Responsible for delivering information security and risk activities for the specialism, using advanced technical capabilities to lead changes to security processes and procedures, review complex security issues, lead security solutions from identification to implementation, ensure adherence to policies, standards and best practices and provide technical expertise to internal and external stakeholders. Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security.
The Role: Digital Security SOC Lead Specialist (L3) - Team Lead
Reporting to the Head of Incident Response, the SOC Lead Specialist - Team Lead, with responsibility for the management and development of a designated team of SOC Analysts
Co-ordinate and develop, train and coach SOC colleagues in all technical and investigative methodologies and practicesIncident and Case Creation and TrackingEnsure that all identified events are promptly recorded, validated and thoroughly investigated and accurately documentedEstablish baseline and initial timeline for incidentsSecurity Monitoring- Detection & ResponseServe as a lead analyst and point of escalation for Level I and Level II analystsCoordinate immediate triage activities as requiredProvide oversight and guidance to junior analystsEncourage and support automation ideasEnsure appropriate level of analysis and documentation is completed within the SOC for escalations to CERTCommunity OutreachAs required, act as an ambassador for CT&I and the SOC- providing education and learning through participation in context-based tours, presentations and events.Intelligence SharingRemain current on cyber security trends and intelligence (both open-source and commercial) and encourage intelligence led thinking across the SOC teamSupport the SOC Lead Intelligence Specialist in the further development of intelligence led methodologies, practice and threat hunting.Documentation and ProceduresEnsure Data AccuracyOversee documentation owned by the SOC team including but not limited to Standard Operating Procedures (SOPs) and Use CasesDevise and document new proceduresImprove and develop new content based on observed and measured SOC activityWork with engineers in the Defense Systems team to implement new or enhanced capabilities, ensuring SOC analysts are briefed and trained as requiredWorking with DAI/CERT/CI, support the development of workflows for Resilient Use CasesEducation:
- Will support the bp SOC as an advanced escalation point for Level I and Level II analysts
- Will support/ manage escalations from the analyst and senior analysts in investigations
- Will lead technical investigations for security incidents within the SOC prior to escalation to CERT.
- Will ensure data accuracy in all case management, whether in SIEM or Case Management system ·
- Will oversee process improvements/automation and drive implementation of new capabilities in coordination with other CT&I teams.
Bachelor’s degree in Computer Science, Business Administration or equivalent educational or professional experience and/or qualifications.CompTIA Security + certificationAdvanced cyber qualificationsExperience:
Ideally 5 years of information security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, log analysis, intrusion detection · Successfully operated as a Level 2 SOC analyst for a minimum of two years · Hands-on experience with SIEM technologies, IDS/IPS network and host based firewall technologies and anti-virus solutions Excellent written and oral communication skillsAbout Us:BP has embarked on an ambitious plan to modernize and transform as an integrated energy company, using digital technologies to drive efficiency, effectiveness, and new business models. You will be part of the Security Operations Center and this position will be located in the UK. Our SOC team is part of our wider Counter Threat and Intelligence team that is responsible for protecting bp against emerging cyber threats. This post will be located at the UK facility in Sunbury. This role requires 60% of the work week in our local bp offices while up to 40% can be remote. At bp, we support our people to learn and grow in a diverse and challenging environment.