Entity:

Technology

Job Family Group:

IT&S Group

Job Description:

Our purpose is to deliver energy to the world, today and tomorrow. For over 100 years, bp has focused on discovering, developing, and producing oil and gas in the nations where we operate. We are one of the few companies globally that can provide governments and customers with an integrated energy offering. Delivering our strategy sustainably is fundamental to achieving our ambition to be a net zero company by 2050 or sooner!

About the role:

The Cyber Security Incident Response Specialist would be member of CSIRT, part of Counter Threat & Engineering (CT&E) function, responding to cyber threats and security incidents globally. The team operates out of bp hubs in Houston (U.S), Sunbury (U.K), Kuala Lumpur (Malaysia), Pune (India), and Singapore. The Security Operations Center (SOC) raises incidents to CSIRT, which responds to the incidents by conducting investigations using digital forensics, advanced techniques, and collaborating across bp. Team members must understand bp’s business segments and address a broad range of security-related questions. You will help ensure enterprise security, enabling safe and secure business operations as part of this global team.

The CSIRT is part of our wider CT&E team that is responsible for protecting bp against cyber threats. This role also requires you to be on an on-call Rota few times throughout the year.

What you will deliver:

• Support the bp SOC as an escalation point for security events and incidents.

• Conduct digital forensic investigations on high-priority incidents to include functions such as host (disk and memory) forensics, network forensics and log analysis.

• Work across Digital Security and the bp business functions to partner on incidents and to ensure all appropriate actions are being taken and communicated.

• Conduct advanced threat hunting by using threat intelligence and the MITRE ATT&CK framework to proactively identify suspicious activity in the environment.

• Ensure data accuracy within the case management system and others.

• When not actively responding to incidents, other key responsibilities within the role include development of documentation and processes such as playbooks, refining your skills through training opportunities and identifying and enhancing the capabilities of the team by developing opportunities for automation (i.e., custom scripts and tool integration).

What you will need to be successful:

• Bachelor's or Master’s degree (e.g., Information Security, Cyber Security, Network Security, Information Assurance, Information Technology, Computer Science) or equivalent experience and/or qualifications.

• Experience with attacker tactics, techniques and procedures (TTP’s).

• Knowledge of both Windows and Linux operating systems to conduct host-based forensics and analysis.

• Knowledge of cloud platforms such as AWS and Azure.

• Experience with many different types of log sources such as firewall, web and database to identify anomalous activity.

• Understand network communications and protocols.

• Experience and deep knowledge of SIEM, EDR and other core cyber toolsets.

• Strong problem-solving skills as applied to technical solutions.

• Sound technical knowledge of security as applied to IT/OT networks, systems, and applications.

• Ability to communicate effectively and document investigative findings in a clear and concise manner.

Leadership and EQ

You embrace a culture of change and agility, evolving continuously, adapting to our changing world.

• You are an effective teammate, looking beyond your own area/organizational boundaries to consider the bigger picture and/or perspective of others, while understanding cultural differences.

• You continually enhance your self-awareness and seek input from others on your impact and effectiveness.

• Well organized, you balance proactive and reactive approaches and multiple priorities to complete tasks on time.

• You apply judgment and common sense – you use insight and good judgment to inform actions and respond to situations as they arise.

• You align with BP's Code of Conduct and demonstrate strong leadership through BP's Leadership Expectations and Values & Behaviours.

Desirable criteria

• COMPTIA Security+ / CYSA+ CASP+

• SANS Certification GSOC; GCIH; GCFA; GCFE; GCFR

• CISSP Certification and accreditation

• Certified Ethical Hacker – CEH

• Cisco Certifications (CCNA or similar)

Why join us?

At bp, we support our people to grow in a diverse and exciting environment. We believe that our team is strengthened by diversity.

There are many aspects of our employees’ lives that are meaningful, so we offer benefits to enable your work to fit with your life. These benefits can include flexible working options, a generous paid parental leave policy, excellent retirement benefits, among others!

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Reinvent your career as you help our business meet the challenges of the future. Apply now!

Travel Requirement

No travel is expected with this role

Relocation Assistance:

This role is not eligible for relocation

Remote Type:

This position is a hybrid of office/remote working

Skills:

Automation system digital security, Client Counseling, Conformance review, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialism

Legal Disclaimer:

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us.

If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.