1. Home
  2. Careers
  3. Jobs at bp
  4. Incident Response Specialist (SOC/CERT)?

Incident Response Specialist (SOC/CERT)?

Incident Response Specialist (SOC/CERT)

  • Location Malaysia - Kuala Lumpur
  • Travel required Up to 10% travel should be expected with this role
  • Job category IT&S Group
  • Relocation available This role is not eligible for relocation
  • Job type Professionals
  • Job code RQ070526
  • Experience level Intermediate
Apply Search all jobs at bp

Job summary


Innovation & Engineering

Job Family Group:

IT&S Group

Job Summary:

Responsible for supporting information security and risk activities for the specialism, using sound technical capabilities to review and adjust information security processes, supporting the delivery of security solutions, recommending improvements to security strategies and managing external service providers, as required. Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security.

Job Description:

Role Synopsis

The incident response team is comprised of the SOC and the CERT. This is a 24x7x365 operation within bp and has team members spanning three time zones. The IR team sits within Cyber Defence and responds to a wider range of digital security incidents globally.

The Security Operations Center (SOC) is responsible for monitoring and responding to incidents, performing initial triage and response, and growing serious threats to members of the Cyber Emergency Response Team (CERT) and the various business entities in bp. The CERT conducts longer term technical investigations through digital forensics and other advanced techniques. The candidate must be knowledgeable about the various business segments and be able to answer, or direct to others, security-related questions covering a wide range of topics.

This is a hybrid SOC/CERT Role. As an Operational Management Specialist, you will split your time by supporting both the SOC and CERT functions, depending on where Incident Response resources are needed.

You will work as part of the distributed team to provide security across the enterprise that enables business activity and promotes safe and secure operations.

Key Accountabilities

  • Support the bp SOC as an escalation point for analysts and provide SOC coverage as needed.
  • Conduct digital forensic investigations on high-priority incidents to include functions such as host (disk and memory) forensics, network forensics and log analysis.
  • Conduct advanced threat hunting by using threat intelligence and the MITRE ATT&CK framework to proactively identify suspicious activity in the environment.
  • Ensure data accuracy within the SIEM, case management system and others.
  • When not actively responding to incidents, other key responsibilities within the role include development of documentation and processes such as playbooks, refining your skills through training opportunities and identifying and enhancing the capabilities of the team by developing opportunities for automation (i.e., custom scripts and tool integration)

Essential Education:

Bachelor's degree (e.g., Information Security, Network Security, Information Assurance, Information Technology, Computer Science) or equivalent experience and/or qualifications.

Essential Experience and Job Requirements:

  • Experience with attacker tactics, techniques and procedures (TTP’s)
  • Knowledge of both Windows and Linux operating systems to conduct host-based forensics and analysis
  • Knowledge of cloud platforms such as AWS and Azure
  • Experience with many different types of log sources such as firewall, web and database to identify anomalous activity
  • Understand network communications and protocols
  • Knowledge of SIEM, EDR and other core cyber toolsets
  • Strong problem-solving skills as applied to technical solutions
  • Sound technical knowledge of security as applied to IT/OT networks, systems, and applications
  • Ability to communicate effectively and document investigative findings in a clear and concise manner

Leadership and EQ

  • You embrace a culture of change and agility, evolving continuously, adapting to our changing world.
  • You are an effective team player, looking beyond your own area/organizational boundaries to consider the bigger picture and/or perspective of others, while understanding cultural differences
  • You continually enhance your self-awareness and seek input from others on your impact and effectiveness
  • Well organized, you balance proactive and reactive approaches and multiple priorities to complete tasks on time
  • You apply judgment and common sense – you use insight and good judgment to inform actions and respond to situations as they arise
  • You comply with BP's Code of Conduct and demonstrate strong leadership through BP's Leadership Expectations and Values & Behaviours

Desirable criteria

  • COMPTIA Security+ / CYSA+ CASP+
  • SANS Certification GSOC; GCIH; GCFA; GCFE; GCFR
  • CISSP Certification and accreditation
  • Certified Ethical Hacker - CEH
  • Cisco Certifications (CCNA or similar)
  • Similar/ higher certifications

Why join us?

At bp, we support our people to learn and grow in a diverse and ambitious environment. We believe that our team is strengthened by diversity. We are committed to fostering an inclusive environment in which everyone is respected and treated fairly. There are many aspects of our employees’ lives that are meaningful, so we offer benefits to enable your work to fit with your life! These benefits can include flexible working options, paid parental leave policy among others!

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Travel Requirement

Up to 10% travel should be expected with this role

Relocation Assistance:

This role is not eligible for relocation

Remote Type:

This position is a hybrid of office/remote working


Automation system digital security, Conformance review, Consulting, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialism

Legal Disclaimer:

We are an equal opportunity employer and value diversity at our company.  We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with disabilities may request a reasonable accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.).  If you would like to request an accommodation related to the recruitment process, please contact us to request accommodations.

If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy.  This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.

Apply Search all jobs at bp