Entity:

Job Family Group:

Job Description:

You will work with

You will be working for response and management of cyber incidents, applying an intelligence-led approach for identification, mitigation, and rapid response to safeguard bp on a global scale. By applying lessons learned and data analytics, they establish engineering principles and improve the technology stack to continuously bolster bp's cybersecurity posture.

Let me tell you about the role

As an Azure Security Engineer, you will define and govern security standards and frameworks across bp’s Azure cloud environment, ensuring robust policy enforcement and continuous risk reduction. You’ll own the implementation of Azure security guardrails, posture management, and compliance monitoring using tools like Microsoft Defender products and Wiz.

This role is central to hardening Azure networks, automating security controls, and collaborating to embed security into every stage of cloud solution delivery. Your work will directly build bp’s cloud security governance and resilience.

What you will deliver

• Define and govern Azure security standards and guardrails across subscriptions, management groups, and landing zones—codified via Azure Policy/Initiatives.
• Own Azure security posture management: tune and operate controls and dashboards and Wiz for Azure; drive risk reduction with service owners through clear findings, SLAs, and automated remediation.
• Harden Azure network and perimeter: reference architectures and control baselines for NSGs/ASGs and segmentation patterns suitable for internet, partner, and private access scenarios.
• Detect, respond, and automate for Azure: detections and playbooks in Microsoft Sentinel (KQL analytics, Logic Apps automation), integration with Wiz Defend and bp’s forensic/incident processes; support to Unity reviews and develop assessments for Azure solutions.
• Measure and communicate compliance: define methods to continuously supervise alignment, publish scorecards and actionable metrics, and maintain clear documentation and mentorship for product and platform teams.

• Work with engineering teams to support the remediation and validation of vulnerability mitigations and fixes.
• Integrate security validations into continuous integration/continuous deliver (CI/CD) pipelines and develop scripts to automate security tasks.
• Maintain clear, detailed documentation of security procedures and policies, including how to embed and measure security on our cloud, infrastructure or data environments.

What you will need to be successful (experience and qualifications)

• Over three years of practical experience in Azure security engineering within large environments, including policy and guardrail develop and remediation in collaboration with delivery teams, with a comprehensive understanding of the Hub and Spoke architecture.
• Practical experience crafting, planning, productizing, maintaining and detailing reliable and scalable data, infrastructure, cloud and/or platform solutions
• Proven expertise with Microsoft Defender for Cloud (CSPM/CWPP) and a CNAPP (e.g., Wiz) to identify risks and orchestrate remediation across Azure subscriptions and landing zones
• Deep knowledge of Microsoft Entra ID (Conditional Access, MFA, PIM, Identity Protection, workload identities), Azure RBAC, and least‑privilege patterns.
• Solid grasp of network security in Azure: NSGs/ASGs, Private Link, Azure Firewall, WAF/App Gateway/Front Door, DNS/private endpoints, and Zero‑Trust segmentation patterns.
• Hands‑on with AKS security (Azure Policy for K8s, admission control, secrets, network, image provenance) and container security (Defender for Containers, ACR scanning, SBOM, signing).
• Proficiency in PowerShell and/or Python; strong Git field; ability to build reusable security templates, checks, and automations.
• Understanding of applicable frameworks and controls (NIST CSF/800‑53, ISO 27001, CIS Benchmarks) and how to map them to Azure controls and Defender regulatory compliance.
• Relevant certifications are a plus: AZ‑500, SC‑200 (Security Operations Analyst), SC‑300 (Identity and Access Administrator), SC‑100 (Cybersecurity Architect); broader credentials (e.g., CISSP/CCSP) welcome.
• Continuous learning approach; clear communicator who can create concise standards, patterns, and runbooks and influence product/platform teams without direct authority.

About bp

bp is a global energy business with a purpose to reimagine energy for people and our planet. We aim to be a very different kind of energy company by 2030, helping the world reach net zero and improving people’s lives. We are committed to creating a diverse and inclusive environment where everyone can thrive. Join bp and become part of the team building our future!

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Legal Disclaimer:

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us.

If you are selected for a position and depending upon your role, your employment may be contingent upon consistency to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.

Travel Requirement

Relocation Assistance:

Remote Type:

Skills:

Legal Disclaimer:

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us.

If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.