Job
Description
Grade HResponsible for supporting information security and risk activities for the specialism, using sound technical capabilities to review and adjust information security processes, supporting the delivery of security solutions, recommending improvements to security strategies and managing external service providers, as required. Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security. Entity: Technology ITS Group You will work with This team drives the response and management of cyber incidents, using an intelligence-led approach for identification, mitigation, and rapid response to safeguard bp on a global scale. By applying lessons learned and data analytics, they establish engineering principles and enhance the technology stack to continuously bolster bps cybersecurity posture. Let me tell you about the role We are looking for Information Security Engineering Specialist (Application Security) who will be accountable for supporting the management of large security data sets, developing data-driven solutions and insights, and building data integration solutions and digital automation. We build digital solutions primarily in the cloud using Azure and AWS, so we can adapt quickly, demonstrate the latest technology, and scale our solutions globally. You will advocate that application development, platform development, and infrastructure teams adhere to secure design and development practices (e.g., threat modeling, technical design review, resilience testing, monitoring alerting, code review, and documentation) You will also contribute to standard processes that will help shape bp s security agenda and create a culture of excellence. What you will deliver Provide technical expertise in support of information security and risk activities specific to the specialism to achieve objectives e.g. designing and developing security solutions to work across bp s digital environments that are consistent with current policies. Maintain and improve the security aspects of the SDLC to help software engineering teams create products secure by design. Develop and promote guidelines for secure API and cloud-native applications. Maintain systems that are designed to uncover code vulnerabilities and provide remediation insights. Integrate security processes, such threat modeling, static/dynamic analyses, and code reviews Deliver the implementation and application of relevant operating processes and procedures, and ensure all activities adhere to the relevant standards. Evolve the security roadmap to meet anticipated future requirements and needs. Create and articulate materials on how to embed and measure security throughout the software and platform development lifecycle. Develop and maintain a series of internal and external collaborator relationships, delivering advanced technical knowledge to support project delivery, cooperatively identify key challenges and ensure that security solutions successfully protect bp against cyber risks. What you will need to be successful (experience and qualifications) Seasoned security professional with 3+ years delivering security engineering services and/or building security solutions within a complex organization. Firm foundation of information and cyber security principles and standard processes. Solid knowledge in application security concepts (OWASP Top 10, secure coding best practices, common vulnerabilities, etc). Professional and technical security certifications such as CISSP, CISM, GEVA, CEH, OSCP or equivalent are a plus. Development experience in one or more object-oriented programming languages (e.g., Python, Scala, Java, C#) and/or cloud environments (including AWS, Azure, Alibaba, etc.) Practical experience with code scanning tools (SAST, DAST, SCA) Experience with CI/CD pipelines and DevSecOps tools to automate security checks and integrate them into the development workflow. Operational proficiency in frameworks such as CIS CSC, NIST CSF, NIST 800-53, ISO 27001, etc. Foundational knowledge of security standards, industry laws, and regulations such as Payment Card Industry Data Security Standards (PCI-DSS), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Sarbanes-Oxley (SOX) Continuous learning and improvement approach. About bp bp is a global energy business with a purpose to reimagine energy for people and our planet. We aim to be a very different kind of energy company by 2030, helping the world reach net zero and improving people s lives. We are committed to creating a diverse and inclusive environment where everyone can grow and succeed. Join bp and become part of the team building our future! We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Travel Requirement Up to 10% travel should be expected with this role Relocation Assistance: This role is eligible for relocation within country Remote Type: This position is a hybrid of office/remote working Skills:
