Incident Response Playbook Engineer

BT

Posted

From £68,000 per annum Full Time Contact: Human Resources Reference: 154752

Security isn't always the first thing that comes to mind when you think of BT, but when it comes to keeping everyone safely connected, We Are The Protectors. We deal with thousands of cyber-attacks every day, so that millions of people can safely go about their daily lives and run their businesses. We deliver vital work at scale, with real breadth and impact. We connect for good.

About this role

This is an opportunity to play your part and protect our company, our customers and our communities from cyberattack. Be part of a dedicated team and get ready to be challenged every day to make the most of your skills and experience. You’ll learn from those around you, and from outstanding training and development resources to become even better at what you do. With the best technology at your fingertips, you'll be part of a friendly and flexible working environment where your contribution is always valued.

This is an opportunity to play your part and protect our company, our customers and our communities from cyber-attack. Be part of a dedicated team and get ready to be challenged every day to make the most of your skills and experience. You’ll learn from those around you, and from outstanding training and development resources to become even better at what you do. With the best technology at your fingertips, you'll be part of a friendly and flexible working environment where your contribution is always valued.

ThreatCo is our internal Security step-change programme, fuelled by major investment, to build services where customers can just feel protected no matter what changes in their environment. Turning intelligence into proactive, predictive protection.

Identification, acquisition and exploitation of diverse data is core to our future security strategy, this includes our strategy ThreatCo programme, Protect Operations, Service Optimisation and other growth initiatives within Security.

The Playbook Engineer role is part of our ThreatCo DevSecOps team and is key to the development of the ThreatCo vision by ensuring that the full complement of operational playbooks is in place and available to underpin the use case development and in-life support capabilities that ThreatCo will bring, to give customers the confidence that they are fully protected even as their threat landscape changes around them.

 

 

You'll have the following responsibilities

  • Lead the development, testing, deployment and documentation and integration of the SIEM, SOAR and EDR systems within ThreatCo
  • Drive the automation of playbooks/workflows and continuously review for opportunities to add further automation.
  • Develop and support a Playbook/workflow repository to maximise collaboration and knowledge share amongst the teams. 
  • Champion the maximising of SOAR’s technical issues/features, and work closely with the wider design, delivery, operational engineering teams to deliver and effective and optimised solution
  • Continually look to identify and implement Security led improvements 
 

You'll have the following skills & experience

  • Strong experience of writing Playbooks/workflows within security related toolsets
  • Experience working on customer-leading SIEM/SOAR deployments with awareness of the major toolset such as XSOAR, Resilient, QRadar, Crowdstrike, Skybox, Splunk
  • Experience of working in a solution design role for security systems and/or experience working within a managed security organisation with SIEM applications and platforms
  • Awareness of cyber security threats and their potential to compromise or disrupt business operations
  • Awareness and experience of working with the MSSP (multi-tenanted) solutions desirable
  • Experience of full DevSecOps life-cycle and software/systems integration
  • Excellent understanding of software development practices and principles including experience of Python, REST, and JSON data
  • Infrastructure as code
  • Experience of cloud solutions such as AWS desirable
  • Ability to analyse and understand log files, data dumps for the purpose of extracting enrichment data
  • Ability to learn quickly and deliver quality code to tight deadlines
  • Excellent planning and execution skills
  • Extensive experience and technical awareness across Cyber Security sector
  • Stakeholder management, communication and influencing skills
  • Excellent leader who can proactively manage their own workstack and customer opportunity
 

Benefits

  • Free BT Broadband
  • Discounted TV & mobile packages and BT products
  • On target Bonus
  • Share options and 10% pension contribution
  • Professional development and paid for industry certifications/qualifications
  • Flexible benefits/rewards including dental insurance, healthcare, gym memberships etc.
  • Well-being support for you and your family
  • 3 days paid volunteering a year
  • Flexible and smart working (subject to business needs)
 

About BT

There are two things that we want to share with anyone considering joining us.

Firstly, we’ve got big ambitions for our colleagues and the future of the organisation. These include our vision that inclusion and accessibility drive every conversation we have and every decision we make. We want our workforce to fully represent the communities and customers we serve, because a diverse business is a better business. We value every colleague, their diversity and the contribution that they make. When we say you’re welcome at BT, we really mean it.

Secondly, the one thing the pandemic has taught us is that a lot of current and future colleagues, where and when possible, want to embrace hybrid working. Therefore, we are introducing Smart Working at BT. Smart Working means having the flexibility to choose, as a team, how and where you work depending on your team’s deliverables and needs; when you are at your shared core location to connect with others and when not. It may not be for every role, and, as part of the recruitment process, you’ll have the chance to discuss Smart Working and how it might work for the job you are applying for.

Security isn’t always the first thing that people think of with BT, but it is one of the fastest growing parts of our global organisation. We protect our networks from more than 6,500 cyber-attacks each day, invest over £40m in research each year and employ more than 3,000 people - which makes us the largest private cyber security employer in the UK. With incredible opportunities to learn, develop and grow your skills, we’ll invest in you, nurture potential and shape your future – whatever your background or experience. You can find out more about Security in BT here

 

In today’s world, safe and secure digital connections have never been more vital. You’ll be joining a global company operating at the forefront of the information age: BT employs 90,000 people in 180 countries. With huge scale, we’re capable of achieving great things, striving to be personal, simple, and brilliant for our customers whilst creating an inclusive working environment where people from all backgrounds can succeed. Play your part. Make a difference. We are the Protectors.

 

How to Apply

It's easy to apply online; you just need a copy of your up-to-date CV and to follow the step-by step process. Don't worry if you need to make changes - you'll have the opportunity to review and edit your work on the final page. We look forward to receiving your application!

Report a problem with this job listing

We can't find any similar jobs at the moment.

See all the latest jobs