Security Engineer Lead

BT Group's ability to operate and protect the UK's national telecommunications infrastructure depends on strong, reliable and well governed privileged access controls. This role is critical to ensuring that access to live network applications is secure, auditable and resilient, reducing the risk of service disruption, cyber compromise and regulatory noncompliance. Operating within the requirements of the Telecommunications Security Act, this role directly contributes to protecting BT's customers, reputation and national services by building, running and maintaining the privileged access and identity services that engineers rely on to safely operate and change the network. The work has real world impact, supporting 24/7 live operations and ensuring that critical services remain secure, available and trustworthy.

This role is hybrid (3 days in office) & can be based in 1 of the following sites: Birmingham, Belfast, Bristol, Glasgow, London, Manchester, Sheffield

What you'll be doing

• Own the technical direction, delivery and operation of Privilege Access Workstations, Privilege Access Management and Identity Access Management platforms to deliver secure access to business critical TSA environments.
• Translate TSA and BT security requirements into implemented, auditable technical controls, embedding security by design.
• Lead threat modelling, security assessments and resilience testing to inform platform design and investment decisions.
• Ensure platforms are secure, resilient, highly available and operable, meeting agreed service levels.
• Provide authoritative security engineering leadership to architecture, service and operations teams.
• Own compliance, documentation and assurance evidence to support TSA audits and reviews.
• Lead incident response and recovery for PAW, PAM and IAM services, including on call escalation where required.
• Line manage and develop security engineers, setting standards, building capability and driving accountability.
• Drive continuous improvement across security engineering practices, automation and tooling.

• Strong experience leading the design and operation of PAW, PAM and/or IAM platforms in complex, live environments.
• Deep understanding of identity, authentication, authorisation and privileged access technologies.
• Proven ability to embed security controls by design and manage security risk pragmatically.
• Hands on background across Windows, Linux, identity services, networking and secure access technologies.
• Experience operating in 24/7 production environments, managing incidents and restoring service safely.
• Ability to clearly communicate technical risk, decisions and trade offs to senior stakeholders.
• Demonstrated people leadership, including coaching engineers and growing technical capability.
• Strong documentation skills, producing design artefacts and compliance evidence suitable for audit.

Experience Required for the Role

• Team leadership experience.
• Knowledge of any of the below is advantageous:

• Windows/Linux server ecosystem.
• PKI.
• Identity Access Management.
• Firewalls/ VPN / ZTNA.
• Proxy servers.
• Privileged Access.
• PowerShell scripting and Ansible.

• Technical delivery and operations.
• Security control integration, hardening & hygiene.
• Working in regulated environment
• 24/7 technical operations.

• On target 15% on target bonus
• Health Care
• Car Allowance
• BT Pension scheme, minimum 5% Employee contribution, BT contribution 10%
• From January 2025, equal family leave: receive 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate. It's for all parents, no matter how your family is made up.
• Enhanced women's health support: including help with menopause symptoms, cancer screenings, period care and more.
• 25 days annual leave (not including bank holidays), increasing with service
• 24/7 private virtual GP appointments for UK colleagues
• 2 weeks carer's leave
• World-class training and development opportunitiesOption to join BT Shares Saving schemes.