Lightsource bp
Lightsource bp is a global solar leader working with utilities, businesses, local communities and governments to help meet the demand for sustainable energy.
Job Title: Senior Cyber Security Analyst
Department: Technology & Operations | IT | Cybersecurity
Reporting to: Cyber Security Lead
Location: London
About Lightsource bp
Lightsource bp is a global leader in the development and management of solar energy projects. We are a 50:50 joint venture with bp with a mission to help drive the world’s transition to low carbon energy.
With solar set to increase tenfold in the next 20 years, we are well-positioned to capitalize on this growth. By joining the Lightsource bp team, you will ‘be the change’ on the world’s energy transition to a more sustainable future.
What You’ll do (the role)
Summary
We are looking for a dynamic, hands-on senior analyst who will be responsible for monitoring cyber risk and facilitating the remediation of identified vulnerabilities for IT systems across Lightsource bp. The ideal candidate will have extensive experience in cybersecurity, a strong understanding of threat landscapes, and the ability to mentor junior analysts. This role will leverage global resources and tools to develop business cyber maturity, with a strong focus on the Microsoft security stack.
- Continually monitor the organization’s security systems and related infrastructure for signs of compromise
- Proactively make use of available toolsets such as Azure Sentinel, Defender XDR, Cisco Secure Access, Purview and Tenable to hunt for issues, using threat intelligence relevant to the organisation
- Assess new threats to the business, seeking to optimise existing technology to better counter the issues identified
- Identify vulnerabilities in our systems and applications, working alongside Infrastructure, Digital Workplace and Support teams to proactively patch and remediate in a timely manner
- Working via Cyber Security Managers, communicate to stakeholders around the business and provide timely updates during an investigation.
- Ensure all security events are investigated and documented to completion
- Support the development and enforcement of cloud security policies, standards and procedures. Ensure alignment with industry standards (e.g., NIST, CIS), regulations, and best practices.
- Managing the core SecOps tooling platforms, ensuring they are correctly configured and maximizing security value from existing investments
- Understand the key risks the organisation faces, the key tactics techniques and procedures that likely threat actors will use and create mitigation options to overcome them.
- Designing, producing and maintaining high quality configuration documentation for all technologies in your area of responsibility
- Generate reports for both technical and non-technical staff and stakeholders
- Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues
Who we’re looking for
Knowledge
- EDR – Defender for Endpoint, Defender for IoT and Crowdstrike
- Data Governance – Purview
- IDAM - Entra
- Device Management - working understanding of Intune including MDM/MAM
- Networking/Firewalls – exposure to Cisco FirePower and Cisco Meraki desirable
- Good understanding of ISO27001 and Cyber Essentials Plus requirements required
- Knowledge of NIST Cyber Security Framework required
- Knowledge of NERC CIP and/or SOCI standards desirable
- Knowledge of IEC 62443 OT standard desirable
- ITIL Knowledge - Good understanding of ITIL principles and their application required
Qualifications
- Bachelor’s degree in Computer Science, Information Security, or a related field.
- Azure Security Engineer (AZ-500), Certified Cyber Professional (CCP), Certified Information Systems Security Professional (CISSP), CompTIA Security+, GCIA, GCIH
Experience
- Extensive experience in managing and utilizing Azure Sentinel, Defender XDR, Defender for Cloud Apps and Defender for Cloud/EASM
- At least five years’ experience in security incident handling and security incident response
- Demonstratable experience of working in an Azure focused cloud environment.
- Proven experience of understanding and responding to cyber threats
- Expertise in information security technologies: Firewalls, intrusion detection, vulnerability assessment tools, logging solutions, gateway security products, end-point security products, authentication mechanisms, etc.
- Experience of the Cyber Kill Chain, MITRE ATT&CK and other information security defence and intelligence frameworks.
- OT Cyber Security experience is desirable but not required
- Experience in stakeholder management and engagement to C-Suite level.
- Experience working for Critical National Infrastructure (CNI) Organisations
What challenges can you expect in this role?
- Required to interface with multiple business areas
- Global focus with an expanding workforce, technology stack and small team of talented individuals geographically spread
- Continued convergence of IT and OT worlds, creating new challenges in security
- Growing requirement to understand different regulations worldwide and how they impact on cyber security demands.
Why you’ll make a great member of the team
- Enjoys being the subject matter expert (SME) and being proactive in pushing improvement opportunities, ability to interact with multiple functions and teams worldwide
- A genuine enthusiasm and passion for Cyber Security
- Ability to deal calmly with pressurized situations
- Enjoys the challenge of working for an exciting fast-paced organization that is truly global in scope
- Identifies with our core values
Why you’ll want to work for us
Our company is a place where you can be yourself and grow; a place where your ideas and opinions matter.
We pride ourselves on being an inclusive community, where every individual is valued and treated with respect.
Our culture is driven by our core values. From operating safely to ensuring our solar projects are responsible and promote biodiversity.
Alongside a competitive salary, we offer a variety of benefits including annual bonus, retention bank, health insurance, pension and other local benefits.
Beyond your day-to-day working life at Lightsource bp, there’s a variety of initiatives that will contribute to your own personal development. Initiatives to get involved with including our charitable causes, supporting our solar honey project or our net-zero by 2025 campaign.
Our Core Values
Lightsource bp truly cares about creating a sustainable future through safe, responsible and meaningful low carbon energy projects. Our core values of Safety, Integrity, Respect, Sustainability and Drive are the guiding principles for everything we do.