Forensics And Incident Response Lead

BP Houston , TX 77020

Posted 2 months ago

About BP

We are a global energy business involved in every aspect of the energy system. We have 75,000 employees in 80 countries, working towards delivering light, heat and mobility to millions of people, every day. We are one of the very few companies equipped to solve some of the big complex challenges that matter for the future. We have a real contribution to make to the world's ambition of a low carbon future. Join us, and be part of what we can accomplish together.

Job Family Group

IT&S Group

Job Profile Summary

Role Synopsis

The BP Cyber Emergency Response Team (BP-CERT) is comprised of incident management and forensic professionals based in London, Houston and Singapore. BP-CERT sits within the Counter Threat Unit (CTU) in the Digital Security & Risk division of BP's Information Technology & Services (IT&S) team. BP-CERT's primary purpose is to investigate and respond to malicious cyber activity affecting BP's information and systems, including industrial automation assets.

As the Forensic and Incident Response Lead, you will co-ordinate the on-duty incident response team and act as Incident Response Manager for the highest profile and most visible cyber incidents, leading and directing efforts to immediately respond quickly and efficiently to active threats.

BP-CERT maintains and develops skill sets to conduct forensic investigations, threat intelligence analysis, information sharing and coordination, and cyber exercising.

You will need the leadership mentality to influence people, and direct and co-ordinate discussions to quickly identify risks and impact in fast-paced, demanding situations.

Key Accountabilities

Team: You will lead and coordinate the response to digital security incidents through the initial triage phase and provide support to business and IT teams as they work to close identified gaps. This involves ensuring that threats are contained in a timely way to minimize the risk to BP's information assets, data and services. You will also participate in post-incident reviews assessing the effectiveness of controls, monitoring and responses to maximize lessons learnt and improve BP's cyber resilience.

Relationships: You will build and maintain close working relationships with the segment Heads of Digital Security, Digital Security Risk Officers, Service Management Office, Intelligence, Security & Crisis Management, Business Integrity, Group Communications and key strategic suppliers whose support and knowledge are vital in delivering the remediation of security events and incidents.

Security: You will enhance the design, documentation, and implementation of incident response processes, procedures, guidelines, and solutions. You will also lead and coordinate cyber exercises to ensure continuous improvement in BP's Digital Security response. You will maintain a strong awareness of technology, emerging cyber threats and industry best practice to enhance incident response.

Safety and Compliance: The safety of our people and customers is our highest priority. We will champion a culture of operational safety and ensure our architectures, designs and processes enhance and improve our digital security.

Job advert

Essential Education

  • You'll have a degree or technical certification (SANS, Cyber Security, CISSP)
  • Alternatively, you could have at least 3 years' direct working experience

Essential Experience and Job Requirements

  • You will have significant relevant experience in an information security and risk role, or similar.

  • You will have advanced technical knowledge and experience of delivering security solutions. This includes providing technical advice and overseeing security processes for your specialism.

  • You will have sound stakeholder management experience.

Technical capability


  • Business Analysis (BUAN)
  • Consultancy (CNSL)
  • Incident Management (USUP)
  • Information Security (SCTY)
  • Performance Management (PEMT)
  • Relationship Management (RLMT)
  • Security Administration (SCAD)

Leadership and EQ

  • You always empower people - encouraging positive team morale and ensuring that every team member with expertise has the power to make decisions, at the lowest possible level.

  • You always get the basics right, from quality development conversations to recognition and ongoing performance feedback. You can develop, coach, mentor and inspire others.

  • You comply with BP's Code of Conduct and ensure your team does too. You also demonstrate strong leadership of BP's Leadership Expectations and Values & Behaviours.

  • You create an environment where people listen and can speak openly about the good, the bad, and the ugly, so that everyone can understand and learn.

  • You embrace a culture of change and agility, evolving continuously, adapting to our changing world.

  • You are an effective team player, naturally looking beyond your own area/organizational boundaries to consider the bigger picture and/or perspective of others, and building trust-based relationships with leaders and employees across IT&S and BP

  • You are self-aware and seek input from others on your impact and effectiveness.

  • You apply judgment and common sense at scale - you use insight and good judgment to deliver commercially sound, efficient and pragmatic decisions and solutions and to respond to situations as they arise.

  • Cultural fluency - you operate across cultural boundaries with sensitivity.

Desirable Criteria

  • You have considerable experience in the cyber security field

  • You have up-to-date knowledge of technology, cyber and information security threats facing oil and gas

  • You have Information Security certification (CISSP, CISM, etc.)

  • You have Incident and Forensic certification (ITIL, GIAC GCIA / GCIH)

  • You bring comprehensive understanding of risk management

  • You can articulate and communicate intelligence on adversaries, campaigns and threats facing BP

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Cybersecurity Incident Response Consultant


Posted 6 months ago

VIEW JOBS 5/11/2020 12:00:00 AM 2020-08-09T00:00 Worker Sub-Type: Regular Job Description: THE POSITION BlackBerry Cylance is seeking an experienced Incident Response Consultant professional to join our expanding Incident Response practice. As part of the growing Consulting Services team, this position will have oversight and responsibility over assigned Incident Response engagements, Incident Response training programs, innovation of internal Cylance tools, and growing the IR practice overall. WHO WE ARE LOOKING FOR * Experience performing Digital Forensics and Incident Response (DFIR) investigations on multiple Operation Systems; Windows, Mac and Linux * Tool agnostic with an emphasis on knowing the forensic artifacts themselves versus relying on tool output * Knowledge of and the ability to use popular EDR technologies during DFIR engagements * Experience analyzing a myriad of system and network logs using Splunk and/or ELK * Knowledge of threat hunting and knowledge of the artifacts necessary to review while threat hunting * Ability to analyze PCAP data * Ability to triage and analyze malware dynamically within a virtual environment to quickly gain a set of IOCs during an IR engagement * Knowledge of System Administrator roles and responsibilities with an understanding of Windows Domain environments * Ability to be client facing by interacting with our clients and their executive leadership * Creative problem-solving abilities and an analytic and qualitative eye for reasoning * Self-starter with a knack for taking initiative and "getting things done" * Must have a passion for your work and an ability to apply that passion to both daily tasks and larger projects * Ability to work with a remote team via collaboration tools (Chat, Email, and Video Conferences) * Strong documentation skills, ability to write executive and technical DFIR reports * Ability to prioritize and complete multiple tasks with little to no supervision * Intellectual curiosity, humility, accountability and positive approach * Ability to work independently with substantial latitude for action and decision while maintaining focus on achieving optimal outcomes as part of a collaborative development effort * Local, or willing to relocate to Plano, TX (relocation assistance provided) ABOVE AND BEYOND * At least 3+ years of hands on client facing consulting experience or 5+ years of DFIR experience in a non-consulting environment * Proficient in either Python, Powershell and/or Go. Bonus points if you have a GitHub page. * Experience creating dashboards, writing Logstash filters, and performing complex searches within ELK * Experience writing Suricata rules with an emphasis on performance * Experience managing Bro installations and writing Bro scripts * Knowledge performing DFIR investigations in Cloud environments (Azure, O365, AWS, and Google) * When an existing technology and/or process doesn't exist to do something, you want, you are the kind of person that takes initiative and builds the technology or process Job Family Group Name: Professional Services & Consulting Scheduled Weekly Hours: 40 Cylance Houston TX

Forensics And Incident Response Lead