Posting Date: 7 Jan 2025
Function: Cyber Security
Unit: Networks
Location: Assembly, Bristol, United Kingdom
Salary: Competitive with Great Benefits
BT Group’s brand, reputation and ability to serve its customers and grow its business is founded on a strong security posture and ability to defend against harm and minimise risk. You are responsible for the implementation and operational delivery of an intelligence led Security Operations Centre (virtual) as defined by the Cyber Security Mission Strategy that will defend BT globally from Cyber adversaries.
Growing on a daily basis we see more sophisticated threat actors (often nation states) developing their tactics to new heights and targeting our industry, the Protect BT Group Cyber Operations and Intelligence team will be a key part BT Group and the UK critical networks safe.
BT Group’s Cyber Operations and Intelligence leverage threat intelligence, predictive analytics, automation and proactive lessons learned through exercising, to ensure BT Group is equipped to meet the continually evolving threat landscape in an agile, ambitious, proactive and financially astute manner.
The team are responsible for defining and triaging intelligence from BT Groups range of sources and partners, and determining the potential risk and impact to the BT. With the threat-led strategy the cyber security specialists will conduct a range of proactive discovery, threat hunting and reactive monitoring of security tooling to investigate signs of potential malicious activities and carry out any remediation actions within the guidance of incident and problem management to ensure BT remains secure and online.
Working alongside our partners within NCSC and other Telecommunications providers we will be developing our Strategic and Operational collaboration working groups to best use BT’s ringside seat to establish targeted bilateral intelligence-sharing relationships with similarly capable Global peers.
This role follows hybrid working (3 days in the office) in either Bristol or Manchester
SC Clearance eligibility is advantageous
What you’ll be doing
* Responsible for ensuring BT is defended against threat attack vectors, actors and their tactics, techniques and procedures (TTPs).
* Responsible for developing threat hunting and discovery strategies across TTP sector to identify and mitigate risk.
* To be a key contributor, advocate and driver in developing PBT operational capability across TTP sector.
* To deliver rapid comprehensive and evidentially sound cyber security investigations you will execute activities including (incident response, security monitoring, threat hunting, security analytics and reporting to a high standard).
* Responsible for proportionate decision making and thorough documentation of actions completed on investigations, actions undertaken and decisions made on the appropriate case management system.
* Responsible for leading cross working within PBT to effectively manage cyber security issues and incidents.
* Responsible for collaboration within BT as well as with our external security partners, leading with vendors/ 3rd parties (NCSC) and Sec Ops councils.
* Accountable for contribution to security operations metrics working within teams and towards exec level metrics.
* Support and maintain the ISO27001 certificate for Protect BT that is in scope of the BT Business Support certificate LRQ0962885.
* Ensures the effectiveness of the Cyber operation to minimise the impact of cyber incidents to BT.
* Drive continual improvement of BT's capability to operationally exploit tools and data to better Protect BT, its business and reputation.
* Contribute to Cyber Security SOC Area to ensure that the PBT Cyber Operations is effective, agile and responsive and that people, processes and technology are enabled to go beyond limits.
* Potentially working as part of a on call rota.
* Mentor and develop the security professional within the team to grow improve whole team knowledge and skillset.
* Deputises for Area Manager where required.
Skills Required for the Role
* Calm & Decisive under pressure: effective at driving calm and effective response to cyber security issues.
* Technical Excellence: Industry leading technical expertise within intrusion detection, and knowledge of Mitre ATT&CK Framework TTP’s and able to carry out data analysis tasks independently.
* Security Technology experience working with EDR/SIEM solutions, creating threat detection rules focusing on Crowdstrike Falcon, query/advanced threat hunting searches and developing automation with workflows and other automation.
* Solutions experienced with cloud based solutions such as Azure Sentinel and Amazon Web Services.
* Growth mindset wanting to learn and develop new skills and continue to build as a Cyber Security Specialist.
* Leadership be able to lead by example and provide guidance to junior members and develop our cyber professionals, and during investigations build strong team inclusion.
* Influencing skills: Ability to persuade, influence and motivate others, with the right sense of urgency, without having formal authority.
* Decision making be able to independently make decisions based on actions from projects or working groups that reaches a sound decision.
* Project Management ability to coordinate and champion a team to manage a project and related actions.
* Escalation management able to work towards set SLA’s and escalate when potential blockers are found proactively.
* Building External Relationships: partner relationships with other SOCs (peers, customers and vendors) and National Cyber Security Centre operations.
* Stakeholder management able to communicate with all levels and build relationships with customers.
* Familiarisation with legal frameworks and relevant BT policies governing specialist cyber investigation techniques and evidential standards, understanding how to seek appropriate advice.
Experience Required for the Role
* Practical knowledge and experience of day to day Cyber security operations.
* Understanding of networking principles.
* Excellent technical credentials, able to play a leading part in technically capable high performing and motivated teams.
* Experienced in handling Cyber security threats and incidents and vulnerabilities.
* Experience in engaging senior stakeholders from Senior Manager to Director levels.
* Experience in using Crowdstrike Falcon for alert triage, threat hunting, and incident response (including real time response) and IOC/IOA exclusions.
* Completed FHT 201/ 202 Responder and/ or hunting certifications within Falcon.
* Experience with working as part of a on call Rota 24/7 support for 1st line teams.
* Fully conversant with MITRE ATT&CK and its utilisation for SOC and Cyber security.
* Typically qualified to degree level, or equivalent professional experience.
* Member of a professional body and/or with industry recognised qualifications e.g. BCS, CISSP, CISM IET etc.
At BT, we entertain, educate, and empower millions of people every single day. We’re a brand built on connecting people – whether that’s friends, family, businesses, or communities. Working here, you’ll receive an attractive salary and a range of competitive benefits, but – more than that – you’ll be joining an ambitious organisation with a culture of togetherness, collaboration, and inclusivity, that takes a genuine and proactive interest in your progress and development.
* 10% on target bonus
* 25 days annual leave (not including bank holidays), increasing with service
* Huge range of flexible benefits including cycle to work, healthcare, season ticket loan
* World-class training and development opportunities
* Option to join BT Shares Saving schemes.
* Discounted broadband, mobile and TV packages
* Access to 100’s of retail discounts including the BT shop
About us
BT is part of BT Group, along with EE, Openreach, and Plusnet.
Millions of people rely on us every day to help them live their lives, power their businesses, and keep their public services running. We connect friends to family, clients to colleagues, people to possibilities. We keep the wheels of business spinning, and the emergency services responding.
We value diversity and celebrate difference. ‘We embed diversity and inclusion into everything that we do. It’s fundamental to our purpose: we connect for good.’
We all stick to the same values: Personal, Simple, and Brilliant. From day one, you’ll get stuck in to tough challenges, pitch in with ideas, make things happen. But you won’t be alone: we’ll be there with help and support, learning and development.
This is your chance to make a real difference to the world: to be part of the digital transformation of countless lives and businesses. Grab it.
Although these roles are listed as full-time, if you’re a job share partnership, work reduced hours, or any other way of working flexibly, please still get in touch.
We will also offer reasonable adjustments for the selection process if required, so please do not hesitate to inform us.
Studies have shown that women and people who are disabled, LGBTQ+, neurodiverse or from ethnic minority backgrounds are less likely to apply for jobs unless they meet every single qualification and criteria. We're committed to building a diverse, inclusive, and authentic workplace where everyone can be their best, so if you're excited about this role but your past experience doesn't align perfectly with every requirement on the Job Description, please apply anyway - you may just be the right candidate for this or other roles in our wider team.
#J-18808-Ljbffr