What you'll be doing Responsible for ensuring BT is defended against threat attack vectors, actors and their tactics, techniques and procedures (TTPs).
Responsible for developing threat hunting and discovery strategies across TTP sector to identify and mitigate risk To be a key contributor, advocate and driver in developing PBT operational capability across TTP sector To deliver rapid comprehensive and evidentially sound cyber security investigations you will execute activities including (incident response, security monitoring, threat hunting, security analytics and reporting to a high standard) Responsible for proportionate decision making and thorough documentation of actions completed on investigations, actions undertaken and decisions made on the appropriate case management system.
Responsible for leading cross working within PBT to effectively manage cyber security issues and incidents Responsible for collaboration within BT as well as with our external security partners, leading with vendors/ 3rd parties (NCSC) and Sec Ops councils.
Accountable for contribution to security operations metrics working within teams and towards exec level metrics.
Support and maintain the ISO27001 certificate for Protect BT that is in scope of the BT Business Support certificate LRQ0962885.
Ensures the effectiveness of the Cyber operation to minimise the impact of cyber incidents to BT Drive continual improvement of BT's capability to operationally exploit tools and data to better Protect BT, its business and reputation.
Contribute to Cyber Security SOC Area to ensure that the PBT Cyber Operations is effective, agile and responsive and that people, processes and technology are enabled to go beyond limits.
Potentially working as part of a on call rota Mentor and develop the security professional within the team to grow improve whole team knowledge and skillset.
Deputises for Area Manager where required Skills Required for the Role Calm & Decisive under pressure: effective at driving calm and effective response to cyber security issues Communication, Visual & Written skills: Very strong communication, visual & written skills.
Technical Excellence: Industry leading technical expertise within intrusion detection, and knowledge of Mitre ATT&CK Framework TTP's and able to carry out data analysis tasks independently.
Security Technology experience working with EDR/SIEM solutions, creating threat detection rules focusing on Crowdstrike Falcon, query/advanced threat hunting searches and developing automation with workflows and other automation.
Solutions experienced with cloud based solutions such as Azure Sentinel and Amazon Web Services Growth mindset wanting to learn and develop new skills and continue to build as a Cyber Security Specialist.
Leadership be able to lead by example and provide guidance to junior members and develop our cyber professionals, and during investigations build strong team inclusion.
Influencing skills: Ability to persuade, influence and motivate others, with the right sense of urgency, without having formal authority.
Decision making be able to independently make decisions based on actions from projects or working groups that reaches a sound decision.
Project Management ability to coordinate and champion a team to manage a project and related actions.
Escalation management able to work towards set SLA's and escalate when potential blockers are found proactively.
Building External Relationships: partner relationships with other SOCs (peers, customers and vendors) and National Cyber Security Centre operations.
Stakeholder management able to communicate with all levels and build relationships with customers.
Familiarisation with legal frameworks and relevant BT policies governing specialist cyber investigation techniques and evidential standards, understanding how to seek appropriate advice.
Experience Required for the Role Practical knowledge and experience of day to day Cyber security operations.
Understanding of networking principles.
Excellent technical credentials, able to play a leading part in technically capable high performing and motivated teams.
Experienced in handling Cyber security threats and incidents and vulnerabilities.
Experience in engaging senior stakeholders from Senior Manager to Director levels.
Experience in using Crowdstrike Falcon for alert triage, threat hunting, and incident response (including real time response) and IOC/IOA exclusions Completed FHT 201/ 202 Responder and/ or hunting certifications within Falcon.
Experience with working as part of a on call Rota 24/7 support for 1st line teams.
Fully conversant with MITRE ATT&CK and its utilisation for SOC and Cyber security.
Typically qualified to degree level, or equivalent professional experience.
Member of a professional body and/or with industry recognised qualifications e.g.
BCS, CISSP, CISM IET etc.
BenefitsAt BT, we entertain, educate, and empower millions of people every single day.
We're a brand built on connecting people – whether that's friends, family, businesses, or communities.
Working here, you'll receive an attractive salary and a range of competitive benefits, but – more than that – you'll be joining an ambitious organisation with a culture of togetherness, collaboration, and inclusivity, that takes a genuine and proactive interest in your progress and development.
Competitive salary 10% on target bonus BT Pension scheme, minimum 5% Employee contribution, BT contribution 10% 25 days annual leave (not including bank holidays), increasing with service Huge range of flexible benefits including cycle to work, healthcare, season ticket loan World-class training and development opportunities Option to join BT Shares Saving schemes.
Discounted broadband, mobile and TV packages Access to 100's of retail discounts including the BT shop