You are Required to have
Your Accountabilities Team
- Experience with attacker tactics, techniques and procedures (TTP's)
- Knowledge of both Windows and Linux operating systems in regard to host-based forensics and analysis
- Knowledge of cloud platforms such as AWS and Azure
- Experience with many different types of log sources such as firewall, web and database to identify evidence, trends, patterns and artifacts of anomolous activity
- Understand network communications and protocols
- Ability to communicate effectively and document investigative findings in a clear and concise manner
: You will lead and coordinate the response to digital security incidents through the initial triage phase and provide support to business and IT teams as they work to close identified gaps. This involves ensuring that threats are contained in a timely way to minimize the risk to BP's information assets, data and services. You will also participate in post-incident reviews assessing the effectiveness of controls, monitoring and responses to maximize lessons learnt and improve BP's cyber resilience. Relationships
: You will build and maintain close working relationships with the segment Heads of Digital Security, Information Security Officers, Intelligence, Security & Crisis Management, Business Integrity, Group Communications, etc. and key strategic suppliers whose support and knowledge are vital in delivering the remediation of security events and incidents.Security
: You will enhance the design, documentation, and implementation of incident response processes, procedures, guidelines, and solutions. You will maintain a strong awareness of technology, emerging cyber threats and industry best practice to enhance incident response.Safety and Compliance
: The safety of our people and customers is our highest priority. We will champion a culture of operational safety and ensure our architectures, designs and processes enhance and improve our digital security. Essential Education
Essential Experience and Job Requirements
- You'll have a degree or technical certification (SANS, Cyber Security, CISSP)
- Alternatively, you could have at least 3 years' direct working experience
- You will have significant relevant experience in an cybersecurity, with a focus specialization in digital forensics and response
- You will have advanced technical knowledge and experience of delivering security solutions. This includes providing technical advice and overseeing security processes
To reimagine energy for people and our planet. We want to help the world reach net zero and improve people's lives. We will aim to dramatically reduce carbon in our operations and in our production, and grow new low carbon businesses, products and services. We will advocate for fundamental and rapid progress and strive to be a leader in transparency.
Join us in creating, growing, and delivering innovation at pace, enabling us to thrive while transitioning to a net zero world. All without compromising our operational risk management. The Role
Do you have the desire to work in highly technical and fast paced environment to identify, investigate and defend against top tier cyber threat actors? Do you want every workday to be different? The bp Cyber Emergency Response Team (bp-CERT) is a global team comprised of incident responders and forensic experts in London, Houston and Singapore. bp-CERT sits within the Counter Threat & Intelligence Unit (CT&I) within Digital Security. bp-CERT's primary mission is to respond to digital security incidents globally, conduct forensics, conduct advanced threat hunting and support insider threat investigations.
As a Forensic and Incident Response Lead, you will be responsible for being the primary responder on a variety of digital security incidents. bp has a OneTeam approach, so you'll be supported by your colleagues across the globe. You will have a variety of sophisticated tools, log sources and intelligence at your disposal to investigate these high-profile cyber incidents.
You will need the leadership mentality to influence people, direct and coordinate discussions to quickly identify risks and impact in fast-paced demanding situations.
Core role responsibilities include:
- Work across SOC, Cyber Threat Intelligence, Red Team, Engineering Team and others to bring together a holistic view of incidents
- Conduct investigations on high-priority incidents to include functions such as host (disk and memory) forensics, network forensics and log analysis
- Conduct advanced threat hunting by using threat intelligence and the MITRE ATT&CK framework to proactively identify suspicious activity in the environment
- Support insider threat investigations through the use of innovative techniques and use cases
- When not actively responding to incidents, other key items within the role include: development of documentation and processes such as playbooks, refining your skills through training opportunities and identifying and enhancing the capabilities of the team by developing opportunities for automation (i.e. custom scripts and tool integration)
If you are selected for a position in the United States, your employment will be contingent upon submission to and successful completion of a post-offer/pre-placement drug test(and alcohol screening/medical examination if required by the role) as well as pre-placement verification of the information and qualifications provided during the selection process. The drug screen requires a hair test for which BP must be able to obtain a sufficient hair sample for analysis (~4 cm/1 ½" scalp, or > 2 cm/¾" body - arms & armpits/legs/chest)
As part of our dedication to the diversity of our workforce, BP is committed to Equal Employment Opportunity. Applicants will receive consideration for employment without regard for race, color, gender, religion, national origin, disability, veteran status, military status, age, marital status, sexual orientation, gender identity, genetic information or any other protected group status. We are also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us or have one of your representatives contact us at BPUSApplicationAssis@bp.com
; or by telephone at 281.366.1999.
Read the Equal Employment Opportunity is the Law poster
and the poster supplement
- for more information about Equal Employment Opportunities. (Spanish version
BP is an equal employment opportunity and affirmative action employer. View our policy statement