Cyber Security Incident Response (CSIRT) Specialist
Entity: Technology Job Family Group: IT&S Group Job Description: About us Our purpose is to bring together people, energy and markets to power and navigate a changing world. In a time of constant change and possibility we need new talent to pursue commercial opportunities, fueled by world-class insight and expertise. We're always striving for more innovative digital solutions, sustainable outcomes and closer collaboration across our company and beyond, and you could be part of that too. Together we continue to grow as the world's leading energy company! The Cyber Security Incident Response Team (CSIRT), part of Counter Threat & Engineering (CT&E), responds to digital security threats and incidents globally from bp hubs in Houston, Sunbury, Kuala Lumpur, Pune, and Singapore. The Security Operations Center (SOC) escalates incidents to CSIRT, which conducts long-term investigations using digital forensics, advanced techniques, and collaborating across bp. Team members must understand bp's business segments and address a broad range of security-related questions. You will help ensure enterprise security, enabling safe and secure business operations as part of this global team. Key Accountabilities:
- Support the bp SOC as an escalation point for security events and incidents.
- Conduct digital forensic investigations on high-priority incidents to include functions such as host (disk and memory) forensics, network forensics and log analysis.
- Work across Digital Security and the bp business functions to partner on incidents and to ensure all appropriate actions are being actioned and communicated
- Conduct advanced threat hunting by using threat intelligence and the MITRE ATT&CK framework to proactively identify suspicious activity in the environment.
- Ensure data accuracy within the case management system and others.
- When not actively responding to incidents, other key responsibilities within the role include development of documentation and processes such as playbooks, refining your skills through training opportunities and identifying and enhancing the capabilities of the team by developing opportunities for automation (i.e., custom scripts and tool integration)
Essential Education: Bachelor's degree (e.g., Information Security, Network Security, Information Assurance, Information Technology, Computer Science) or equivalent experience and/or qualifications. Desirible Criteria: COMPTIA Security+ / CYSA+ CASP+ SANS Certification GSOC; GCIH; GCFA; GCFE; GCFR CISSP Certification and accreditation Certified Ethical Hacker - CEH Cisco Certifications (CCNA or similar) Similar/ higher certifications Additional information: bp has embarked on an ambitious plan to modernize and transform as an integrated energy company, using digital technologies to drive efficiency, effectiveness, and new business models. The CSIRT is part of our wider CT&E team that is responsible for protecting bp against cyber threats. This post will be in Houston. This role requires 60% of the work week in our local bp offices while up to 40% can be remote. This role also requires the successful candidate be on an on-call Rota several times throughout the year. At bp, we support our people to learn and grow in a diverse and challenging environment. Why join bp: At bp, we support our people to learn and grow in a diverse and challenging environment. We believe that our team is strengthened by diversity. We are committed to encouraging an inclusive environment in which everyone is respected and treated fairly. There are many aspects of our employees' lives that are meaningful, so we offer benefits to enable your work to fit with your life. These benefits can include flexible working options, a generous paid parental leave policy, and excellent retirement benefits, among others! Travel Requirement Negligible travel should be expected with this role Relocation Assistance: This role is not eligible for relocation Remote Type: This position is a hybrid of office/remote working Skills: Consulting, incident investigation and response, Incident Management, Information Assurance, Information Security, Information security behaviour change, Risk Management, Stakeholder Management, Supplier Relationship Management, Supplier security management Legal Disclaimer: We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp's recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us. If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks. Apply tot his job Apply To this Job