Security Engineer Specialist

BT Group's ability to operate and protect the UK's national telecommunications infrastructure depends on strong, reliable and well governed privileged access controls. This role is critical to ensuring that access to live network applications is secure, auditable and resilient, reducing the risk of service disruption, cyber compromise and regulatory noncompliance. Operating within the requirements of the Telecommunications Security Act, this role directly contributes to protecting BT's customers, reputation and national services by building, running and maintaining the privileged access and identity services that engineers rely on to safely operate and change the network. The work has real world impact, supporting 24/7 live operations and ensuring that critical services remain secure, available and trustworthy.

This role is hybrid (3 days in office) & can be based in 1 of the following sites: Birmingham, Belfast, Bristol, Glasgow, London, Manchester, Sheffield

What you'll be doing

• Design, build, automate and operate TSA aligned Privileged Access Workstations, Privilege Access Management and Identity Access Management platforms supporting the live network and critical applications.
• Ensure platforms are secure, resilient and highly available, meeting agreed service levels and supporting 24/7 operations.
• Embed security controls by design, translating TSA and BT security requirements into implemented, testable technical controls.
• Monitor, maintain and continuously improve platform reliability, performance and security posture.
• Assess and manage security risk and control maturity, using threat modelling, security assessments, and resilience testing to inform design and investment decisions.
• Respond to incidents and service issues, participating in an on-call rota to support PAW, PAM and IAM services in live operation.
• Work closely with architecture, service and operations teams to deliver compliant, and operable secure access solutions.
• Produce and maintain technical documentation and compliance evidence to support TSA assurance and audit activities.
• Potential line management opportunities but not essential to have experience in it, + Windows/Linux server ecosystem.

• PKI.
• Identity Access Management.
• Firewalls/ VPN / ZTNA.
• Proxy servers.
• Privileged Access Management.
• PowerShell scripting and Ansible.

• Technical design, build and delivery.
• Writing security operating procedures.
• Security control integration.
• Security hardening & hygiene.
• Working in regulated environment
• 24/7 technical operations.

• Hands on engineering experience designing, building, automating, hardening as well as operating secure access and identity services for live, business critical environments.
• Comfortable making mistakes, learning from them, fixing them, and moving on.
• Experience producing clear technical documentation and compliance evidence to support audit and assurances activities.
• Understanding of identity, authentication, authorisation and/or privileged access concepts within enterprise and network centric environments.
• Confidence working across Windows and Linux platforms, directory services, networking and secure remote access technologies.
• Ability to operate calmly under pressure, troubleshoot complex technical issues and restore service safely on live systems.
• Strong collaboration skills.
• A proactive approach to learning, continuously developing technical depth across security technologies.
• Clear and effective communication skills, able to explain technical issues, risks and decisions to a range of stakeholders.

• On target 10% on target bonus
• BT Pension scheme, minimum 5% Employee contribution, BT contribution 10%
• From January 2025, equal family leave: receive 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate. It's for all parents, no matter how your family is made up.
• Enhanced women's health support: including help with menopause symptoms, cancer screenings, period care and more.
• 25 days annual leave (not including bank holidays), increasing with service
• 24/7 private virtual GP appointments for UK colleagues
• 2 weeks carer's leave
• World-class training and development opportunities
• Option to join BT Shares Saving schemes.