Incident Response Lead (SOC/CERT)

Job title:

Incident Response Lead (SOC/CERT)

Company

BP

Job description

Entity: Innovation & EngineeringJob Family Group: IT&S GroupJob Description:The incident response team is 24x7x365 and has team members in London, Houston and Singapore. The IR team sits within Cyber Defense and responds to digital security incidents globally for bp. The IR team is comprised of the SOC and the CERT.The Security Operations Center (SOC) is responsible for supervising and responding to incidents, performing initial triage and response, and raising serious threats to members of the Cyber Emergency Response Team (CERT) and the various business entities in bp. The CERT conducts longer term technical investigations through digital forensics and other advanced techniques. The candidate must be knowledgeable about the business segments and be able to answer, or direct to others, security-related questions covering a wide range of topics.This is a hybrid SOC/CERT Role. As an Operational Management Lead, you will split your time by supporting both the SOC and CERT, depending on where Incident Response resources are needed.Collaborating with the Head of Incident Response, you will work as part of the global team to provide security across the enterprise that enables business activity and promotes safe and secure operations.Key Accountabilities:Support the bp SOC as an advanced escalation point for analysts and provide SOC coverage as needed.Conduct digital forensic investigations on high-priority incidents to include functions such as host (disk and memory) forensics, network forensics and log analysis.Conduct advanced threat hunting by using threat intelligence and the MITRE ATT&CK framework to proactively identify suspicious activity in the environment.Ensure data accuracy within the SIEM, case management system and others.When not actively responding to incidents, other key responsibilities within the role include development of documentation and processes such as playbooks, refining your skills through training opportunities and identifying and enhancing the capabilities of the team by developing opportunities for automation (i.e., custom scripts and tool integration)Essential Education:Bachelor’s degree (Information Security, Network Security, Information Assurance, Information Technology, Computer Science) or equivalent experience and/or qualifications.Essential Experience:Experience with attacker tactics, techniques and procedures (TTP’s)Knowledge of both Windows and Linux operating systems to conduct host-based forensics and analysisKnowledge of cloud platforms such as AWS and AzureExperience with many different types of log sources such as firewall, web and database to identify anomalous activityUnderstand network communications and protocolsKnowledge of SIEM, EDR and other core cyber toolsetsStrong problem-solving skills as applied to technical solutionsSound technical knowledge of security as applied to IT/OT networks, systems, and applicationsStrong stakeholder management skillsAbility to communicate effectively and document investigative findings in a clear and concise mannerLeadership and EQ:You embrace a culture of change and agility, evolving continuously, adapting to our changing world.You are an effective teammate, looking beyond your own area/organizational boundaries to consider the bigger picture and/or perspective of others, while understanding cultural differencesYou continually enhance your self-awareness and seek input from others on your impact and effectivenessWell organized, you balance proactive and reactive approaches and multiple priorities to complete tasks on timeYou apply judgment and common sense – you use insight and good judgment to inform actions and respond to situations as they ariseYou comply with BP’s Code of Conduct and demonstrate strong leadership through BP’s Leadership Expectations and Values & BehavioursDesirable criteria:

• COMPTIA Security+ / CYSA+ CASP+
• SANS Certification GSOC; GCIH; GCFA; GCFE; GCFR
• CISSP Certification and accreditation
• Certified Ethical Hacker – CEH
• Cisco Certifications (CCNA or similar)
• Similar/ higher certifications

Additional Information:bp has embarked on an ambitious plan to modernize and transform as an integrated energy company, using digital technologies to drive efficiency, effectiveness, and new business models. Our IR team is part of our wider Cyber Defense team that is responsible for protecting bp against cyber threats. This post will be located at the UK offices in Sunbury. This role requires 60% of the work week in our local bp offices while up to 40% can be remote. This role also requires the successful candidate be on an on-call Rota several times throughout the year. At bp, we support our people to learn and grow in a diverse and exciting environment.Why Join our team?At bp, we provide an excellent working environment and employee benefits such as an open and inclusive culture, a great work-life balance, tremendous learning and development opportunities to craft your career path, life and health insurance, medical care package and many others.We support our people to learn and grow in a diverse and exciting environment. We believe that our team is strengthened by diversity. We are committed to crafting an inclusive environment in which everyone is respected and treated fairly.There are many aspects of our employees’ lives that are significant, so we offer benefits to enable your work to fit with your life. These benefits can include flexible working options, collaboration spaces in a modern office environment, and others benefits.Reinvent your career as you help our business meet the challenges of the future. Thinking about applying? Learn more about our amazing discretionary to help you get the most out of work and life.Apply now!Travel Requirement No travel is expected with this roleRelocation Assistance: This role is not eligible for relocationRemote Type: This position is a hybrid of office/remote workingSkills: Automation system digital security, Conformance review, Consulting, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialismLegal Disclaimer:We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with disabilities may request a reasonable accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an accommodation related to the recruitment process, please to request accommodations.If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.

Expected salary

Location

Sunbury, Surrey

Job date

Thu, 25 Apr 2024 22:33:22 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (jobsnear.org) you saw this job posting.