Cyber Appliance Management Professional

Recruiter: Jayson Coley-Wynters 

Career Grade: E

Location: UK Wide 

 

 

Why this job matters 

The Device Management role is a multi-faceted position that requires both in-depth technical knowledge of network security systems/concepts as well as the ability to successfully communicate with and work directly with customers. 

 

The post holder is responsible for providing BT post-sales support of BT ATM infrastructure devices, deployed CPE, and managed customer devices; as well as developing methods for furthering the SOC’s ability to provide a consistent quality service.   The holder is also responsible for proactive management of solutions and working within the various BT ATM teams to develop enhancements to further meet customer requirements.  BT and customer devices include various types of unix-based servers (Sentry, Snort, MLR), IDS/IPS, Firewall, VPN, and any other device necessary to provide security services. 

 

What I'll be doing - Your accountabilities 

• Participate in an on-call rotation. 

• Work across Platform and Engineering teams to deliver and support of BT Security services features. 

• Performance and issue investigations on security appliances and systems. 

• Build and deliver custom security appliances and systems. 

• Conduct customer log analysis to correct configuration issues. 

• User and groups administration on security appliances and systems. 

• Conduct vulnerability scans on security appliances and systems. 

• Develop custom ingest parsers and pipelines for log retention and SIEM platforms. 

• Develop, implement and verify plans for Opsview monitoring of security appliances and systems. 

• Security appliance and system configuration and documentation verification. 

• Write and update knowledgebase articles. 

• Define and execute test plans for new or updated security appliances and systems. 

• Support the management of relationships with specific customers, suppliers and stakeholders ensuring the cost effective provision of a professional security service. 

• Review design documentation to ensure they are accurate, unambiguous and verifiable.  

 

Skills required for the job

MANDATORY 

• On-call rotation. 

• Excellent written and verbal communications, including documentations skills. 

• General IT problem solving and debugging. 

• IT troubleshooting. Network troubleshooting. Firewall troubleshooting. 

• Familiarity with ticketing and change management process and procedures. 

• Ability to learn new technologies without supervision. Self driven learning. 

• Open Source technologies. 

• Linux Systems Administation  

• Familiarity with log retention technologies 

• Familiarity with device log collection and forwarding technologies 

 

 

 

PREFERRED: at least 50%+ of: 

• CISSP, CompTia Network+, Security+, CSA+ and/or CEH or equivalent 

 

• Linux Systems Administration, including: 

    • Install, configure, manage, maintain, and troubleshoot RHEL systems. 

    • In-depth knowledge of SSH client and server configuration. 

    • Unix/Linux shell scripting and common tools, including SELinux, FACLs, etc. 

 

• Windows Systems Administration, including: 

    • Install, configure, manage, maintain, and troubleshoot Windows systems. 

    • PowerShell. 

    • Windows Event Log, and tools such as Winlogbeat, NXLog, Snare, etc. 

 

• Virtualisation, container orchestration and cloud technologies, including: 

    • VMware vSphere & ESXi. 

    • Docker, Kubernetes. 

    • Proxmox, KVM, QEMU. 

    • AWS, Azure, Google, etc. 

 

• Fault, vulnerability, and performance monitoring, including: 

    • Opsview, Nagios, Icinga. 

    • Qualys. 

    • Crowdstrike, Wazuh. 

 

• Patch and configuration management and continuous deployment, including: 

    • Ansible. 

    • Foreman. 

    • Terraform and Packer. 

    • Version control, e.g., Git. 

 

• Data processing, warehousing, log retention and SIEM 

    • Elasticsearch/OpenSearch, Logstash, Filebeat, etc. 

    • Syslog-NG/Rsyslog. 

    • Splunk, Graylog, LogRhythm, etc. 

    • Grafana/Prometheus. 

    • Security Analytics & Correlation

 

Experience you would be expected to have 

MANDATORY: 

• General IT and security operations knowledge and experience. 

• Knowledge of IP networks and protocols. 

• In depth practical experience and knowledge of a range of specific vendor products related to role. 

• Linux Systems administration 

• Experience with stakeholder management. 

• General IT and security operations knowledge and experience. 

• Knowledge of IP networks and protocols. 

• In depth practical experience and knowledge of a range of specific vendor products related to role. 

• Familiarity with device log collection and forwarding technologies

 

 

PREFERRED: 

• A background in server and application management in a security environment. 

• In depth practical experience and knowledge of operating systems and server administration. 

• ITIL/ITSM (IT Infrastructure Library/Service Management) – IT Operations experience. 

• Knowledge of automation tools and methods. 

• Extensive experience working in a sensitive commercial environment with demanding SLAs. 

• Experience in managing and delivery of bespoke solutions. 

• Experience with SIEM (Security Information and Event Management) systems. 

• Experience with Analysis & interpretation of data into useful management information. 

• Experience with incident management process & procedures. 

• Experience with Atlassian tools like Jira, Confluence, and Bitbucket, and/or SNOW. 

• Cloud Platforms, architecture, and design patterns– AWS, Azure, Google Cloud Platform etc. 

 

Connected Leaders behaviours 

• Trusted member of the team who can be relied on by colleagues and managers 

• Be able to work unsupervised 

• Understanding the BT values 

 

Key Decisions 

• Incident communications to relevant parties – How, What, Who? 

• Team responsibilities and activities 

• Identification of Continuous Improvement opportunities