1. Home
  2. Careers
  3. Jobs at bp
  4. Forensic & Incident Response Lead

Forensic & Incident Response Lead

Forensic & Incident Response Lead

  • Location United Kingdom - South East - Sunbury
  • Travel required Negligible travel
  • Job category IT&S Group
  • Relocation available No
  • Job type Professionals
  • Job code 133243BR
  • Experience level Senior
Apply Search all jobs at bp

Job summary

Role Synopsis

Do you have the desire to work in highly technical and fast paced environment to identify, investigate and defend against top tier cyber threat actors? Do you want every workday to be different? The bp Cyber Emergency Response Team (bp-CERT) is a global team comprised of incident responders and forensic experts in London, Houston and Singapore. bp-CERT sits within the Counter Threat & Intelligence Unit (CT&I) inside Digital Security. bp-CERT's primary mission is to respond to digital security incidents globally, conduct forensics, conduct advanced threat hunting and support insider threat investigations.

As a Forensic and Incident Response Lead, you will be responsible for being the primary responder on a variety of digital security incidents. bp has a One Team approach, so you’ll be supported by your colleagues across the globe. You will have a variety of sophisticated tools, log sources and intelligence at your disposal to investigate these high-profile cyber incidents.
You will need the leadership mentality to influence people, direct and coordinate discussions to quickly identify risks and impact in fast-paced demanding situations.

Core role responsibilities include:

  • Work across SOC, Cyber Threat Intelligence, Red Team, Engineering Team and others to bring together a holistic view of incidents
  • Conduct investigations on high-priority incidents to include functions such as host (disk and memory) forensics, network forensics and log analysis
  • Conduct advanced threat hunting by using threat intelligence and the MITRE ATT&CK framework to proactively identify suspicious activity in the environment
  • Support insider threat investigations through the use of innovative techniques and use cases
  • When not actively responding to incidents, other key responsibilities within the role include: development of documentation and processes such as playbooks, refining your skills through training opportunities and identifying and enhancing the capabilities of the team by developing opportunities for automation (i.e., custom scripts and tool integration)

Requirements:

  • Experience with attacker tactics, techniques and procedures (TTP’s)
  • Knowledge of both Windows and Linux operating systems to conduct host-based forensics and analysis
  • Knowledge of cloud platforms such as AWS and Azure
  • Experience with many different types of log sources such as firewall, web and database to identify anomalous activity
  • Understand network communications and protocols
  • Ability to communicate effectively and document investigative findings in a clear and concise manner

Job Advert

Key Accountabilities

Team: You will lead and coordinate the response to digital security incidents and provide support to business and I&E teams as they work to close identified gaps. This involves ensuring that threats are contained in a timely way to minimize the risk to BP's information assets, data and services. You will also participate in post-incident reviews assessing the effectiveness of controls, monitoring and responses to maximize lessons learnt and improve BP's cyber resilience.

Relationships: You will build and maintain close working relationships with the segment Heads of Digital Security, Information Security Leads, Intelligence, Security & Crisis Management, Business Integrity, Group Communications, Legal and key strategic suppliers whose support and knowledge are vital in delivering the remediation of security events and incidents.

Security: You will enhance the design, documentation, and implementation of incident response processes, procedures, guidelines, and solutions. You will also maintain a strong awareness of technology, emerging cyber threats and industry best practice to enhance incident response.

Safety and Compliance: The safety of our people and customers is our highest priority. We will champion a culture of operational safety and ensure our architectures, designs and processes enhance and improve our digital security.

Essential Education

  • You’ll have a degree or technical certification (SANS, Cyber Security, CISSP)
  • Alternatively, you could have at least 3 years’ direct working experience

Essential Experience and Job Requirements

  • You will have significant relevant experience in an information security and risk role, or similar.
  • You will have advanced technical knowledge and experience of delivering security solutions. This includes providing technical advice and overseeing security processes for your specialism.
  • You will have sound stakeholder management experience.

At bp, we provide the following environment & benefits:

  • A company culture where we respect our diverse teams and are proud of our achievements
  • Possibility to join social communities and networks
  • Learning and development opportunities to craft your career path
  • Life & health insurance, medical care package
  • And many others benefits!
We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Apply now if this excites you.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
#bpInformationSecurity

Role Synopsis

Do you have the desire to work in highly technical and fast paced environment to identify, investigate and defend against top tier cyber threat actors? Do you want every workday to be different? The bp Cyber Emergency Response Team (bp-CERT) is a global team comprised of incident responders and forensic experts in London, Houston and Singapore. bp-CERT sits within the Counter Threat & Intelligence Unit (CT&I) inside Digital Security. bp-CERT's primary mission is to respond to digital security incidents globally, conduct forensics, conduct advanced threat hunting and support insider threat investigations.

As a Forensic and Incident Response Lead, you will be responsible for being the primary responder on a variety of digital security incidents. bp has a One Team approach, so you’ll be supported by your colleagues across the globe. You will have a variety of sophisticated tools, log sources and intelligence at your disposal to investigate these high-profile cyber incidents.
You will need the leadership mentality to influence people, direct and coordinate discussions to quickly identify risks and impact in fast-paced demanding situations.

Core role responsibilities include:

  • Work across SOC, Cyber Threat Intelligence, Red Team, Engineering Team and others to bring together a holistic view of incidents
  • Conduct investigations on high-priority incidents to include functions such as host (disk and memory) forensics, network forensics and log analysis
  • Conduct advanced threat hunting by using threat intelligence and the MITRE ATT&CK framework to proactively identify suspicious activity in the environment
  • Support insider threat investigations through the use of innovative techniques and use cases
  • When not actively responding to incidents, other key responsibilities within the role include: development of documentation and processes such as playbooks, refining your skills through training opportunities and identifying and enhancing the capabilities of the team by developing opportunities for automation (i.e., custom scripts and tool integration.

Apply Search all jobs at bp