bp are looking for two Red Team Analysts to join us in our Sunbury offices on a permanent basis, working within our Cyber Emergency Response Team.
You'll be responsible for providing assurance by reducing the uncertainty regarding cyber detection and defence capabilities using adversarial cyber-attack & exploitation techniques. The Red Team Analyst will plan and execute engagements that test specified threat scenarios against bp's businesses and/or internal security systems. This will involve the emulation of threat actors to discover security weaknesses in people, processes and technology. The secondary tasks will also include utilizing technical expertise (up to and including system forensics), during cyber related investigations. This mission is critical to the protection of bp assets, customers, brand and shareholder value.
These will be working Monday-Friday and will involve international travel up to 20% of the year.
- Engage relevant stakeholders to develop Red Team proposals, establish execution plans and prioritize engagement using a risk-based approach
- Execute testing utilizing the latest tactics, techniques and procedures of advanced adversaries
- Develop final report and presentations to debrief Information Security Officers, decision makers and various business stakeholders
- The role is further responsible for conducting and measuring cyber readiness and defense capability testing
- Support incident investigations with forensic analysis.
- Formal education and degree in Information Security, Cybersecurity, Computer Science or similar and/or commensurate demonstrated work experience in the same
- Well versed in system exploits (e.g. host-based controls bypass), network exploitation (e.g. scanning, evasion, MiTM, etc. ), Wi-Fi hacking, mobile platform and application hacking (e.g. Android or IOS) or web application exploitation (SQL Injection, RFI, XSS, logic flaws, etc.)
- Proven experience of vulnerability assessments or penetration testing
- Excellent communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external stakeholder groups
- Programming and/or scripting in multiple languages: Python, Java, PHP, Ruby, Perl, Bash, or similar languages
- Membership of a technical or professional body or formal certification (e.g. CISSP, C|EH, GWAPT, GIAC, OSCP).
New service from OilVoice
is for companies who need to track their staff in areas of risk.
It's free to use, so we invite you to try it