Security Specialist - Spain Operations

Fecha: 29 mar. 2024

Ubicación: Madrid, Spain

Empresa: BT Group

 

Security isn’t always the first thing that comes to mind when you think of BT, but when it comes to keeping everyone safely connected, We Are The Protectors. We deal with thousands of cyber-attacks every day, so that millions of people can safely go about their daily lives and run their businesses. We deliver vital work at scale, with real breadth and impact. We connect for good.

This is an opportunity to play your part and protect our company, our customers and our communities from cyberattack. Be part of a dedicated team and get ready to be challenged every day to make the most of your skills and experience. You’ll learn from those around you, and from outstanding training and development resources to become even better at what you do. With the best technology at your fingertips, you'll be part of a friendly and flexible working environment where your contribution is always valued.

 

Purpose Of Role:

 

The role holder will be responsible for Support Customers and  Cyber Security Professional Security Analyst of Analytical Security to ensure keeping quality of service in life delivery of 24x7x365 from commercial Cyber Security Operations Centre capability to specific customers contractual SLA’s underpinned by specific KPI’s.

 

These teams members will perform their responsibilities in business hours and on call out of business hours (24x7x365) by demanded Incident Security Escalations and Scheduled Complex Changes and/or Especial-Critical Interventions.

 

These teams members will be responsible to act proactively in monitor the skills level of Cyber Security Professional Security Analyst of Analytical Security and define Internal upskilling actions plans to ensure the level required  of service in life delivery of 24x7x365 from commercial Cyber Security Operations Centre capability to specific customers contractual SLA’s underpinned by specific KPI’s.

 

These team members will work the existing Security Systems technologies and other core network security products.

 

These team members will be assigned as principal and/or secondary responsible with the existing Security Systems Technologies to specific customers contractual in life delivery of 24x7x365 from commercial Cyber Security Operations Centre.

 

These team members will be assigned as principal and/or secondary responsible to specific customers contractual in life delivery of 24x7x365 from commercial Cyber Security Operations Centre to support activities and tasks coming from Cyber Security Professional Security Analyst.

 

These team members will be represent and assume security technology responsibilities based in activities and/or tasks coming from actions in team work with other CySOC team members as SSOMs and/or CySOC Coordination Team as assigned principal and/or secondary to specific customers contractual in life delivery of 24x7x365 from commercial Cyber Security Operations Centre.

 

These team members must be complete awareness and application of Compliance BT Policies and CySOC Policies what are more rigorous in terms of BT Policies definitions of Confidential and Highly Confidential.

 

These team members will maintains relationships with people at an operational level always under BT code definitions referred to; support respect and appreciate each other’s.

 

The general scope of the Role will be applied by next aspects of the CySOC: 

  • These teams members will be always focused in way of think orient to prevention  and prediction to protect of Threats, Breaches, Vulnerabilities, Threat Actors, etc., Customers/Organizations Business as way that  Cyber Security Operations Centre act proactive the most of times and lest of times reactive.
  • These team members will be manage the prevention and prediction way to protect Customers/Organizations based in  Deterministic and Non- Deterministic options to detect Threats, Breaches, Vulnerabilities, Threat Actors, etc.
  • These team members will manage whole TI Systems as Deterministic way to prevent and protect Customers/Organizations Business of Threats, Breaches, Vulnerabilities, Threat Actors, etc., for complete process Detection, Analysis, Response and Remediation.
  • These teams members will be proactively Accountable to Team Leader and CySOC Manager for whole responsibilities assigned.
  • From their position of security technical support must do a step more on the way of transmit the knowledge, skills and experience ensuring the receptors catch up the keys of concepts teaching and/or coaching.
  • From their position and perspective will provide to stakeholders clear vision and understanding of security landscape of IT security systems involved in contractual in life delivery of 24x7x365 customers from commercial Cyber Security Operations Centre.
  • Will be behaviour reference model in terms of assume responsibility, take decisions and looking forward to continues improvement the way of work.
  • Supports in the delivery, implementation and operational end to end delivery for a subset of an IT security service and for a subset of the IT Security strategy, policy, procedures, processes, systems, threat identification & response that provide security services and solutions for or on security systems and infrastructure.
  • Will be Security technical reference model providing senior skills levels as it be demanded from the stakeholders identified with from commercial Cyber Security Operations Centre.
  • Will create and maintenance the technical Procedures definitions, Technical Documentations based in RunBooks and locating in the standards sites defined.
  • Will monitor that technical documentation is adequate to provide the level of quality and support to current needs for contractual in life delivery customers.
  • Will be provide proactive/reactive security technical support to Cyber Security Professional Security Analyst of Analytical Operational Security.
  • Will be involved in technical escalations process based in matrix defined for every process: Incident Security and Change Management.

 

Key Responsibilities:

  • From Prevention/Prediction way to apply the Detection, Response an Remediation: Expertise and Manage existing Threat Intelligence Systems based in define adequate criteria to apply the Detection and Remediate Security configurations over Security Systems Technologies.
  • From Deterministic way to apply the Detection, Response an Remediation: Align the Incident Security Detection Customers configurations that should be applied in IT Security Systems Technologies with MITRE ATT&CK Frameworks Definitions for the correspondence tactics and techniques of attack and defence.
  • From No - Deterministic way to apply the Detection, Response an Remediation: Align the Threat Models configurations to possible  Threat Anomalies detection.
  • Provide audit methodology based in OSINT to guarantee the correct application in Incident Security Management Process for the correspondence UCs and/or Threats/Breaches Security Detections to apply the right  Response and/or Remediation.
  • Responsible of Quality based in OSINT for complete Incident Security Management process: Detection, Analysis, Response and Remediation activities Security.
  • Will report and manage escalations to providers and/or vendors in case be required
  • Manage EDR solutions on an administrative and configuration level to support the tool and its correct operation.

