Cyber Security Incident Response (CSIRT) Specialist – bp
Location: Sunbury-On-Thames, England, United Kingdom
bp delivers energy to the world today and tomorrow. The Cyber Security Incident Response Team (CSIRT) within Counter Threat & Engineering (CT&E) responds to digital security threats and incidents worldwide, supporting Security Operations Centers across Houston, Sunbury, Kuala Lumpur, Pune, and Singapore. Enabling safe and secure business operations as part of this global team requires a deep understanding of bp’s business segments and a broad range of security‑related skills.
Key Accountabilities
* Support the bp SOC as an escalation point for security events and incidents.
* Conduct digital forensic investigations on high‑priority incidents, including host (disk and memory), network forensics, and log analysis.
* Work across Digital Security and bp business functions to partner on incidents and ensure all appropriate actions are taken and communicated.
* Conduct advanced threat hunting using threat intelligence and the MITRE ATT&CK framework to proactively identify suspicious activity.
* Ensure data accuracy within the case management system and other relevant platforms.
* When not actively responding, develop documentation and processes such as playbooks, pursue training opportunities, and enhance team capabilities through automation (custom scripts and tool integration).
Essential Education
* Bachelor’s degree in Information Security, Network Security, Information Assurance, Information Technology, Computer Science, or equivalent experience and/or qualifications.
Essential Experience and Job Requirements
* Experience with attacker tactics, techniques, and procedures (TTPs).
* Proficiency with Windows and Linux operating systems for host‑based forensics and analysis.
* Knowledge of cloud platforms such as AWS and Azure.
* Experience with diverse log sources (firewall, web, database) to identify anomalous activity.
* Understanding of network communications and protocols.
* Familiarity with SIEM, EDR, and other core cyber toolsets.
* Strong problem‑solving skills applied to technical solutions.
* Sound technical knowledge of security as applied to IT/OT networks, systems, and applications.
* Effective communication skills and ability to document investigative findings clearly and concisely.
Leadership and EQ
* Embrace a culture of change and agility, continuously evolving and adapting to a changing world.
* Act as an effective teammate, looking beyond own area to consider the bigger picture and respecting cultural differences.
* Consistently enhance self‑awareness and seek input from others to improve impact and effectiveness.
* Well‑organized, balancing proactive and reactive approaches with multiple priorities to complete tasks on time.
* Apply sound judgment and common sense to inform actions and respond to situations as they arise.
* Align with bp's Code of Conduct and demonstrate strong leadership through bp's Leadership Expectations and Values & Behaviours.
Desirable Criteria
* CompTIA Security+, CYSA+, CASP+
* SANS Certifications (GSOC, GCIH, GCFA, GCFE, GCFR)
* Certified Information Systems Security Professional (CISSP)
* Certified Ethical Hacker (CEH)
* Cisco Certifications (CCNA or similar)
* Other relevant or higher certifications
Additional Information
The CSIRT is part of bp’s wider CT&E team that protects bp against cyber threats. The role requires 60% of the work week in local bp offices, with up to 40% remote. An on‑call rotation is required several times throughout the year. bp supports its people to learn and grow in a diverse and challenging environment.
Equal Opportunity Employer
bp is an equal opportunity employer and values diversity. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We provide reasonable accommodation for individuals with disabilities throughout the application process.
#J-18808-Ljbffr