Skills: IT - Programming & Database
Education: High School/Secondary
Employment Type: Full Time Salaried Employee
Location: Sunbury-on-Thames, England, United Kingdom
bp are looking for two Red Team Analysts to join us in our Sunbury offices on a permanent basis, working within our Cyber Emergency Response Team.
You'll be responsible for providing assurance by reducing the uncertainty regarding cyber detection and defence capabilities using adversarial cyber-attack & exploitation techniques. The Red Team Analyst will plan and execute engagements that test specified threat scenarios against bp's businesses and/or internal security systems. This will involve the emulation of threat actors to discover security weaknesses in people, processes and technology. The secondary tasks will also include utilizing technical expertise (up to and including system forensics), during cyber related investigations. This mission is critical to the protection of bp assets, customers, brand and shareholder value.
These will be working Monday-Friday and will involve international travel up to 20% of the year.
- Engage relevant partners to develop Red Team proposals, establish execution plans and prioritize engagement using a risk-based approach
- Execute testing utilizing the latest tactics, techniques and procedures of sophisticated adversaries
- Develop final report and presentations to debrief Information Security Officers, decision makers and various business partners
- The role is further responsible for conducting and measuring cyber readiness and defence capability testing
- Support incident investigations with forensic analysis.
- Formal education and degree in Information Security, Cybersecurity, Computer Science or similar and/or commensurate demonstrated work experience in the same
- Proficient in system exploits (e.g. host-based controls bypass), network exploitation (e.g. scanning, evasion, MiTM, etc.), Wi-Fi hacking, mobile platform and application hacking (e.g. Android or IOS) or web application exploitation (SQL Injection, RFI, XSS, logic flaws, etc.)
- Validated experience of vulnerability assessments or penetration testing
- Superb communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external partner groups.
- Programming and/or scripting in multiple languages: Python, Java, PHP, Ruby, Perl, Bash, or similar languages
- Membership of a technical or professional body or formal certification (e.g. CISSP, C|EH, GWAPT, GIAC, OSCP).
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.