Entity:

Technology

Job Family Group:

IT&S Group

Job Description:

Let me tell you about the role

Working with the Head of SOC, the SOC Lead - Team Lead, with responsibility for the management and development of a designated team of SOC Analysts - will,

• Support the bp SOC as a sophisticated issue point for SOC analysts.

• Support / handle customer issues from the analyst

• Lead technical investigations for security incidents within the SOC prior to CSIRT.

• Review data accuracy in all case management, whether in SIEM or Resilient

• Drive implementation of new capabilities in coordination with other DS teams.

• Coordinate and develop, train and coach SOC colleagues in all technical and investigative methodologies and practices.

What you will deliver

Incident and Case Creation and Tracking

• Ensure that all identified events are promptly recorded, validated and thoroughly investigated

• Ensure accurate use of Use Cases

• Establish baseline and initial timeline for incidents

Security Monitoring- Detection & Response

• Serve as a lead analyst and point of escalation

• Coordinate immediate triage activities as required

• Provide oversight and guidance to analysts.

• Encourage and support automation ideas

• Ensure appropriate level of analysis and documentation is completed within the SOC for escalations to CSIRT

• Lead SOC tours

• Lead and encourage others to carry out threat hunting

• Work with SDO on tuning and delivery of new in house capability.

What you will need to be successful (experience and qualifications)

• Bachelor’s degree in Computer Science, Business Administration or equivalent educational or professional experience and/or qualifications.

• CompTIA Security + certification

• 5 years of information security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, log analysis, intrusion detection

• Successfully operated as a Senior SOC analyst for a minimum of two years

• Hands-on experience with SIEM technologies, IDS/IPS network and host based firewall technologies and anti-virus solutions

• Excellent written and oral communication skills

• Self-motivated to improve knowledge and skills

• Demonstrated ability to share information inside as well as outside of the CTU team

• Detail oriented, with a strong desire to understand the what as well as the why and the how of security incidents

• A desire to lead a team by example, assist and mentor others

• Three plus years of experience in system administration and troubleshooting of Windows and (preferably) UNIX/Linux variants

• Network operations capabilities including proven knowledge of underlying components of routers, switches and supporting services such as DNS and DHCP as well as proficiency in IP protocols/ports and TCP/UDP packet header and payload analysis

• Able to think beyond the immediate situation and use critical thinking, context and judgment in the analysis of complex data sets and events. Actions will vary but most often will require development of a course of action or response to identified threats.

• Ability to work under pressure including crisis situations while maintaining a high degree of attention to detail.

• Experience responding to customer requests including senior management and executives.

• Ability to quickly learn and adapt to new technologies and processes in a rapidly changing environment.

About bp

bp is a global energy business with a purpose to reimagine energy for people and our planet. We aim to be a very different kind of energy company by 2030, helping the world reach net zero and improving people’s lives. We are committed to creating a diverse and inclusive environment where everyone can thrive. Join bp and become part of the team building our future!

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Travel Requirement

No travel is expected with this role

Relocation Assistance:

This role is not eligible for relocation

Remote Type:

This position is a hybrid of office/remote working

Skills:

Antivirus Software, Firewall Security, Incident Handling, Incident management, incident investigation and response, Incident Response, Information Security, IPS/IDS, Operations Security, Security Management, SIEM Tools, SOC Operations, Stakeholder Management

Legal Disclaimer:

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us.

If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.