SIEM Application Engineer

Why this job matters

The new Network SIEM is essential to BT’s network security, meeting TSA requirements and improving our CAF level. Your role as a SIEM Application Engineer in Security Engineering is to support the development, implementation, operation and support of BTs Strategic SIEM development. 
We are seeking a skilled SIEM Application Engineer with expertise in Elasticsearch to join our dynamic team. As a SIEM engineer, you will play a critical role in designing, developing, and maintaining our security information and event management (SIEM) system. Your focus will be on leveraging Elasticsearch and related technologies to enhance threat detection, incident response, and overall security posture.

This role is hybrid (3 days in office) and can be based in one of the following offices: Birmingham, Manchester, Ipswich (Ipswich only applicable to existing BT employees)

What you’ll be doing

SIEM Solution Development:

• Collaborate with security analysts and architects to design and implement SIEM solutions using Elasticsearch.
• Optimize SIEM rules, alerts, and dashboards for efficient threat detection.

Collaboration:

• Collaborate effectively with others to drive forward key security objectives
• Presentation and documentation writing (to both technical and business audiences)

Query Optimization and Performance Tuning:

• Write efficient Elasticsearch queries to retrieve relevant security events.
• Monitor and manage the performance of the SIEM infrastructure.

Security Engineering:

• Contribute to security engineering projects, transitions, and transformations.
• Work closely with security operations and associated security incident response systems
• Stay informed about emerging threats and security best practices.

Data Ingestion and Enrichment:

• Configure Elasticsearch pipelines for data ingestion from various sources, primarily from Kafka
• Enhance data enrichment by integrating threat intelligence feeds and contextual information.
• Keep abreast of relevant technologies in the area
• Reading, attending briefings and talks. 

• Contribute to the running of your team. 
• Knowledge-sharing, 
• In team discussions, 
• Defining and improving working procedures 
• Organisation of team events. 

• Help colleagues in the team to grow by mentoring when required. 
• Keep abreast of relevant news and updates at BT. This may entail the following: attending briefings and talks. 
• Agree personal goals with the Team Lead for the year and work towards achieving these. 

Skills Required for the Role

Essential:

Security and Compliance with Elastic Security:

• Set up access controls, authentication, and encryption using Elastic Security features.
• Ensure compliance with data protection regulations.

Detection Rule Development: 

• Ability to create, test, and optimise detection rules to identify suspicious activities and potential threats based on the  MITRE ATT&CK Framework

Performance Tuning with Elasticsearch and Logstash:

• Fine-tune query performance using Elasticsearch indices and mappings.
• Monitor Logstash pipelines and optimize resource utilization.

Kibana Visualization and Monitoring:

• Leverage Kibana for data visualization, dashboards, and real-time monitoring.
• Create custom visualizations to track data quality metrics and system performance.

Elastic integration

• Integration of the SIEM with critical systems to provide alerting, monitoring, data enrichment.

ETL Processes with Logstash:

• Design, develop, and maintain data pipelines using Logstash, part of the Elastic Stack.
• Automate data ingestion, transformation, and loading tasks.

Beats for Data Collection:

• Agent and Agent Policy Management: Proficiency in configuring and managing agents, including setting up agent policies for various operation systems. 
• Ensure seamless data flow from endpoints to the Elastic Stack.

Data Cleaning and Enrichment with Elasticsearch:

• Utilize Elasticsearch for efficient data storage and retrieval.
• Implement data validation, enrichment, and indexing.
• Collaborate with data analysts to create meaningful search experiences.

Database Architecture and Scaling with Elasticsearch:

• Optimize data storage and retrieval mechanisms within Elasticsearch clusters.
• Implement sharding, replication, and index management strategies.

End-to-End Solution Delivery: 

• Expertise in taking ownership of a requirement from start to finish, including gathering detailed requirements, designing, and implementing robust, innovative solutions.

Experience Required for the Role

Mandatory

• Bachelor’s/Master’s degree in Computer Science, Information Systems, Engineering, or other related fields
• 5+ years of engineering experience in delivering cybersecurity solutions
• Experience in key cyber technologies such as SIEM technologies (Elastic preferred), vulnerability management, access management and other commonly used Enterprise security controls. Ideally from both a development and operational perspective

Advantageous:

• SIEM implementation and usage Experience of Elastic Stack (ELK)
• Knowledge of Offensive testing frameworks
• Knowledge of Linux, Windows and Network Administration
• Knowledge and experience of cloud services (public or private), OpenStack and K8S
• Cyber security qualifications
• Knowledge of Telecoms Security Act (TSA)
• Knowledge of architectural concepts such as microservices, service mesh.
• Knowledge of Git and Devops practices
• Knowledge of Terraform/Ansible systems
• Strong knowledge of security policy/regulatory frameworks
• At least 3-5 years experience of cyber security engineering and delivery

Benefits

• On target 10% on target bonus​
  
• BT Pension scheme, minimum 5% Employee contribution, BT contribution 10%​
  
• From January 2025, equal family leave:  receive 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate. It’s for all parents, no matter how your family is made up.​
  
• Enhanced women’s health support: including help with menopause symptoms, cancer screenings, period care and more.​
  
• 25 days annual leave (not including bank holidays), increasing with service​
  
• 24/7 private virtual GP appointments for UK colleagues​
  
• 2 weeks carer’s leave ​
  
• World-class training and development opportunities​
  
• Option to join BT Shares Saving schemes.