What you’ll be doing
You’ll be part of a holistic security engineering team, implementing BT-wide, multi-system, complex design, holistic use case development and management. This will require close collaboration with teams responsible for specific security capabilities in our federated security engineering approach. Core to this are the following accountabilities:
Designing, implementing and managing security detection use cases across a range of technologies to ensure timely alerting of security events and incidents to Security Operations staff. Responding to specific threats and intelligence to enable insight from security capabilities at the pace of incidents in support of incident technical bridges. Continuously improving threat detection capabilities by tuning and optimising existing use cases and retiring use cases no longer providing value. Collaborate regularly across Protect BT Group stakeholders and engineering teams to quickly respond to new use cases Act as a security use case subject matter expert, responding to requests, working with wider teams, making priority decisions and deciding the best action to regularly advance our threat detection capabilities Proactively adapting and maintaining threat intelligence and detection capabilities to ensure we provide the best possible environment to keep BT safe. Enhance data enrichment by integrating threat intelligence feeds and contextual information. Contribute to security engineering projects, transitions, and transformations. Work closely with security operations and associated security incident response systems Stay informed about emerging threats and security best practices. Drive end to end automation across the eco system of security capabilities to drive efficiency and speed of response to cyber threats. Collaboration with commercial security teams where BT consumes our commercial propositions for internal use.
Skills Required for the Role
Communication:
Able to effectively communicate across multiple engineering teams Coordinate across multiple teams to work towards a common goal Collaborate with a wider range of stakeholders, reporting progress and adapting quickly to feedback
Delivery:
Responsible for the delivery and in life management of complex use cases Coordinating rapid responses to changes in the threat landscape Working across multiple stakeholders to ingest, parse, index and consume data feeds required to evolve our threat hunting ability Drive automation of data ingestion, transformation and loading tasks
Design:
Responsible for designing complex security use case detection logic Documenting design decisions and communicating with engineering teams Proactively understanding how we can get more value from SIEM and other tooling to continually mature our capabilities Design, develop, and maintain data pipelines using Logstash, part of the Elastic Stack.
Data Cleaning and Enrichment with Elasticsearch:
Utilize Elastics for efficient data storage and retrieval. Implement data validation, enrichment, and indexing. Collaborate with data analysts to create meaningful search experiences.
Database Architecture and Scaling with Elastic:
Optimize data storage and retrieval mechanisms within Elastic clusters. Design and Implement sharding, replication, and index management strategies.
Security and Compliance with Elastic Security:
Set up access controls, authentication, and encryption using Elastic Security features. Ensure compliance with data protection regulations.
Performance Tuning with Elastic and Logstash:
Fine-tune query performance using Elastic indices and mappings. Monitor Logstash pipelines and optimize resource utilization.
Kibana Visualization and Monitoring:
Leverage Kibana for data visualization, dashboards, and real-time monitoring. Create custom visualizations to track data quality metrics and system performance.
Kafka integration
Experience Required for the Role
MANDATORY
Experience working in the threat intelligence / threat hunting environment Knowledge of working on a SIEM/big data/ threat hunting capability Experience in cyber security implementation and support Knowledge of security best practices, regulatory requirements and standards ELK stack awareness Knowledge of the MITRE ATT&CK framework
PREFERRED
Experience supporting complex cyber security or IT projects. Actively worked on a SIEM solution and experience of use case detection/creation Detailed knowledge of Elastic architecture
Benefits
At BT, we entertain, educate, and empower millions of people every single day. We’re a brand built on connecting people – whether that’s friends, family, businesses, or communities. Working here, you’ll receive an attractive salary and a range of competitive benefits, but – more than that – you’ll be joining an ambitious organisation with a culture of togetherness, collaboration, and inclusivity, that takes a genuine and proactive interest in your progress and development.
Competitive salary 10% on target bonus BT Pension scheme, minimum 5% Employee contribution, BT contribution 10% 25 days annual leave (not including bank holidays), increasing with service Huge range of flexible benefits including cycle to work, healthcare, season ticket loan World-class training and development opportunities Option to join BT Shares Saving schemes. Discounted broadband, mobile and TV packages Access to 100’s of retail discounts including the BT shop