SS7 Monitoring Specialist

Job Description

Join Us

At Vodafone, we’re not just shaping the future of connectivity for our customers – we’re shaping the future for everyone who joins our team. When you work with us, you’re part of a global mission to connect people, solve complex challenges, and create a sustainable and more inclusive world. If you want to grow your career whilst finding the perfect balance between work and life, Vodafone offers the opportunities to help you belong and make a real impact.

What you’ll do

Cyber Defence Operations (CDO) is Vodafone Group’s Cyber Defence Operations Centre of Excellence. CDO’s mission is to protect Vodafone customers against global cyber risk. CDO is specifically accountable for delivering:

• Cyber Defence operational leadership across Vodafone.
• Cyber Defence operational capabilities to Vodafone Group, the Local Market Operating Companies, and Partner Markets to enhance Vodafone’s global cyber defence posture and reduce its cyber risk.

The is accountable for providing advanced operational defence against signalling based threats impacting Vodafone’s telecommunications networks. The role specialises in monitoring, analysing, detecting, and responding to security events across SS7, Diameter and GTP-C using Signalling Firewalls and Signalling Intrusion Detection Systems.

As an escalation point for complex signalling incidents, the role leads investigations through deep protocol analysis, telemetry interrogation and advanced analytics while also owning continuous improvement of playbooks, dashboards, and operational processes. Additionally, the role collaborates with global Vodafone Cyber Security teams, including CERT and Incident Management, to support major incident investigations and cross functional initiatives.

• Define, maintain and continuously improve Cyber Defence playbooks for SigFW related events.
• Develop clear and actionable incident reporting to support effective prioritisation, escalation and decision making.
• Support development and production integration of Signalling Intrusion Detection Systems (SigIDS).
• Design and maintain operational dashboards and analytics to improve signalling security situational awareness.
• Perform continuous monitoring and triage of signalling security events in line with defined severity and escalation criteria.
• Lead the analysis of unusual signalling patterns, behaviours and anomalies within the network, identifying potential SS7/Diameter abuse and responding to threats before network impact occurs.
• Analyse known and emerging signalling attack techniques (e.g. interception, location tracking, routing manipulation, fraud enablement) and translate these into effective detection logic, analytics and investigative guidance.
• Maintain expert knowledge of SS7/Diameter abuse patterns and translate this into detection logic, alerts and investigative guidance.
• Feed lessons learned from incidents and intelligence back into preventative controls, dashboards and playbooks.
• Raise and manage incident and remediation tickets (e.g. Remedy)
• Manage enrichment of signalling telemetry (e.g. via Cribl coordinated through GitHub Enterprise).
• Consume telecom specific threat intelligence and integrate insights into SigFW/SigIDS detections, playbooks and operational workflows.
• Identify control gaps and propose enhancements to detection logic, SigFW policies and operational procedures to improve signalling security posture.
• Act as a technical liaison between Cyber Defence and Network Engineering to influence signalling security policy, control design and operational effectiveness.
• Brief internal and external stakeholders including NCSC, NSIE and Ofcom where required.
• Evaluate and optimise signalling security tooling to ensure effective defence against evolving threats and emerging attack techniques.

Who you are

• Strong willingness to learn and adapt to new tools, technologies and emerging signalling threats in a fast moving security environment.
• Open minded, collaborative and comfortable working across technical and operational teams.
• Demonstrates resilience, curiosity and a positive attitude when operating in high pressure incident environments.
• Experience with telecommunications signalling protocols (SS7, Diameter, GTP‑C) or strong willingness to rapidly develop expertise in this area.
• Strong analytical capability across large signalling telemetry datasets to identify anomalies, abuse patterns and emerging threats.
• Experience working within an operational Cyber Defence or SOC environment, including incident triage and escalation.
• Hands‑on experience in security event analysis and incident response, particularly within network or telecoms contexts.
• Experience using security analytics and monitoring platforms such as Dynatrace, Splunk, Google SecOps and Tableau.
• Understanding of telemetry pipelines, log enrichment, and data quality considerations (e.g. Syslog, Cribl or similar).
• Ability to communicate complex technical findings clearly to both technical and non technical stakeholders.
• Excellent verbal and written communication skills with the ability to articulate complex technical concepts clearly and concisely.
• Highly disciplined and motivated, able to work independently, under direction or collaboratively as part of a wider team.
• Strong understanding of security threats and abuse patterns relevant to telecommunications networks and signalling environments.
• Bachelor’s degree in cyber security, Information Technology, Telecommunications Engineering, or a related field or equivalent professional experience.
• Working towards, or willingness to obtain, relevant professional certifications in areas such as network security, security analytics, intrusion detection, or incident response (e.g. GCIA, GNFA, Splunk certifications, cloud security certifications, or equivalent).

Not a perfect fit?

Worried that you don’t meet all the desired criteria exactly? At Vodafone we are passionate about empowering people and creating a workplace where everyone can thrive, whatever their personal or professional background. If you’re excited about this role but your experience doesn’t align exactly with every part of the job description, we encourage you to still apply as you may be the right candidate for this role or another opportunity.

What's in it for you

Yearly bonus: 10%
Annual leave: 28 days + bank holidays + the opportunity to buy/sell/carry over 5 days/year
Charity days: 5 days/year
Maternity leave: 52 weeks: the first 13 weeks are fully paid, followed by 26 weeks of half pay
Private pension: You can contribute up to 5% of your basic pay with 2:1 matching from Vodafone up to 10%.
Access to: private medical, private dental, free health assessments, share save scheme
Additional discounts: Vodafone retail, gym, cinema, cycle to work, season ticket loan

Who we are

We are a leading international Telco, serving millions of customers. At Vodafone, we believe that connectivity is a force for good. If we use it for the things that really matter, it can improve people's lives and the world around us. Through our technology we empower people, connecting everyone regardless of who they are or where they live and we protect the planet, whilst helping our customers do the same.

Belonging at Vodafone isn't a concept; it's lived, breathed, and cultivated through everything we do. You'll be part of a global and diverse community, with many different minds, abilities, backgrounds and cultures. ;We're committed to increase diversity, ensure equal representation, and make Vodafone a place everyone feels safe, valued and included.

If you require any reasonable adjustments or have an accessibility request as part of your recruitment journey, for example, extended time or breaks in between online assessments, please refer to https://careers.vodafone.com/application-adjustments/ for guidance.

Together we can.