SOC Professional

Why BT?

We’ve always been an organization with purpose; to use the power of communications to make a better world. You can trace this back to our beginning as pioneers of the world’s first telecommunications company. At our heart we’re a technology company with research and innovation in our bones and a desire to be personal, simple, and brilliant for our customers - those are the values we live by whilst also creating an inclusive working environment where people from all backgrounds can succeed.
 
Our pursuit of progress over the past 180 years has established BT as a strong, successful brand, with huge scale capable of achieving great things. From supporting emergency services, hospitals, banks and keeping economies around the world online, safe and secure, to delivering large scale technology infrastructure like the creation of BT Sport.
 
Today in this fast changing, always on, digital world our purpose remains true. Yet the market conditions, regulation and competition we face are tougher than ever before. So if you have the drive, optimism and resilience to help propel us forward we’ll offer unrivalled personal development, a wealth of opportunities to learn, experience new things and pursue new careers. If that’s you and what you’re looking for, we’d love you to be part of our future.

Why Security

Our purpose is to use the power of communication to make a better world. For each other, for our customers, for society and our communities.
 
Security incidents carry financial cost and can impact our brand and reputation. Proactively preventing, detecting and responding to incidents allows BT to reduce risk to the business and our customers. Any large organization needs a centralized facility responsible for every aspect of Security, hardening the business posture from attack. Your role places real value in finding and adapting ways to protect and support our people, customers & communities.

Why this job matters

The Cyber Security Operations team’s goal is to detect, analyse, and respond to cybersecurity incidents using a combination of cutting edge technology and a strong set of processes. Cyber Security Operations staff work across the organisation, typically with incident response teams to ensure security issues are addressed quickly upon discovery.
 
L1 Section
The Cyber Security Professional (L1) forms the first level of monitoring in the Security Operations Centre. In this role you will monitor and respond to security events and incidents from managed customer security systems as part of a team. The role consists of monitoring realtime events and incidents from our customers, keeping abreast of intelligence from the IT security community (and government/law-enforcement), or other industry sources and operating from 24/7/365 within our Cyber Security Operations Centre (SOC). Shift work will be required to cover 24x7 operations
 
L2 Section
The Cyber Security Professional (L2) forms the second level of monitoring in the Security Operations Centre. In this role you will have the responsibility of deploying changes to the client security devices following a predefined template. Secondly, providing a quality, comprehensive analysis of proactive alerts and re-active incidents, building on the initial triage performed by the L1 team. This role forms the key escalation point between L1 and L3 and involves keeping abreast of intelligence from the IT security community (and government/law-enforcement), or other industry sources and operating from 24/7/365 within our Cyber Security Operations Centre (SOC). Shift work will be required to cover 24x7 operations.

What I’ll be doing – your accountabilities

L2 Points
•    Provide a comprehensive analysis of alert/incident received.
•    Where applicable, provide basic level of triage on customer tools.
•    Ability to determine impact of the alert/ incident on customer environment.
•    Responsible for business reporting and quality assurance
•    Key escalation points between L1 and L3 analysts
•    As a member of the Cyber Security Operations team, you will respond to immediate security threats on BT and commercial networks across the globe.
•    Responsible for working in a 24x7 Cyber Security Operation Centre environment.
•    Our Cyber Security Operations team’s goal is to provide quality service on change and incidents management with the combination of cutting-edge technology and a strong set of processes.
•    Support elements of the Investigation and resolution as required and where necessary report incidents involving potential or actual breaches of protective security compliance.
•    Support the operational relationships with specific customers, suppliers and stakeholders, including all Third Parties and joint ventures ensuring the cost-effective provision of a professional Security service.

Skills required for the job

•    Strong knowledge of the TCP/IP protocol suite, DHCP, DNS, LAN/WAN, IPSec VPN.
•    Knowledge of the OSI model and security that is associated with each layer.
•    Solid understanding of Next Generation Firewall features. (Antivirus, web filtering, app-id, Intrusion detection, etc…)
•    Good understanding of routing & switching
•    Basic knowledge of security logging tools (log management, SIEM, Advance Security Anomalies Systems
•    Awareness of Threat intelligence. Utilising threat intelligence to make informed decisions to minimise harm to our business and customers.
•    A basic understanding of the cybersecurity landscape, including emerging risks and security solutions.
•    Knowledge of security methodologies and processes for: Incident Management and Change Management
•    Ability to multi-task, prioritize, and manage time effectively.
•    Strong ability to follow documented processes.
•    Relevant experience of stakeholder management and good interpersonal skills.
•    Specific Technology experience to be added if required for vacancy.