SIEM Software Engineering Lead

Overview

Recruiter:
Mia James

Career Grade: D

Internal Closing Date: 26th Sept 2025

Why this job matters

The new Network SIEM is essential to BT's network security, meeting TSA requirements and improving our CAF level. Being the SIEM Dev Ops with Sys Ops Software Engineer you will play a critical role in designing, developing, implementing, and maintaining our strategic SIEM platform as part of the Security Engineering platform team, leading the implementation of the SIEM Automation strategy and providing guidance and oversight of the SIEM Platform Automation team.

This role is hybrid (3 days in the week) and can be based in one of the following offices:
Birmingham, Manchester, Ipswich (Ipswich only applicable to existing BT employees)

• Kubernetes Dev Ops/Sys Ops Engineering role managing Kubernetes clusters and container orchestration, automating deployment, scaling, and management of containerized applications.
• Implement best practices for Kubernetes configuration and security.
• Configuration, deployment and maintenance of Elastic Stack on Kubernetes (ECK)
• Work with log Collection Tools and Technologies (Beats, Elastic Agent, Logstash), syslog and other data collection protocols
• Dev Ops/Sys Ops Engineering collaborating with cross-functional teams (development, operations, and QA) to streamline software delivery and automating deployment pipelines using CI/CD tools
• Troubleshoot issues along the CI/CD pipeline
• Technical leadership working in a high performing team of engineers delivering state of the art security tools for BT.
• Be an active member of the SIEM/CDP log onboarding team, delivering SIEM/CDP functionality in line with the requirements.
• Act as product owner, breaking down top level requirements into product backlogs as part of quarterly/sprint planning
• Lead on several complex technical deliverables ensuring work is completed on time and within budget
• To continually develop professional cyber skills and awareness, to always remain ahead of our attackers, and develop the skills of others in the unit
• To own / provide input into development and implementation of operational, processes policies and procedures, including platform and Sec Ops processes.
• Proactively drive forward continuous improvement within the team
• To be/become a recognized expert in at least one Cyber technology
• Interface with program and project managers to ensure appropriate security architecture engagement as necessary.
• Provide effective technology coaching and mentoring both inside and outside the team.
• Growth mindset and a desire to learn, teach, and improve skills.
• Previous ownership of mission-critical shared infrastructure

Essential:

• End-to-End Solution Delivery:
  Expertise in taking ownership of a requirement from start to finish, including gathering detailed requirements, designing, and implementing robust, innovative solutions.
• Experience with containerization technology and orchestration platforms e.g. Docker, Kubernetes
• Hands-on experience in installing, configuring, operating, and monitoring CI/CD pipeline tools
• Experience in Python, JavaScript, Golang.
• Vast working experience on Gitlab CI or Git Hub Actions
• Experience in monitoring tools as Grafana, ELK
• Experience in Agile software development systems and JIRA Tools.
• Understanding IT, network services and security
• Ability to collaborate effectively with others to drive forward key security objectives
• Strong communication skills including presentation and documentation writing (to both technical and business audiences)
• An aptitude for autonomous learning as required by the demands of the business
• Proven problem-solving abilities
• Assertiveness, and the ability to drive through change
• Excellent team working skills including the ability to work effectively within a geographically disparate team

Advantageous:

• SIEM Experience with Elastic Stack (ELK)
• Knowledge of ArgoCD, Terraform
• Knowledge CI/CD tools Ansible, Circle CI, Jenkins, Parker, Terraform
• Knowledge of Offensive testing frameworks
• Message processing using Kafka, Rabbit MQ
• Knowledge of Linux, Windows and Network Administration
• Knowledge and experience of cloud services (public or private), Open Stack and K8S
• Dev Ops qualifications
• Knowledge of Telecoms Security Act (TSA)
• Knowledge of architectural concepts such as microservices, service mesh.
• Strong knowledge of security policy/regulatory frameworks

• Bachelor's/Master's degree in Computer Science, Information Systems, Engineering, or other related fields
• 5+ years experience in a Dev Ops Role demonstrating ownership of a critical platform
• Experience leading a Dev Ops squad proving oversight and leadership for the members.

• On target 10% on target bonus
• BT Pension scheme, minimum 5% Employee contribution, BT contribution 10%
• From January 2025, equal family leave: receive 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate. It's for all parents, no matter how your family is made up.
• Enhanced women's health support:…