Cyber SOC Specialist - CNI Privileged Access lead

Job Description

Job Req ID: 57947

Posting Date: 24th May 2026

Function: Cyber Security

Location: Bristol & Manchester (preferred), Birmingham, Belfast, Glasgow, London, Sheffield

Closing Date: 8th May 2026

About the role

As BT Group is one of the most critical of all UK Critical National Infrastructure defending against cyber-attacks is our highest priority, the service availability is pivotal for the UK and Global connectivity. Growing on a daily basis we see more sophisticated threat actors (often nation states) developing their tactics to new heights and targeting our industry, the CNI team will be a key part within our elite Cyber Operations team to keep BT Group and the UK critical networks safe.

BT Group’s Cyber Operations and Intelligence leverage threat intelligence, predictive analytics, automation and proactive lessons learned through exercising, to ensure BT Group is equipped to meet the continually evolving threat landscape in an agile, ambitious, proactive and financially astute manner.
The dedicated Critical National Infrastructure team will be responsible for defining and triaging intelligence from BT Groups range of sources and partners, and determining the potential risk and impact to the CNI BT manages and its underpinning technologies. With the threat-led strategy the cyber security specialists will conduct a range of proactive threat hunting activities and reactive monitoring of security tooling to investigate signs of potential malicious activities and carry out any remediation actions required to ensure the infrastructure remains secure and online.

The CNI team will be using the already established ways of working within Protect BT group for Cyber Ops including incident response, incident management, threat intelligence, and threat hunting, but will be specialised in the BT Network infrastructure domains defining the operational service wrap for; remaining 3G, 4G/ 5G mobile infra, Fixed networks, cell towers and other aspects of our core network (including privileged access workstations).
Operating within the requirements of the Telecommunications Security Act, this role directly contributes to protecting BT’s customers, reputation and national services by monitoring and acting against threats towards privileged access and identity services that operate and change the network. The work has real world impact, supporting 24/7 live operations and ensuring that critical services remain secure, available and trustworthy.

Working along side our partners within NCSC and other Telecommunications providers we will be developing our Strategic and Operational collaboration working groups to best use BT’s ringside seat to establish targeted bilateral intelligence-sharing relationships with similarly capable Global peers.

This role is hybrid (3 days in office) & can be based in one of the following offices: Bristol & Manchester (preferred) Birmingham, Belfast, Glasgow, London, Sheffield
​

BPSS Clearance eligibility is required

What you’ll be doing

• Responsible for ensuring BT is defended against threat attack vectors, actors and their tactics, techniques and procedures (TTPs) focusing on BTs CNI, including on call escalation where required.
  
• Actioning intelligence by either proactive threat hunts, or actions withing security tooling.
  
• Responsible for actioning reactive security alerts/incidents following the incident response plan, sot ensure containment, remediation, and review.
  
• To deliver rapid comprehensive and evidentially sound cyber security investigations
  
• To contribute towards the threat detections creation analytic tuning and governance.
  
• Responsible for working across PBT to effectively manage cyber security issues and incidents
  
• Ensures the effectiveness of the Cyber operation to minimise the impact of cyber incidents to BT and customers.
  
• Work with vendors and third party providers to define and maintain secure baseline configurations across technology platform.
  
• Drive continuous improvement by sharing knowledge of emerging threats, trends and operational best practice.
  
• Build strong partnerships across security engineering, vulnerability, service and operations teams to deliver effective, joined up security operations.
  
• Work with wider Protect BT teams focusing on TSA requirements for PAW, PAM, IAM.
  
• Contributing towards collaboration with partnerships with internal and external working groups (NCSC/ Global System for Mobile Communications Association G (GSMA)
  
• Contribute to continual improvement of BT's capability to operationally exploit tools and data to better Protect BT, its business and reputation.
  
• Contribute to Cyber Security SOC Area to ensure that the PBT Cyber Operations is effective, agile and responsive and that people, processes and technology are enabled to go beyond limits.
  
• Deputises for Area Manager where required

Essential Skills / Experience

• Proven experience in security operations, including incident response, monitoring, threat hunting and security analysis in live environments.
• Experience in PAW, PAM,IAM solutions / with an understanding of identity, authentication, authorisation and privileged access technologies
• Calm & Decisive under pressure: effective at driving calm and effective response to cyber security issues
• Strong collaboration skills across security, engineering and operations teams.

Desirable Skills / Experience

• Communication, Visual & Written skills: Very strong communication, visual & written skills.
• Technical Excellence: Industry leading technical expertise and knowledge of Mitre ATT&CK Mobile Framework TTP’s
• Experience with SIEM, SOAR, EDR, vulnerability and threat intelligence tooling.
• Previous experience dealing with mobile/fixed networks and understanding of importance within a network. (4G, 5G, Signalling, SS7, BGP)
• Clear communicator with a proactive approach to continuous learning and improvement.
• Influencing skills: Ability to persuade, influence and motivate others, with the right sense of urgency, without having formal authority.
• Building External Relationships: partner relationships with other SOCs (peers, customers and vendors) and National Cyber Security Centre operations.
• Familiarisation with legal frameworks and relevant BT policies governing specialist cyber investigation techniques and evidential standards, understanding how to seek appropriate advice.
• Practical knowledge and experience of day to day Cyber security operations.
• Excellent technical credentials, able to play a leading part in technically capable high performing and motivated teams.
• Experienced in handling Cyber security threats and incidents.
• Fully conversant with MITRE ATT&CK/Mobile and its utilisation for SOC and Cyber security.
• Typically qualified to degree level, or equivalent professional experience.
• Member of a professional body and/or with industry recognised qualifications e.g. BCS, CISSP, CISM IET etc.

Our Package

• On target 10% on target bonus​
• BT Pension scheme, minimum 5% Employee contribution, BT contribution 10%​
• From January 2025, equal family leave: receive 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate. It’s for all parents, no matter how your family is made up.​
• Enhanced women’s health support: including help with menopause symptoms, cancer screenings, period care and more.​
• 25 days annual leave (not including bank holidays), increasing with service​
• 24/7 private virtual GP appointments for UK colleagues​
• 2 weeks carer’s leave ​
• World-class training and development opportunities​
• Option to join BT Shares Saving schemes.

BT Group is the UK’s leading communications group and the holding company behind some of the country’s most recognised brands – including BT, EE, Openreach and Plusnet. Our purpose is as simple as it is ambitious: we connect for good. Our customers include consumers, small, medium and large businesses, public sector organisations and other communications providers.

BT Group’s role is about setting direction, unlocking value and creating the conditions for our brands and businesses to thrive.

Having come through the most capital-intensive phase of our fibre investment, our focus now is on what comes next – simplifying how we operate, using technology and AI to work smarter, and organising ourselves to serve customers better and grow sustainably. Group teams shape strategy, policy, brand, capital allocation and transformation, helping the whole organisation perform at its best.

We have a singular culture that unites all our people: we are customer-first challengers, who are committed, clear and connected. These behaviours unite us as one team to deliver for our colleagues, our customers, our stakeholders and the country. Joining BT Group means working at the heart of a business that matters to the UK, with the opportunity to shape decisions, influence outcomes and help set the future course of one of the country’s most important companies.