Responsible for delivering information security and risk activities for the specialism, using advanced technical capabilities to lead changes to security processes and procedures, review complex security issues, lead security solutions from identification to implementation, ensure adherence to policies, standards and best practices and provide technical expertise to internal and external stakeholders.
Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security.Role Synopsis:
The Security Operations Centre is the face of Digital Security to the wider BP and the Lead SOC Specialist will be responsible for supporting the BP SOC as an advanced escalation point for the Analysts and Senior Analysts, conducting advanced analysis and remediation, working closely with other Counter Threat Unit Specialists and leadership.
The post holder will be expected to have some managerial responsibilities and be able to deputise for the Head of SOC.Key Accountabilities:
Security Monitoring & Response:
- Serve as a lead specialist and point of escalation for SOC Analysts and Senior Analysts
- Perform malware analysis using sandbox technologies or basic reverse engineering techniques for macros and scripts
- Perform advanced event and incident analysis including initial forensics when required
- Coordinate immediate triage activities as required
- Ensure that all identified events are promptly validated and thoroughly investigated
- Remain current on cyber security trends and intelligence (both open-source and commercial) in order to guide security analysis within the SOC team
- Provide oversight and guidance to SOC colleagues and fulfil SOC manager responsibilities in the absence of the SOC manager
- Ensure and support 24x7 Operational support; on a rotating shift schedule (may include evening and/or overnight shifts/ public holidays)
- Manage incidents including preliminary forensic analysis or advanced support as required
- Work with BP-CERT team to analyse, escalation and support remediation of critical incidents
Assist with Business Integrity incidents as required:
- Forensics and Incident Triage
- Collect volatile data for forensic analysis
- Assist with the deployment of Local Incident Response Kits to locations with affected systems
- Establish baseline and initial timeline for incidents
- Ensure appropriate level of analysis and documentation is completed within the SOC for escalations to CERT
- Bachelor's degree in Computer Science, Cyber Security or equivalent educational or professional experience and/or qualifications.
- CompTIA Security + certification
- SANS GCIA or GCIH
Essential Experience and job requirements:
- COMP TIA certifications
- SANS FOR610 or SANS FOR508 or SANS FOR500
The successful candidate will have gainedprevious SOC experience in a dedicated company SOC within a senior analytical role, with a strong ability to perform advanced event and incident analysis including initial forensics when required.You will haveperformedmalware analysis using sandbox technologies or basic reverse engineering techniques for macros and scripts and be confident inincident handling and vulnerability management or testing, log analysis andintrusion detection.
Experience in the following:
- Successfully operated as a Level Senior SOC analyst
- Recognised at a minimum as an IT&S expert
- Hands-on experience with SIEM technologies, IDS/IPS network and host based firewall technologies and anti-virus solutions
- Detail oriented, with a strong desire to understand the what as well as the why and the how of security incidents
- A desire to lead a team by example, assist and mentor others
- Experience in system administration and troubleshooting of Windows and (preferably) UNIX/Linux variants
- Network operations capabilities including demonstrable knowledge of underlying components of routers, switches and supporting services such as DNS and DHCP as well as proficiency in IP protocols/ports and TCP/UDP packet header and payload analysis
- Demonstrable ability to think beyond the immediate situation and use critical thinking, context and judgment in the analysis of complex data sets and events. Actions will vary but most often will require development of a course of action or response to identified threats.
- Ability to work under pressure including crisis situations while maintaining a high degree of attention to detail