Cyber SOC Specialist

Why Security

Our purpose is to use the power of communication to make a better world. For each other, for our customers, for society and our communities.

Security incidents carry financial cost and can impact our brand and reputation.  Proactively preventing, detecting and responding to incidents allows BT to reduce risk to the business and our customers. Any large organisation needs a centralised facility responsible for every aspect of Security, hardening the business posture from attack.Your role places real value in finding and adapting ways to protect and support our people, customers & communities.

Why this job matters

The SOC team’s goal is to detect, analyse, and respond to cybersecurity incidents using a combination of cutting edge technology and a strong set of processes. SOC staff work across the organisation, typically with incident response teams to ensure security issues are addressed quickly upon discovery. As a member of the Cyber Security Operations team you will respond to immediate complex security threats on BT and commercial networks across the globe, working in a 24x7 Security Operation Center (SOC) environment. You will monitor, analyse and defend against malicious or unusual activity that could be indicative of a security incident or compromise.

What I’ll be doing – your accountabilities

• Manage the daily resource within the CySOC, ensuring operational workload is allocated and SLA’s are met
• Investigate and qualify L3 incidents. Receive incidents from L2 and escalate if needed
• When required, participate in STAG, Triage and PIR calls to direct workload, manage risk and act as an escalation for CySOC tasks
• Ensuring the analytical approach applied by L1 & L2 Security Analysts is thorough, considered and comprehensive and conduct regular case reviews
• Proactive Threat Hunting using Threat Intelligence
• Customer engagement
• Lead on knowledge management within the SOC on specific technologies and tools including runbooks, training sessions and knowledge calls
• Liaise with L1-L3, Vendors and stakeholders in relation to cyber security issues, provide future recommendations and to identify advanced attacker tactics and techniques
• Maintain compliance with relevant security requirements based in BT Policies, CySOC Policies and ISO27001.
• Providing thought leadership to support the shaping of Security Analyst’s, with a mind-set of moving up the value chain in terms of experience, knowledge and skills.
• Deliver and verify plans for monitoring, maintaining and improving the integrity of security processes and systems.
• Deliver and verify the implementation and operational end to end delivery for a subset of an IT security service and for a subset of the IT Security strategy, policy, procedures, processes, systems, threat identification & response that provide IT security services and solutions for or on security infrastructure.
• Responsible for performing highly detail-oriented work that involves performing deep security threat analysis of various malware and web attacks, Network attacks, relevant event data or forensic artefacts

Skills required for the job

• Knowledge of various security methodologies and processes and can apply these to incidents investigations and management
• Good understanding of Network Security. Including TCP/IP Protocols, network analysis, and network/security applications
• Ability to provide relevant and timely analysis and recommendations to customers based on analysis of events from a range of platforms
• Customer-facing, with good report-writing skills and strong communication skills at all levels
• Ability to provide technical and service leadership to L1 and L2 analysts. Be a thought leader in the SOC
• Ability to consistently deliver to deadlines while prioritising competing demands for time, without sacrificing quality
• Good understanding of ITIL processes, including Change Management, Incident Management and Problem Management
• Willingness to share information, improve documentation, and train other analysts
• Excellent knowledge of SIEM products
• Knowledge of network technologies, Windows and Unix administration
• Knowledge of typical security devices such as firewalls, intrusion detection systems, AV and End Point security, Web Application Firewalls, event correlation systems, etc.
• Understanding of security threats, attack scenarios; analysis and intrusion detection skills
• Proven analytical skills and out-of-the box thinking
• Ability to apply non standard processes to incidents and investigations
• Knowledge of at least  one  security methodologies as MITRE ATT&CK Framework.
• Excellent management skills with the ability to build high performing, well motivated teams
• Proficient in Microsoft Office Applications

Experience you would be expected to have

• Experience working in a fast paced operational security environment
• Experience of general incident management process
• A background in data communications with particular knowledge on Internet working and IP skills. Vendor Security technologies: SIEM, IDS/IPS, Security Analytics & Correlation
• CompTia Network+, Security+, CSA+ and/or CEH or equivalent
• Experience working in a customer facing environment
• Experience leading and coaching a team of technology professionals
• Knowledge of Security management, network and information security, people security and running of one or more services within a Security Operations Centre.
• Analysis & interpretation of data into useful management information

Key decisions

• Incident communications to relevant parties – How, What, Who?
• Team responsibilities and activities
• Identification of Continuous Improvement opportunities
• May involve management of a team in the delivery of a security service or solution.

Security isn’t always the first thing that comes to mind when you think of BT, but when it comes to keeping everyone safely connected, We Are The Protectors. We deal with thousands of cyber-attacks every day, so that millions of people can safely go about their daily lives and run their businesses. We deliver vital work at scale, with real breadth and impact. We connect for good.

This is an opportunity to play your part and protect our company, our customers and our communities from cyberattack. Be part of a dedicated team and get ready to be challenged every day to make the most of your skills and experience. You’ll learn from those around you, and from outstanding training and development resources to become even better at what you do. With the best technology at your fingertips, you'll be part of a friendly and flexible working environment where your contribution is always valued.

Security is one of the fastest growing parts of our global organisation. We are protecting our networks from more than 6,500 cyber attacks each day, investing over £40m in research each year - and in employing nearly 3,000 people, we’re also the largest private cyber employer in the UK.  With incredible opportunities to learn, develop and grow your skills, we’ll invest in you, nurture your potential and shape your future – whatever your background or experience. ​

In today’s world, safe and secure digital connections have never been more vital. You’ll be joining a global company operating at the forefront of the information age: BT employs 90,000 people in 180 countries. With huge scale, we’re capable of achieving great things, striving to be personal, simple, and brilliant for our customers whilst creating an inclusive working environment where people from all backgrounds can succeed. Play your part. Make a difference. We are the Protectors.

A FEW POINTS TO NOTE:

Although these roles are listed as full-time, if you’re a job share partnership, work reduced hours, or any other way of working flexibly, please still get in touch.

DON'T MEET EVERY SINGLE REQUIREMENT?

Studies have shown that women and people who are disabled, LGBTQ+, neurodiverse or from ethnic minority backgrounds are less likely to apply for jobs unless they meet every single qualification and criteria. We're committed to building a diverse, inclusive, and authentic workplace where everyone can be their best, so if you're excited about this role but your past experience doesn't align perfectly with every requirement on the Job Description, please apply anyway - you may just be the right candidate for this or other roles in our wider team.