Siem Content Delivery Professional

Security isn't always the first thing that comes to mind when you think of BT, but when it comes to keeping everyone safely connected, We Are The Protectors. We deal with thousands of cyber-attacks every day, so that millions of people can safely go about their daily lives and run their businesses. We deliver vital work at scale, with real breadth and impact. We connect for good.

**About this role**

This is an opportunity to play your part and protect our company, our customers and our communities from cyber attack. Be part of a dedicated team and get ready to be challenged every day to make the most of your skills and experience. You’ll learn from those around you, and from outstanding training and development resources to become even better at what you do. With the best technology at your fingertips, you'll be part of a friendly and flexible working environment where your contribution is always valued.

This position will be working in our customers National Management Centre (NMC) as a SIEM Consultant. The National Management Centre (NMC) will provide visibility and control of information risks for Policing. It will support the 24x7x365 nature of the police operations, providing a threat detection and response capability for digital services before, during and after cyber-attacks, enabling stakeholders to understand and proactively manage risk across the technology estate at both the national and force level.

**You'll have the following responsibilities**
- You’ll be responsible and accountable for new and updated rules, log sources, dashboard and documentation
- Continuously identifying operational and technical improvements that can be made within the SIEM tools
- The role is responsible and accountable for the lifecycle of a use-case, a dashboard & log source.
- The role is responsible for supporting playbook creation (configuration) of existing or new log-sources
- The role is responsible for defining time and risk information related to the delivery of the use-case dashboard and log source deliverables.
- The Role will create or modify standard and custom rules either with a manual custom rule or via automation within the NMC SIEMs.
- The role will continuously identify operational and technical improvements that can be made within the NMC with a focus on automation.
- Peer review activities as requested by NMC Operations SLT.
- Creation of content on SIEM
- Creation rules on SIEM
- Input new IOCs and content based on Threat Intel or any NMC services into the SIEMs.
- Highlight parsing issues (reactive)
- Tuning of existing content in liaison with other NMC services.

**You'll have the following skills & experience**
- Proven experience in SIEM content delivery
Content provision in line with log source integration
Playbook support
The role owner will need to have specific expertise and experience of SIEM technology and on various log source types. They also need to have skills to perform profiling of performance of SIEM rules, triggers, use-cases.
The role owner will need to be able to maintain as-is but also onward develop the configuration of the SIEM tooling to meet the agreed use-cases and future use-cases
Evidence of delivering SIEM content
Awareness of the threat landscape and how that informs SIEM content delivery.
Ability to convert elements such as Postattack Frameworks and Threat Intel into deliverable content.
Experienced in SIEM technology
Development of SIEM rules and use-cases
Experience of working in an operational security environment
Experience in internal and external stakeholder management and engagement
Ability to acquire SC and NPPV3 level clearances

**Benefits**
- Free BT Broadband
- Discounted TV & mobile packages and BT products
- On target Bonus
- Share options and 10% pension contribution
- Professional development and paid for industry certifications/qualifications
- Flexible benefits/rewards including dental insurance, healthcare, gym memberships etc.
- Well-being support for you and your family
- 3 days paid volunteering a year

**About BT**

There are two things that we want to share with anyone considering joining us.

Firstly, we’ve got big ambitions for our colleagues and the future of the organisation. These include our vision that inclusion and accessibility drive every conversation we have and every decision we make. We want our workforce to fully represent the communities and customers we serve, because a diverse business is a better business. We value every colleague, their diversity and the contribution that they make. When we say you’re welcome at BT, we really mean it.

Security isn’t always the first thing that people think of with BT, but it is one of the fastest growing parts of our global organisation. We protect our networks from more than 6,500 cyber-attacks each day, invest over £40m in research each year and employ more than 3,000 people - which makes us the largest private cyber security employer in the UK. With incredible opportunitie