Security Engineer Specialist

Why this job matters

BT Group’s ability to operate and protect the UK’s national telecommunications infrastructure depends on strong, reliable and well governed privileged access controls. This role is critical to ensuring that access to live network applications is secure, auditable and resilient, reducing the risk of service disruption, cyber compromise and regulatory noncompliance.
Operating within the requirements of the Telecommunications Security Act, this role directly contributes to protecting BT’s customers, reputation and national services by building, running and maintaining the privileged access and identity services that engineers rely on to safely operate and change the network. The work has real world impact, supporting 24/7 live operations and ensuring that critical services remain secure, available and trustworthy.

This role is hybrid (3 days in office) & can be based in 1 of the following sites: Birmingham, Belfast, Bristol, Glasgow, London, Manchester, Sheffield

What you’ll be doing

• Design, build, automate and operate TSA aligned Privileged Access Workstations, Privilege Access Management and Identity Access Management platforms supporting the live network and critical applications. 
  
• Ensure platforms are secure, resilient and highly available, meeting agreed service levels and supporting 24/7 operations.
  
• Embed security controls by design, translating TSA and BT security requirements into implemented, testable technical controls. 
  
• Monitor, maintain and continuously improve platform reliability, performance and security posture. 
  
• Assess and manage security risk and control maturity, using threat modelling, security assessments, and resilience testing to inform design and investment decisions. 
  
• Respond to incidents and service issues, participating in an on-call rota to support PAW, PAM and IAM services in live operation. 
  
• Work closely with architecture, service and operations teams to deliver compliant, and operable secure access solutions. 
  
• Produce and maintain technical documentation and compliance evidence to support TSA assurance and audit activities.
  
• Potential line management opportunities but not essential to have experience in it

Skills Required for the Role

• Hands on engineering experience designing, building, automating, hardening as well as operating secure access and identity services for live, business critical environments.
• Comfortable making mistakes, learning from them, fixing them, and moving on.
• Experience producing clear technical documentation and compliance evidence to support audit and assurances activities.
• Understanding of identity, authentication, authorisation and/or privileged access concepts within enterprise and network centric environments. 
• Confidence working across Windows and Linux platforms, directory services, networking and secure remote access technologies. 
• Ability to operate calmly under pressure, troubleshoot complex technical issues and restore service safely on live systems. 
• Strong collaboration skills. 
• A proactive approach to learning, continuously developing technical depth across security technologies. 
• Clear and effective communication skills, able to explain technical issues, risks and decisions to a range of stakeholders.

Experience Required for the Role

• Knowledge of any of the below is advantageous:
• • Windows/Linux server ecosystem.
  • PKI.
  • Identity Access Management.
  • Firewalls/ VPN / ZTNA.
  • Proxy servers.
  • Privileged Access Management.
  • PowerShell scripting and Ansible. 
• Technical design, build and delivery.
• Writing security operating procedures.
• Security control integration.
• Security hardening & hygiene.
• Working in regulated environment 
• 24/7 technical operations.

Benefits

• On target 10% on target bonus​
• BT Pension scheme, minimum 5% Employee contribution, BT contribution 10%​
• From January 2025, equal family leave:  receive 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate. It’s for all parents, no matter how your family is made up.​
• Enhanced women’s health support: including help with menopause symptoms, cancer screenings, period care and more.​
• 25 days annual leave (not including bank holidays), increasing with service​
• 24/7 private virtual GP appointments for UK colleagues​
• 2 weeks carer’s leave ​
• World-class training and development opportunities​
• Option to join BT Shares Saving schemes.

About us

BT Group was the world’s first telco and our heritage in the sector is unrivalled.  As home to several of the UK’s most recognised and cherished brands – BT, EE, Openreach and Plusnet, we have always played a critical role in creating the future, and we have reached an inflection point in the transformation of our business. 
 
Over the next two years, we will complete the UK’s largest and most successful digital infrastructure project – connecting more than 25 million premises to full fibre broadband.  Together with our heavy investment in 5G, we play a central role in revolutionising how people connect with each other. 
 
While we are through the most capital-intensive phase of our fibre investment, meaning we can reward our shareholders for their commitment and patience, we are absolutely focused on how we organise ourselves in the best way to serve our customers in the years to come.  This includes radical simplification of systems, structures, and processes on a huge scale. Together with our application of AI and technology, we are on a path to creating the UK’s best telco, reimagining the customer experience and relationship with one of this country’s biggest infrastructure companies.  
 
Change on the scale we will all experience in the coming years is unprecedented.  BT Group is committed to being the driving force behind improving connectivity for millions and there has never been a more exciting time to join a company and leadership team with the skills, experience, creativity, and passion to take this company into a new era.

A FEW POINTS TO NOTE:

Although these roles are listed as full-time, if you’re a job share partnership, work reduced hours, or any other way of working flexibly, please still get in touch.

We will also offer reasonable adjustments for the selection process if required, so please do not hesitate to inform us.

DON'T MEET EVERY SINGLE REQUIREMENT?

Studies have shown that women and people who are disabled, LGBTQ+, neurodiverse or from ethnic minority backgrounds are less likely to apply for jobs unless they meet every single qualification and criteria. We're committed to building a diverse, inclusive, and authentic workplace where everyone can be their best, so if you're excited about this role but your past experience doesn't align perfectly with every requirement on the Job Description, please apply anyway - you may just be the right candidate for this or other roles in our wider team.