 

Soft Skills: 

  • Reference Model. The behaviour in aptitude and attitude will be always a reference model for Cyber Security Professional Security Analyst of Operational Security and Customers.
  • Customer focus. Ability to meet the customers’ needs in line with the business requirements.
  • Result-orientation. Focusing on the objectives and the required outcomes of the processes while delivering a service.
  • Teamwork. Working with a cooperative and positive attitude in a group setting to achieve common goals.
  • Communication skills. Communicating effectively and efficiently while adapting to your audience and getting the message through as intended.
  • Logical thinking. Ability to comprehend and to oversee various aspects of a problem or a situation.
  • Teaching and Coaching. Ability on the way of transmit the knowledge and experience giving step more ensuring the receptor catch up the keys to performance a service deliver with the quality measures.
  • Taking ownership. Taking the responsibility and taking care of the consequences of making a decision.
  • Analytical mindset. Using all data and information available to analyse and understand a situation, with the aim of supporting decisions.
  • Attention to detail. Focusing on all aspects and details of a task and delivering your output with a high level of accuracy.
  • Leadership skills. Strengths and abilities that help to oversee processes and guide people toward the achievement of goals.
  • Problem-solving. Ability to find root causes of problems and to focus on their quick and efficient solution.
  • Ability to think out of the box considering collateral environments and understanding roles/responsibilities of collateral stakeholders (customer mainly).
  • Language: Spanish and English fluent. Other languages will be recognized as advantage.

 

Skills/Experience: 

- Minimum 3 years of experience and senior skills level in knowledge of Security management, network and information security, people security and running of one or more services within a Security Operations Centre.

- Minimum 3 years of  experience and senior skills level  and deep Knowledge:

  • Knowledge of the TCP/IP protocol suite, DHCP, DNS, LAN/WAN, and Operating System concepts.
  • Knowledge network security knowledge to include remote access, DMZ architecture, network monitoring, intrusion detection, and web server security.

- Minimum of 3 years of experience in security operations support preferable CySOC Teams or equivalent in CNOC/NOC handled P1 and P2 Incident Security  Management Process for Detection, Analysis, Response and Remediation.

- Senior level technical skills in IT Security Systems Technologies and security organization/companies landscape systems:

  • SIEMs.
  • Log Management.
  • XDR Solutions.

- Senior level technical skills and knowledge to understand and apply MITRE ATT&CK Frameworks Definitions to Detection Threats , Breaches and Vulnerabilities:

  • UCs: Defining, Designing, Implemented and Maintenance.

- Experience Skills in Incident Response and Remediation based in malware:

  • Analysis of malware to extract atomic indicators of compromise, profile malware behaviour, and articulate recommendations for mitigating and detecting malware.
  • Discover and investigate malicious activities in order to determine various tactics such as exploitation methods, and effects on systems and information.
  • Provides technical support needed for cyber incident response investigations including, containment, eradication and remediation activities with a focus on malware analysis.

- Senior level technical skills and Knowledge to understand in UEBA Threat Anomalies Detections.

  • Threat Models Detection Implementation and Maintenance.

- At least knowledge of coding/programming and use of at least one coding language.

 

Business Impact:

The responsibilities of these team members have a direct impact in Customer Satisfaction which are based in obtain the level of service contracted and demanded so their contribution will be come from their influence in customer keep satisfied with the service deliver and then facilitate the opportunity to renewal the current contracts or add new contract services.

  • Will be proactive to obtain customer feedback and/or internal stakeholders based in keep monitoring the quality delivered to customer beyond of KPIs results.
  • When it will be demand in new potential opportunities will participated supporting sales security team in tasks oriented to the way of provide the operations from technical perspective.

 

Qualifications:

- Superior grade formative cycle:

  • Title of Higher Technician in Network Computer Systems Administration.
  • Degree of Higher Technician in Multiplatform Application Development.
  • Title of Higher Technician in Web Applications Development.
  • Degree of Higher Technician in Telecommunications and Computer Systems.
  • Degree of Higher Technician in Electronic Maintenance.
  • Specialization Course in Cybersecurity in Information Technology Environments.

- Technical or higher degrees or engineering:

  • Computer Engineering and specializations.
  • Telecommunication Engineering and specializations

- Additional valuable Certifications:

  • Comptia Security +.
  • CEH.
  • Cisco CCNA routing & switching or CCNA Security.
  • SIEM. QRadar/Sentinel/Splunk/LogRythm (Medium/High Level Certification).
  • XDR. Solutions Crowdstrikem, Cortex, Carbon Black ((Medium/High Level Certification).
  • Sandboxing Systems Demonstrate knowledge. AnyRun, Cuckoo or symilars.
  • Anomaly Detection. Darktrace, CiscoThreatStream.
  • TIPS Demonstrate knowledge. Anomaly, TreatConnect, etc.
  • Orchestration Demonstrate knowledge. Resilient, XSOAR, TheHive.

- Recognised technical qualification or accreditation in field of Security Specialism.