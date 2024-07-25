Job summary
Job Family Group:
IT&S Group
Job Description:
Reporting to the VP Cyber Defense, the Global SOC (Security Operations Centre) Lead is a significant leadership position with the digital security organization and will have responsibility for the management and development of a global team of security analysts working in bp’s security operations centre. The SOC currently consists of mature operations located in the US (Houston, Texas) and in the UK (London/Sunbury), as well as a new location, currently starting up in Malaysia (Kuala Lumpur).
In addition to managing the SOC analysts, the Global SOC Lead will also be responsible for providing thought leadership with respect to security operations; driving and improving operational discipline within the SOC; identifying opportunities to better protect bp and drive further efficiency within the SOC; as well as participating fully as a member of the bp digital security Cyber Defence leadership team.
Key Accountabilities:
Manage the Global SOC Team
- Lead the professional development of the SOC analysts, including assessing skill levels and guiding professional development within the team
- Coordinate activities across the bp SOC locations, working closely with the local SOC leads
- Manage the financial aspects of the SOC operations, including operating expenses and any required project investments or refresh of the physical kit or solutions within the SOC
- Direct the engagement and interfaces with other digital security teams, including Threat Intelligence; SOC; Defence Analytics and Integration; and Security Data Services – among others
Drive and Maintain Operational Discipline
- Improve the operational maturity of the current SOC operations against industry standards (e.g., NIST 2.0)
- Identify opportunities to continuously improve operational discipline within the SOC
- Maintain and improve upon the delivery against established key performance indicators (KPIs); as well as identify additional KPIs to drive further excellence within the team
Incident and Case Creation and Tracking
- Ensure that all identified events are promptly recorded, validated and thoroughly investigated and accurately documented
- Ensure accurate use of Use Cases and identify opportunities/add new Use Cases, where appropriate
- Assess SOC performance against established baselines and timelines for incidents
Stakeholder Management and Engagement
- Serve as a visible leader for digital security, including providing education and learning through participation in context-based tours, presentations and events within bp and externally, where appropriate
- Participate in the management of major incidents, including serving as a digital security representative on incident management teams and/or business support teams, when necessary
- Maintain and grow key relationships with local regulatory and/or law enforcement stakeholders
Intelligence Sharing
- Remain current on cyber security trends and intelligence (both open-source and commercial) and encourage intelligence led thinking across the SOC team, working closely with the digital security Threat Intelligence team
- Support SOC leads and their analysts in the further development of intelligence-led methodologies, practice and threat hunting
Documentation and Procedures
- Accountable for data accuracy with respect to both the quality of documentation for, and the metrics associated with, cyber incidents
- Oversee documentation owned by the team including but not limited to Standard Operating Procedures (SOPs) and Use Cases
- Support the SOC leads in devising and documenting new procedures, as appropriate
- Improve and develop new content based on observed and measured SOC activity
- Work with engineers within digital security to implement new or enhanced capabilities, ensuring all SOC analysts are briefed and trained as required
Essential Experience and Education:
- Bachelor’s degree in Computer Science, Business Administration or equivalent educational or professional experience and/or qualifications.
- Advanced cyber qualifications/certifications
- 10 years of information security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, log analysis, intrusion detection and IT infrastructure management
- Prior hands-on SOC experience, both in analyst and leadership roles
- Hands-on experience with security information and event management (SIEM) technologies, security orchestration, automation, and response (SOAR) solutions; vulnerability management processes, and/or cloud-native application protection platform (CNAPP) technologies
- Excellent written and oral communication skills
- Self-motivated to improve knowledge and skills
- Demonstrated ability to engage with senior leaderships, both internally and external to the organization
- Detail oriented, with a strong desire to drive improvements regarding the “what” as well as the “why” and the “how” of security incidents
- A passion for leading and growing the capabilities of global teams; as well as for embracing/leveraging diverse perspectives and cultures within a team to achieve greater results
- Demonstrable ability to think beyond the immediate situation and use critical thinking, context and judgment in the analysis of complex data sets, threat intelligence, and security events
- Ability to work under pressure and in crisis situations while maintaining a high degree of professionalism and leadership when engaging the SOC team and internal/external stakeholders
- Ability to lead large teams in the adoption of new technologies and processes in a rapidly changing environment
