The SOC Analyst is responsible for monitoring multiple security technologies using the ArcSight Security Information and Event Management (SIEM) tool to detect IT security incidents. The analyst will follow detailed operational processes and procedures to appropriately analyze, escalate, and assist in remediation of critical information security events and incidents.
Will monitor multiple security technologies, including the ArcSight ESM SOC Main Channel, IDS, HIPS, Windows AD event logs, syslog, anti-virus, file integrity, and vulnerability scanners for security events.
Must evaluate and investigate detected security events to determine if they represent significant security incidents and require some level of response.
Must have an understanding of the functionality and technology of existing systems as well as an understanding of business critical applications and potential for issues.
Must have a general view of the current state of information security threats and vulnerabilities across the globe as well as within a large multi-national corporation.
Follow detailed operational process and procedures to appropriately analyze, escalate, and assist in remediation of critical information security events and incidents.
Work with the respective security engineering team member to develop and refine additional monitoring content and Use Cases.
Provide 24x7 Operational support; on a rotating 12hr shift schedule (includes overnight shifts).
Essential experience and job requirements
5 plus years experience in one of the following:
Network operations or engineering
System administration on UNIX, Linux, or Windows
IT Security related field of work
Proficient in the operation and troubleshooting of computer operating systems such as Windows (old and new) and Linux/UNIX.
Proficient knowledge and understanding of IP protocols and ports, including TCP/UDP packet header and payload analysis.
Working experience with Arcsight ESM including Active Channel creation, event monitoring, event correlation, and event management under a documented process framework and methodology.
Experience with testing intrusion detection rules to validate the operation and expected results. Experience rewriting Snort rules and verifying their correct operation.
Available to work shifts, including nights, weekends, and holidays.
History of working under crisis or with incidents in various situations.
Experience with change management processes, procedures, and ticketing systems.
Information security experience or expertise, including an understanding and awareness of the actors, their motivation, methodologies, and tactics.
Awareness of the threat environment faced by multi-national oil, gas, petrochemical corporation.
Experience in analyzing intrusion events in a large enterprise environment.
Other Requirements (e.g. Travel, Location)
Individual must be a self-starter with the ability to multi-task and work within a high performance team. Willingness to coach and mentor other team members.
Willingness to acquire in-depth knowledge of network and host security technologies and products (such as firewalls, Network IDS and scanners) and desire to continuously improve these skills.
Must have the ability to quickly learn, understand and utilize new technologies.
Strong written and verbal communication skills.
Hands on experience analyzing or reviewing events from firewalls, IDS, HIPS, Windows AD event logs, syslog, anti-virus, virtual machines, file integrity, and vulnerability scanners.
Knowledge of and experience with penetration testing technologies and methodologies.
Desirable criteria & qualifications
1-2 years of information security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, network and firewall administration.
Professional certifications such as CISSP, GCIH, GCIA and Security Plus.
BS Computer Science preferred, but not required.
Is this a part time position?
Our business is the exploration, production, refining, trading and distribution of energy. This is what we do, and we do it on a truly global scale. BP operates with business activities and customers in more than 80 countries across six continents. Every day, we serve millions of customers around the world. We are continually looking for talented, committed and ambitious people to help us shape the face of energy for the future.
BP is one of the three largest energy companies in the world, operating in over 100 countries across 6 continents. Information Technology & Services (IT&S), provides a full range of IT services to BP's global business segments.
IT&S plays a critical role in the delivery of defined world-class operational services that BP businesses can rely upon in support of their own performance. Our specific accountabilities include the delivery of services to specified target levels, including availability, recoverability and cost to the corporation. These services must also be delivered safely and secured against the growing risk of viruses and other security threats.
We aim to benchmark our performance favorably against a defined peer group of the world's best and intend to deliver our services with professionalism to rival any major business corporation in the world - this is what we mean by being 'World Class'. To achieve this exciting level of performance will require a commensurate level of enthusiasm, commitment and expertise in our people.
Corporate & Functions
[ "23-Nov-2016" ]
A little about us:
One of the world's leading international oil & gas companies, BP employs over 80,000 talented minds in 80 countries, fostering innovation & diversity.