Information security engineering lead

Entity:

Technology

Job Family Group:

IT&S Group

Job Description:

You will work with
This team leadsthe response and management of cyber inusingutilizing an intelligence-led approach for identification, mitigation, and rapid response to safeguard bp on a global scale. By applying lessonslearned and data analytics, they establish engineering principles and enhance the technology stack to continuously bolster bp's cybersecurity posture.

Let me tell you about the role
We are looking for Information Security Engineering Lead (Application and Offensive security) who will leadateam driving the management of large security data sets, developing data-driven solutions and insights, and building data integration solutions and digital automation. We build digital solutions primarily in the cloud using Azure and AWS, so we can adapt quickly, demonstrate the latest technology, and scale our solutions globally.

You will advocate that application development, platform development, and infrastructure teams adhere to secure design and development practices (e.g., threat modeling, technical design review, resilience testing, monitoring & alerting, code review, and documentation)

You will also contribute to standard processes that will help shape bp’s security agenda and create acultureofexcellence.

What you will deliver

• Provide advanced technical expertise in support of information security and risk activities specific to the specialism to achieve objectives e.g. designing and developing security solutions to work across bp’s digital environments that are consistent with current policies.
  
• As appropriate, provide support to investigations and incident response processes, providing a consistent response to cyber-based malicious activity.
  
• Drive the implementation and application of relevant operating processes and procedures, and ensure all activities adhere to the relevant standards.
  
• Evolve the security roadmap to meet anticipated future requirements and needs.
  
• Create and articulate materials on how to embed and measure security throughout the software and platform development lifecycle.
  
• Develop and maintain customer relationships, delivering advanced technical knowledge to support project delivery, collaboratively identify key challenges and ensure that security solutions successfully protect bp against cyber risks.
  
• Build awareness of internal and external technology developments, managing the delivery of process and system improvements, identifying and implementing continuous improvement plans for the specialism and ensuring bestpractice is shared across the team.
  
• Actively sponsor and mentor emerging talent and promote acultureof continuous development; and provide informal mentoring/training to junior team members.
  

What you will need to be successful (experience and qualifications)

• Accomplished senior leadership professional with 7-10+yearsofexperience leading, growing and developing a security/software engineering team of around 10-30 people.
  
• Deep, direct experience designing, planning, productizing, maintaining and documenting reliable and scalable data infrastructure, cloud and data products in complex environments.
  
• A deep comprehension of information and cyber security principles and standard methodologies.
  
• Professional and technical security certifications such as CISSP, CISM, GEVA, CEH, OSCP orequivalent are a plus.
  
• Experience in a technical leadership role, leadingallaspectsof projects.
  
• Comprehensiveknowledge and practical experience in one or more object-oriented programming languages (e.g., Python, Scala, Java, C#) and/or one or more cloud environments (including AWS, Azure, Alibaba, etc.)
  
• Deep knowledge and hands-on experience in technologies across all data lifecycle stages.
  
• Experience with two or more of the following security technologies/areas: Security Information and Event Management (SIEM), Intrusion Prevention or Detection System (IPS/IDS), Email Security Gateways, Web Security Gateways, Multi-Factor Authentication (MFA) Systems (MFA), Endpoint Protection, Endpoint Detection and Response (EDR), Security Orchestration Automation and Response (SOAR), Firewalls, Vulnerability Scanners
  
• Workingknowledge of security frameworks such as CIS CSC, NIST CSF, NIST 800-53, ISO 27001, etc.
  
• Operational proficiencyin security standards, industry laws, and regulations such as Payment Card Industry Data Security Standards (PCI-DSS), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Sarbanes-Oxley (SOX)
  
• Strongcollaboration management and ability to lead teams through managerial and technical influence.
  
• Continuouslearning and improvement approach.
  

About bp
bp is a global energy business with a purpose to reimagine energy for people and our planet. We aim to be a very different kind of energy company by 2030, helping the world reach net zero and improving people’s lives. Wearecommitted to creating a diverse and inclusiveenvironment where everyone can grow and succeed. Join bp and become part of the team building our future!

We will ensure that individuals with disabilities are provided reasonableaccommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to requestaccommodation.

Travel Requirement

Up to 10% travel should be expected with this role

Relocation Assistance:

This role is eligible for relocation within country

Remote Type:

This position is not available for remote working

Skills:

Automation system digital security, Client Counseling, Conformance review, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialism

Legal Disclaimer:

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us.
If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.