Security Complex Engineering Specialist

Social network you want to login/join with:

col-narrow-left

BT Group

Southampton, United Kingdom

Other

-

Yes

col-narrow-right

799cb88151e9

7

22.06.2025

06.08.2025

col-wide

What you’ll be doing

You’ll be part of a holistic security engineering team, implementing BT-wide, multi-system, complex design, holistic use case development and management. This will require close collaboration with teams responsible for specific security capabilities in our federated security engineering approach. Core to this are the following accountabilities:

• Designing, implementing and managing security detection use cases across a range of technologies to ensure timely alerting of security events and incidents to Security Operations staff.
• Responding to specific threats and intelligence to enable insight from security capabilities at the pace of incidents in support of incident technical bridges.
• Continuously improving threat detection capabilities by tuning and optimising existing use cases and retiring use cases no longer providing value.
• Collaborate regularly across Protect BT Group stakeholders and engineering teams to quickly respond to new use cases
• Act as a security use case subject matter expert, responding to requests, working with wider teams, making priority decisions and deciding the best action to regularly advance our threat detection capabilities
• Proactively adapting and maintaining threat intelligence and detection capabilities to ensure we provide the best possible environment to keep BT safe.
• Enhance data enrichment by integrating threat intelligence feeds and contextual information.
• Contribute to security engineering projects, transitions, and transformations.
• Work closely with security operations and associated security incident response systems
• Stay informed about emerging threats and security best practices.
• Drive end to end automation across the eco system of security capabilities to drive efficiency and speed of response to cyber threats.
• Collaboration with commercial security teams where BT consumes our commercial propositions for internal use.

Skills Required for the Role

Communication:

• Able to effectively communicate across multiple engineering teams
• Coordinate across multiple teams to work towards a common goal
• Collaborate with a wider range of stakeholders, reporting progress and adapting quickly to feedback

Delivery:

• Responsible for the delivery and in life management of complex use cases
• Coordinating rapid responses to changes in the threat landscape
• Working across multiple stakeholders to ingest, parse, index and consume data feeds required to evolve our threat hunting ability
• Drive automation of data ingestion, transformation and loading tasks

Design:

• Responsible for designing complex security use case detection logic
• Documenting design decisions and communicating with engineering teams
• Proactively understanding how we can get more value from SIEM and other tooling to continually mature our capabilities
• Design, develop, and maintain data pipelines using Logstash, part of the Elastic Stack.

Data Cleaning and Enrichment with Elasticsearch:

• Utilize Elastics for efficient data storage and retrieval.
• Implement data validation, enrichment, and indexing.
• Collaborate with data analysts to create meaningful search experiences.

Database Architecture and Scaling with Elastic:

• Optimize data storage and retrieval mechanisms within Elastic clusters.
• Design and Implement sharding, replication, and index management strategies.

Security and Compliance with Elastic Security:

• Set up access controls, authentication, and encryption using Elastic Security features.
• Ensure compliance with data protection regulations.

Performance Tuning with Elastic and Logstash:

• Fine-tune query performance using Elastic indices and mappings.
• Monitor Logstash pipelines and optimize resource utilization.

Kibana Visualization and Monitoring:

• Leverage Kibana for data visualization, dashboards, and real-time monitoring.
• Create custom visualizations to track data quality metrics and system performance.

Kafka integration

Experience Required for the Role

MANDATORY

• Experience working in the threat intelligence / threat hunting environment
• Knowledge of working on a SIEM/big data/ threat hunting capability
• Experience in cyber security implementation and support
• Knowledge of security best practices, regulatory requirements and standards
• Knowledge of the MITRE ATT&CK framework

PREFERRED

• Experience supporting complex cyber security or IT projects.
• Actively worked on a SIEM solution and experience of use case detection/creation
• Detailed knowledge of Elastic architecture
• From January 2025, equal family leave: receive 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate. It’s for all parents, no matter how your family is made up.
• Enhanced women’s health support: including help with menopause symptoms, cancer screenings, period care and more.
• 25 days annual leave (not including bank holidays), increasing with service
• 24/7 private virtual GP appointments for UK colleagues
• 2 weeks carer’s leave
• World-class training and development opportunities
• Option to join BT Shares Saving schemes.