Innovation & Engineering



IT&S Group



Responsible for delivering information security and risk activities for the specialism, using advanced technical capabilities to lead changes to security processes and procedures, review complex security issues, lead security solutions from identification to implementation, ensure adherence to policies, standards and best practices and provide technical expertise to internal and external stakeholders. Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security.



Role Synopsis

BP has embarked on an ambitious plan to modernize and transform using digital technologies to drive efficiency, effectiveness, and new business models. As the IS Engineering Lead, you will be responsible for delivering information security and risk activities.

Using advanced technical capabilities, you will lead changes to security processes and procedures, review complex security issues and oversee security solutions from identification to implementation.

You will see that we follow policies, standards and best practices and provide technical expertise to internal and external stakeholders. It’s a chance to operate in a dynamic and delivery-focused environment, with the resources of one of the world's most forward-thinking IT departments and leading IT vendors at your fingertips.

Security Engineering Lead builds, develop and lead the continuous improvement of security engineering practises and responsible for the quality of Cyber advice, guidance and standards used across bp.

The successful candidate is a SME in the AliCloud Security Engineering space and is responsible for architecting and maintaining multiple AliCloud Products and their automation deployments.

You will work within an agile delivery squad interacting directly with our customers, development teams, business product owners and 3rd party vendors.

In depth knowledge of CI/CD process, Experience of automation and development tooling such ADO, GIT, Code pipeline and ability to learn other tools.

Key Accountabilities

Team: You will provide advanced technical expertise to support information security and risk activities specific to your specialism. This could involve designing and developing security solutions to work across BP IT environments that are consistent with current policy; running investigations and incident response processes and providing a consistent response to cyber-based malicious activity; and acting as an interface with various teams dealing with information security in their segment/functions etc. You will drive the implementation and application of relevant operating processes and procedures, and ensure all activities follow relevant standards. You will also manage outreach for the wider Security Engineering Function to support them in Technology adoption.

Relationships: You will develop and maintain relationships with stakeholders, delivering advanced technical knowledge to support project delivery, collaboratively identify key challenges and ensure that security solutions protect BP against cyber risks. A senior professional, you will provide informal mentoring/training to junior members of the team. You will also work across Security Engineering & Enterprise AliCloud Squads and other teams to align and optimize activities and provide backup as necessary for incidents and projects. We’ll expect you to track ordering process for solutions and align with yearly budget by working with finance support.

Technology: You will build awareness of internal and external technology developments, managing the delivery of process and system improvements, identifying, and implementing continuous improvement plans for the specialism and ensuring best practice is shared across the team.

Safety and Compliance: The safety of our people and customers is our highest priority. We will champion a culture of operational safety and ensure our architectures, designs and processes enhance and improve our digital security.

People Manager Expectations:

Provide ongoing feedback to your employee tree, both formally and informally, with the aim of supporting their performance and development within the Chapter.

Coach and mentor to help build domain experience amongst peers.

Be responsible for Chapter member’s personal development and the management of performance reviews.

Contribute to relevant supply and demand conversations, to adequately staff squads with appropriately skilled employees.

Assess candidates as part of the Talent Acquisition process, interviewing to identify future I&E digital talent.

Sharing knowledge (cross-pollination) between Chapter members that can be utilised by various Squads.

Desirable Education

BSc in Information Security or similar

Desirable Experience and Capability

Years of experience:

8-10 years, with a minimum of 5 years of relevant experience.

Required Criteria / Experience

Architect technical solutions within AliCloud platform to improve the overall security posture.

Develop and deploy security solutions using terraform and other languages to automate the security capability within the platform using automation.

Provide guidance and advice to the overall platform and customers regarding security risks by performing regular risk assessments, threat modelling and security testing.

Develop Security knowledge base by publishing AliCloud security standards, architectural patterns to assist customers in developing secure solutions within the platform.

Lead and support the security operations role to ensure operational responsibilities are met to secure the platform with formal reporting to Security Principal.

Liaise with Cloud Security Engineering, Security Architecture, Enterprise architecture and Compute platform to ensure adherence to global standards.

Support and respond to platform-based security incidents in a timely manner and provide technical support to the CTI and SoC where needed.

Develop the security roadmap for future requirements for the continuous improvement of existing security capabilities within the platform and new capabilities to defend against new threats.

Essential technical skills:

Deep hands-on knowledge of AliCloud Security Center, cloud firewall, WAF and other Security products in AliCloud. (AliCloud certification preferable)

AliCloud CLI scripting. (Scripting: Python, Bash, PowerShell, Ruby, Lambda (NodeJS / Python)

Detailed knowledge of Infrastructure as code: - ADO pipelines, Terraform, cloud automation and resource orchestration.

Hands on experience of utilising resource management for operating large scale AliCloud deployments.

Good understanding and hands-on implementation of Resource Access Management (RAM) and integration with industry identity providers.

Demonstratable knowledge of Incident Management, Problem Management and Relationship Management

Key Behaviours:

Empathetic: Cares about our people, our community, and our planet

Curious: Seeks to explore and excel

Creative: Imagines the extraordinary

Inclusive: Brings out the best in each other



This position is a hybrid of office/remote working



Automation system digital security, Conformance review, Consulting, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialism



