Cyber Security Incident Response Team (CSIRT) Analyst

Cyber Security Incident Response Team (CSIRT) Analyst

The Cyber Security Incident Response Team (CSIRT) sits within Cyber Defence and responds to a wide range of digital security incidents globally to protect bp. The CSIRT currently operates from several bp hub locations, including the US (Houston, Texas); the UK (London/Sunbury); and Malaysia (Kuala Lumpur); with resources in Pune, India and Singapore as well.

The Security Operations Center (SOC) raises incidents as needed to the CSIRT. The CSIRT conducts longer term investigations through the utilization of digital forensics, other sophisticated techniques and through partnerships across bp. The candidate must be knowledgeable about the various business segments and be able to answer, or direct to others, security-related questions covering vast topics!

You will work as part of the global workforce to provide security across the enterprise that enables business activity and promotes safe and secure operations.

Key accountabilities

• Support the bp SOC as an escalation point for incidents.
• Conduct digital forensic investigations on high-priority incidents to include functions such as host (disk and memory) forensics, network forensics and log analysis.
• Work across Digital Security and the bp business functions to partner on incidents and to ensure all appropriate actions are being actioned and communicated.
• Conduct sophisticated threat hunting by using threat intelligence and the MITRE ATT&CK framework to proactively identify suspicious activity in the environment.
• Ensure data accuracy within the case management system and others.
• When not actively responding to incidents, other key responsibilities within the role include development of documentation and processes such as playbooks, refining your skills through training opportunities and identifying and improving the capabilities of the team by developing opportunities for automation (i.e., custom scripts and tool integration).

Essential experience and job requirements:

• Bachelor's degree (e.g., Information Security, Network Security, Information Assurance, Information Technology, Computer Science) or equivalent experience and/or qualifications.
• COMPTIA Security+ / CYSA+ CASP+, SANS Certification GSOC; GCIH; GCFA; GCFE; GCFR, CISSP Certification and accreditation, Certified Ethical Hacker - CEH, Cisco Certifications (CCNA or similar) or similar/higher certifications.
• Experience with attacker tactics, techniques and procedures (TTP’s).
• Knowledge of both Windows and Linux operating systems to conduct host-based forensics and analysis as well as cloud platforms such as AWS and Azure.
• Experience with many various types of log sources such as firewall, web and database to identify anomalous activity.
• Understand network communications and protocols with knowledge of SIEM, EDR and other core cyber toolsets.
• Sound technical knowledge of security as applied to IT/OT networks, systems, and applications with ability to communicate effectively and detail investigative findings in a clear and concise manner.

Leadership and EQ

• You embrace a culture of change and agility, evolving continuously, adapting to our changing world.
• You are an effective teammate, looking beyond your own area/organizational boundaries to consider the bigger picture and/or perspective of others, while understanding cultural differences.
• You continually improve your self-awareness and seek input from others on your impact and efficiency.
• Well organized, you balance proactive and reactive approaches and multiple priorities to complete tasks on time.
• You apply judgment and common sense – you use insight and good judgment to advise actions and respond to situations as they arise.
• You align with BP's Code of Conduct and demonstrate strong leadership through BP's Leadership Expectations and Values & Behaviours.

What we offer:

It’s crucial to us that the differences we see in the world around us are reflected in our workplace. Who you are is what counts, not where you’re from or how you live your life. At bp, we support our people to learn and grow in a diverse and exciting environment. We believe that our team is strengthened by diversity. We are committed to encouraging an inclusive environment in which everyone is respected and treated fairly. There are many aspects of our employees’ lives that are meaningful, so we offer benefits to enable your work to fit with your life. These benefits include:

• Generous salary package including an annual bonus program and individual performance-based incentives with additional EPF contributions totaling 15%.
• Excellent work-life balance & flexible working arrangements.
• Collaborative environment that celebrates achievements, diversity, and culture!
• Ongoing career development and progression opportunities in a global organization.
• 16 weeks paid parental leave (4 weeks partner leave).

Travel Requirement:

Up to 10% travel should be expected with this role.

Relocation Assistance:

This role is not eligible for relocation.

Remote Type:

This position is a hybrid of office/remote working.

Skills:

Automation system digital security, Client Counseling, Conformance review, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialism.

Legal Disclaimer:

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us.

If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.