Cyber Security Professional - Spain Operations

The role operates on a 24x7x365 shift rota basis.

At BT International, our purpose is to keep the world connected. As part of BT, we build on almost 180 years of innovation and expertise to deliver secure connectivity and digital services to some of the world’s leading multinational businesses and organisations. Our customers trust us to safeguard their data, drive their digital transformation and keep their businesses running.

With colleagues on the ground across the world and supporting customers wherever they need to operate, BT International offers a truly global experience. Whether it’s about providing cloud connectivity, helping organisations collaborate, or enabling innovation in cybersecurity and digital services, you’ll be part of a team that shapes how businesses succeed in a world that is being transformed by AI.

If you have the drive and ambition to make an impact on a global stage, BT International is where it happens.

Purpose of Role

The role holder will be responsible for the in-life delivery of 24x7x365 commercial Cyber Security Operations Centre (CySOC) capability, ensuring compliance with customers’ contractual SLAs underpinned by specific KPIs.

The role operates on a 24x7x365 shift rota basis. Team members will work with existing security system technologies and core network security products.

Analysts are expected to demonstrate behaviours aligned with their responsibilities and a strong commitment to delivering the highest levels of quality:

• Do not close investigations until the root cause of a security incident has been identified.

• Conduct in-depth analysis to fully understand security incidents end-to-end.

• Ensure investigations are only closed once all conclusions are achieved and documented.

• Demand and utilise all necessary support to ensure complete, high-quality incident analysis.

• Provide detailed case documentation clearly specifying the value of the work performed for the customer.

• Drive continuous improvement.

Team members must be aware of and comply with BT policies and standards, as well as CySOC-specific policies (which are stricter in terms of Confidential and Highly Confidential classifications).

Relationships with colleagues and customers must always be conducted in line with BT’s Code of Practice, supporting a respectful and collaborative environment.

Key Responsibilities

• Manage the complete security incident process for detection, analysis, response, and remediation.

• For P1/P2 and major global security incidents, apply immediate escalations per defined process.

• Monitor and categorise every security incident, identifying true and false positives based on relevant use cases.

• Execute the full incident process, including:

  • Case registration in the ticketing system.

  • Initial event investigation.

  • Basic triage activities.

  • Customer communication throughout detection, analysis, response, and remediation.

• Ensure quality of responses, providing full investigation and resolution details, and report potential/proven breaches of protective security compliance.

• Guarantee SLA adherence for every type of customer-defined incident.

• Follow defined processes and documentation rigorously to ensure compliance with quality parameters.

• Escalate cases to Security Specialists and SOMs as defined per incident type.

• Proactively identify and report process gaps or improvements.

• Build skills progressively to manage tools and systems required for agile, high-quality service delivery.

Soft Skills

• Customer focus – ability to meet customer needs in line with business requirements.

• Results orientation – delivering outcomes in line with objectives.

• Teamwork – positive, cooperative contribution to group success.

• Communication – clear, audience-adapted, and effective.

• Logical thinking – ability to comprehend and oversee multiple aspects of a situation.

• Ownership – accountability for actions and decisions.

• Analytical mindset – using data to support decision-making.

• Attention to detail – delivering accurate, high-quality output.

• Creativity – ability to think beyond the obvious and consider collateral environments/stakeholders.

• Languages – fluent Spanish and English (other languages an advantage).

Skills & Experience

• Knowledge of security management, network and information security, and Security Operations Centre services.

• Strong technical foundation, including:

  • TCP/IP, DHCP, DNS, LAN/WAN, Operating Systems.

  • Network security: remote access, DMZ architecture, intrusion detection, monitoring, web server security.

• Minimum 1 year of experience in security operations (preferably CySOC, CNOC, or NOC), handling incidents and applying use cases.

• Knowledge of SIEMs and security log management:

  • Preferred: Qradar, LogRhythm, Sentinel, McAfee, Splunk.

  • Others: Arcsight, Fortisiem, Syslog.

• Knowledge of EDR solutions:

  • Preferred: CrowdStrike, Palo Alto Cortex/Traps, Microsoft Defender ATP, SentinelOne, VMware Carbon Black.

  • Others: Checkpoint Sandblast, Symantec, Bitdefender, McAfee Mvision.

• Knowledge of phishing & fraud detection tools: FireEye ETP, Forcepoint, ProofPoint, Cisco Email Security, Symantec Email Security.

• Additional desirable skills:

  • Malware sandboxes, memory forensics, exploit/attack analysis.

  • Open-source penetration testing tools.

  • Threat intelligence usage in appliances and operations.

  • Forensic artefacts and indicators of compromise.

  • IOC/IOA exchange formats and intelligence sharing.

  • Threat anomaly detection (UEBA, NDR solutions).

Business Impact

• Direct influence on customer satisfaction through delivery of contracted service levels.

• Contribution to customer contract renewals and opportunities for service expansion.

• Responsibility for achieving KPIs in Incident Security Management, Change Management, and Customer Communication processes.

• Ensuring all activities are executed in line with Quality Assurance definitions.

Qualifications

• Higher technical education:

  • Higher Technician in Network Computer Systems Administration.

  • Higher Technician in Multiplatform Application Development.

  • Higher Technician in Web Applications Development.

  • Higher Technician in Telecommunications & Computer Systems.

  • Higher Technician in Electronic Maintenance.

  • Specialisation in Cybersecurity in IT Environments.

• Technical or higher degrees in:

  • Computer Engineering (or specialisations).

  • Telecommunications Engineering (or specialisations).

• Additional certifications (valued):

  • CompTIA Security+

  • CEH

  • OSCP

  • CCNA Security

  • EDR certifications

  • SANS certifications

• Recognised technical qualifications or accreditations in security specialisms.

Additional Allowances & Benefits

• Cafeteria

• Smart working allowance

A few points to note

Although these roles are listed as full-time, if you’re a job share partnership, work reduced hours, or any other way of working flexibly, please still get in touch.

Please note that as part of our recruitment process, we conduct background checks, which include verification of the highest educational qualification. Additionally, for certain positions, a certificate of good conduct may be requested following a successful application.

Don’t meet every single requirement?

Studies have shown that women and people who are disabled, LGBTQ+, neurodiverse or from ethnic minority backgrounds are less likely to apply for jobs unless they meet every single qualification and criteria. We're committed to building a diverse, inclusive, and authentic workplace where everyone can be their best. So, if you’re excited about this role but your past experience doesn’t align perfectly with every requirement in the Job Description, please apply anyway – you may just be the right candidate for this or other roles in our wider team.