Where you fit in
The Cyber Threat Prevention Lead will be an integral member of our in-house IDSO CRO Cyber Security Team and will have the opportunity to work on cutting-edge solutions to protect our organization's critical assets. This is an individual contributor role reporting to the Vulnerability Lead. If you are a highly skilled cyber-security professional with strong developer/scripting background and a passion for constant innovation and improvement on cyber, we encourage you to apply.What's the role?
As part of the CyberDefence capability, the Vulnerability team has the following main areas of focus:
What we need from you
- Design, develop, implement and maintain cyber security vulnerability management solutions, e.g. CyberDefence's End-to-End Asset Inventory
- Develop custom scripts and tools to automate vulnerability scanning and remediation processes, including analysis of risk and scripts aiming detection of 0day vulnerabilities
- Provide technical leadership and guidance to a team of developers, engineers and analysts
- Manage and prioritize workload for the team to ensure timely completion of projects
- Act as a reputed and respected Product Owner for part of the portfolio projects of the team
- Act as a reputed and respected IC for Risk Rating assessment by determining real risk of a given vulnerability for Shell, e.g. on all Microsoft Patch Tuesday CVEs, other vendors' CVEs and Zero-days
- Perform vulnerability assessments and develop reports to communicate findings to senior management, often scripted and automated - e.g. in Splunk Processing Language, Kusto Query Language or alike
- Collaborate with leadership skills with cross-functional teams to ensure the successful implementation of security solutions - e.g. Portfolio team, Strategy team, Leadership team, Software Engineering team
- Develop and maintain documentation on cyber security solutions and processes
- Act as a coach and leader for other ICs on the team
- Advanced knowledge of Splunk, including experience with the Splunk Search Processing Language (SPL) and Splunk Enterprise Security. Alternatively, strong knowledge of Databricks and/or Microsoft Kusto is required
- Experience with vulnerability management tools such as Nessus, Qualys, or Rapid7; including implementation at scale on complex environment of both remote scanning and agent-based scanning
- Experience with cloud security solutions such as AWS Security Hub, Microsoft Defender suite, or Google Cloud Security Command Center; Wiz, Shodan, CrowdStrike, FireEyeHX, CarbonBlack, etc.
- Strong understanding of security principles and best practices, including OWASP Top 10, CIS Controls, OSI layer, OPSEC techniques
- Ability to effectively communicate technical concepts to both technical and non-technical stakeholders
- Excellent problem-solving and analytical skills, e.g. automate complex reports, develop and automate execution of vulnerability testing scripts against 10.000+ devices
- Experience leading a team of developers, analysts and engineers. Good at story prioritization.
- Skilled at ESSA concept
- Bachelor's degree in Computer Science, Cyber Security, Math, or related field
- Extensive experience in IT and Substantial experience in Cyber Security
- Experience with container security solutions such as Docker Security Scanning or Kubernetes Security
- Experience with Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, Azure DevOps CI/CD, github Actions, git code version control
- Experience with identity and access management solutions such as Okta, Azure Active Directory, or AWS Identity and Access Management (IAM)
- Experience with passive vulnerability scanning solutions for OT domain
- Experience with ServiceNow SecOps VR module
- Requirement to have one or more of the following certifications: CISSP, CISM, CCSP, AWS Certified Security
- Specialty, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer, Azure Certified Architect Expert, AWS Certified Architect Expert level, OSCP, or any other cyber-security specialty certification
- Desired to have at least one of these certifications: Splunk Certified Power User, Splunk Certified Administrator, Splunk Certified Architect, Cyber Security Master degree, Azure Cybersecurity Architect Expert, or similar Expert-level certification on a cyber-security or software development area
- Appetite to maintain over time and acquire more cyber-security 'specialty' certifications, like vendor-based certifications (e.g. ServiceNow VR, Rapid7, Wiz, Splunk, Microsoft, etc)
Shell Nederland BV is a platform for international collaboration, with Shell offering direct employment to around ten thousand people in the Netherlands alone, including roughly 2,800 non-Dutch employees from around 80 countries. Diversity is key at Shell Nederland, and our employees reflect the innovation that stems from a diverse workforce. By joining Shell Nederland, you will benefit from an unrivalled industry-leading development programme that will see you tap into a pool of expert knowledge that will help propel your career. Shell Nederland is the holding company of most Shell companies operating in the Netherlands. Shell Nederland also has an advisory and coordinating role in numerous areas.An innovative place to work
There's never been a more exciting time to work at Shell.
Join us and you'll be adding your talent and imagination to a business with the ambition to shape the future - whether by investing in oil, gas and renewable energy to meet demand, exploring new ways to store energy, or developing technology that helps the world to use energy more efficiently, everyone at Shell does their part.An inclusive place to work
To power progress, we need to attract and develop the brightest minds and make sure every voice is heard. Here are just some of the ways we are nurturing an inclusive environment - one where you can express your ideas, extend your skills, and reach your potential.
A rewarding place to work
- We're creating a space where people with disabilities can excel through transparent recruitment process, workplace adjustments and ongoing support in their roles. Feel free to let us know about your circumstances when you apply, and we'll take it from there.
- We're closing the gender gap - whether that's through action on equal pay or by enabling more women to reach senior roles in engineering and technology.
- We're striving to be a pioneer of an inclusive and diverse workplace, promoting equality for employees regardless of sexual orientation or gender identity.
- We consider ourselves a flexible employer and want to support you finding the right balance. We encourage you to discuss this with us in your application.
Combine our creative, collaborative environment and global operations with an impressive range of benefits and joining Shell becomes an inspired career choice.
We're huge advocates for career development. We'll encourage you to try new roles and experience new settings. By pushing people to reach their potential, we frequently help them find skills they never knew they had, or make career moves they never thought possible.