implementation and usage Experience of Elastic Stack (ELK)
44. Knowledge of Offensive testing frameworks
45. Knowledge of Linux, Windows and Network Administration
46. Knowledge and experience of cloud services (public or private), OpenStack and K8S
47. Cyber security qualifications
48. Knowledge of Telecoms Security Act (TSA)
49. Knowledge of architectural concepts such as microservices, service mesh.
50. Knowledge of Git and Devops practices
51. Knowledge of Terraform/Ansible systems
52. Strong knowledge of security policy/regulatory frameworks
53. At least 3-5 years experience of cyber security engineering and delivery
Benefits
54. On target 10% on target bonus
55. BT Pension scheme, minimum 5% Employee contribution, BT contribution 10%
56. From January 2025, equal family leave: receive 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate. It’s for all parents, no matter how your family is made up.
57. Enhanced women’s health support: including help with menopause symptoms, cancer screenings, period care and more.
58. 25 days annual leave (not including bank holidays), increasing with service
59. 24/7 private virtual GP appointments for UK colleagues
60. 2 weeks carer’s leave
61. World-class training and development opportunities
62. Option to join BT Shares Saving schemes.