Cyber SOC Analyst; 1st line

Position: Cyber SOC Analyst (1st line)
# Cyber SOC Analyst (1st line)
Job Req  Date: 13 Jan 2026

Function:
Cyber Security Unit:
Networks

Location:

Assembly, Bristol, United Kingdom Salary:
Competitive with Great Benefits##
** Why this job matters
** BT Group’s brand, reputation and ability to serve its customers and grow its business is founded on a strong security posture and ability to defend against harm and minimise risk. You are responsible for the implementation and operational delivery of an intelligence led Security Operations Centre (virtual) as defined by the Cyber Security Strategy that will defend BT globally from Cyber adversaries.

You will be apart of our 1st line operations who act as first point of contact in to Cyber Operations for internal and external stakeholders. Working with specialists across the Cyber SOC areas  which cover PBT Threat Hunting, Security Incident Response, Cyber Discovery, Cyber Forensics & Investigations & Cyber Intelligence. You will be involved in maintaining a capability that will leverage tools, data and our ‘ringside seat’ to proactively find threats and vulnerabilities within BTs networks and endpoints focused around a specific set of MITRE TTP’s.
** This role follows continental shift pattern & is based in Bristol**##
** What you’ll be doing
*** Part of the reactive 1st line team triaging security events and effectively managing Cyber Security issues.
* Monitor, analyse and defend against malicious or unusual activity that could be indicative of a security incident or compromise.
* Support the wider SOC team’s goal is to detect, analyse, investigate and respond to cybersecurity incidents using a combination of cutting-edge technology and a strong set of processes.
* Proactively triaging Intelligence and collaborating with the intelligence domain for reports and tippers.
* Contribute to continual improvement of BT's capability to operationally exploit tools and data to better Protect BT, its business and reputation.
* To support and maintain the ISO
27001 certificate for the SOC that is in scope of the BT Business Support certificate
* Responsible for working as part of the 24x7 Security Operation Centre (SOC) environment, covering 12 hr shifts both day and night shifts.
* Within night shift, accountable for triaging, investigating and carrying out containment actions to defend BT group accordingly.
* Carrying out correct prioritisation of risk and initiation the call out escalation process where required.##
** Skills Required for the Role
*** A genuine enthusiasm and drive to work within Cyber Security
* Ability to multi-task, prioritize, and manage time effectively
* Calm & Decisive under pressure: effective at driving calm and effective response to cyber security issues
* Communication, Visual & Written skills:
Very strong communication, visual & written skills, Proficient in Microsoft Office Applications
* Drive to learn: ability to learn while on the job and upskill with intense training pathways to be proficient in various security tooling.
* Influencing skills:
Ability to persuade, influence and motivate others, with the right sense of urgency, without having formal authority.
* Building External Relationships: partner relationships with other SOCs (peers, customers and vendors) and National Cyber Security Centre operations
* Basic understanding of security methodologies and processes, and/ or networking knowledge.
* knowledge of current real world cyber-attacks and impacts and how this could relate to BT Group.
* Understanding of Mitre ATT&CK Framework TTP’s
* Familiarisation with legal frameworks and relevant BT policies governing specialist cyber investigation techniques and evidential standards, understanding how to seek appropriate advice.
* Security Clearance: ability to obtain and maintain SC may be needed in the future.##
** Experience Required for the Role
*** Understanding of current Cyber Security threats to our industry & motivation to protect BT from malicious adversaries.
* Experience working within a team
* Experience working within a IT/Network/SOC environment (not essential)
* Knowledge of MITRE ATT&CK and its importance
* Understanding of current Cyber Security threats to our industry
*…