Role Overview
Working with the Head of SOC, the SOC Lead – Team Lead, responsible for managing and developing a designated team of SOC Analysts.
Key Responsibilities
- Support the bp SOC as a sophisticated issue point for SOC analysts.
- Support / handle customer issues from the analyst.
- Lead technical investigations for security incidents within the SOC prior to CSIRT.
- Review data accuracy in all case management, whether in SIEM or Resilient.
- Drive implementation of new capabilities in coordination with other DS teams.
- Coordinate and develop, train and coach SOC colleagues in all technical and investigative methodologies and practices.
Incident and Case Creation and Tracking
Ensure that all identified events are promptly recorded, validated and thoroughly investigated.Ensure accurate use of Use Cases.Establish baseline and initial timeline for incidents.Security Monitoring - Detection & Response
Serve as a lead analyst and point of escalation.Coordinate immediate triage activities as required.Provide oversight and guidance to analysts.Encourage and support automation ideas.Ensure appropriate level of analysis and documentation is completed within the SOC for escalations to CSIRT.Lead SOC tours.Lead and encourage others to carry out threat hunting.Work with SDO on tuning and delivery of new in house capability.Qualifications
Bachelor’s degree in Computer Science, Business Administration or equivalent educational or professional experience and / or qualifications.CompTIA Security + certification.5 years of information security related experience, in areas such as security operations, incident analysis, incident handling, and vulnerability management or testing, log analysis, intrusion detection.Successfully operated as a Senior SOC analyst for a minimum of two years.Hands‑on experience with SIEM technologies, IDS / IPS network and host‑based firewall technologies and anti‑virus solutions.Excellent written and oral communication skills.Self‑motivated to improve knowledge and skills.Demonstrated ability to share information inside as well as outside of the CTU team.Detail oriented, with a strong desire to understand the what as well as the why and the how of security incidents.A desire to lead a team by example, assist and mentor others.Three plus years of experience in system administration and troubleshooting of Windows and (preferably) UNIX / Linux variants.Network operations capabilities including proven knowledge of underlying components of routers, switches and supporting services such as DNS and DHCP as well as proficiency in IP protocols / ports and TCP / UDP packet header and payload analysis.Able to think beyond the immediate situation and use critical thinking, context and judgment in the analysis of complex data sets and events. Actions will vary but most often will require development of a course of action or response to identified threats.Ability to work under pressure including crisis situations while maintaining a high degree of attention to detail.Experience responding to customer requests including senior management and executives.Ability to quickly learn and adapt to new technologies and processes in a rapidly changing environment.About bp
bp is a global energy business with a purpose to reimagine energy for people and our planet. We aim to be a very different kind of energy company by 2030, helping the world reach net zero and improving people’s lives. We are committed to creating a diverse and inclusive environment where everyone can thrive. Join bp and become part of the team building our future!
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
#J-18808-Ljbffr