BP

Entity:

Technology

Job Family Group:

IT&S Group

Job Description:

You will work with

This team drives the response and management of cyber incidents, using an intelligence-led approach for identification, mitigation, and rapid response to safeguard bp on a global scale. By applying lessons learned and data analytics, they establish engineering principles and enhance the technology stack to continuously bolster bp's cybersecurity posture.

Let me tell you about the role

We are looking for Information Security Engineering Specialist (Offensive Security) can conduct penetration tests, simulate advanced attacks, and analyze organizational defenses to uncover weaknesses in our systems, applications, and controls.

This is a hands-on role, where you will be continually learning new tools, tactics, and techniques, while documenting findings, and collaborating with stakeholders to remediate those issues.

You will also contribute to standard processes that will help shape bp’s security agenda and create a culture of excellence.

What you will deliver

• Conduct targeted penetration tests on applications, networks, APIs, and cloud environments.
• Conduct Red Team engagements simulating realistic threat actors.
• Utilize and customize offensive security tools (Metasploit, Burp Suite, etc.) and develop automations for repetitive tasks.
• Create clear, actionable reports detailing methods used, findings and suggested remediation.
• Work with incident response, threat intelligence, and other teams to integrate offensive security and improve our defenses.
• Partner with our development and cloud teams to ensure vulnerabilities uncovered by our penetration tests are remediated efficiently.
• Evolve the security roadmap to meet anticipated future requirements and needs.
• Actively sponsor and mentor emerging talent and promote a culture of continuous development; and provide informal mentoring/training to junior team members.

What you will need to be successful (experience and qualifications)

• Seasoned security professional with 3+ years delivering security engineering services and/or building security solutions within a complex organization.
• Firm foundation of information and cyber security principles and standard processes.
• Solid knowledge in application security concepts (OWASP Top 10, secure coding best practices, common vulnerabilities, etc).
• Professional and technical security certifications such as CISSP, CISM, GEVA, CEH, OSCP or equivalent are a plus.
• Development experience in one or more object-oriented programming languages (e.g., Python, Scala, Java, C#) and/or cloud environments (including AWS, Azure, Alibaba, etc.)
• Practical experience with code scanning tools (SAST, DAST, SCA)
• Experience with CI/CD pipelines and DevSecOps tools to automate security checks and integrate them into the development workflow.
• Operational proficiency in frameworks such as CIS CSC, NIST CSF, NIST 800-53, ISO 27001, etc.
• Foundational knowledge of security standards, industry laws, and regulations such as Payment Card Industry Data Security Standards (PCI-DSS), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Sarbanes-Oxley (SOX)
• Continuous learning and improvement approach.

About bp

bp is a global energy business with a purpose to reimagine energy for people and our planet. We aim to be a very different kind of energy company by 2030, helping the world reach net zero and improving people’s lives. We are committed to creating a diverse and inclusive environment where everyone can grow and succeed. Join bp and become part of the team building our future!

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Travel Requirement

No travel is expected with this role

Relocation Assistance:

This role is not eligible for relocation

Remote Type:

This position is a hybrid of office/remote working

Skills:

Automation system digital security, Client Counseling, Conformance review, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialism

Legal Disclaimer:

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us.

If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.