Information security engineering lead

This team leads the response and management of cyber security using an intelligence-led approach for identification, mitigation, and rapid response to safeguard BP on a global scale. By applying lessons learned and data analytics, they establish engineering principles and enhance the technology stack to continuously bolster BP's cybersecurity posture.

We are looking for an Information Security Engineering Lead (Application and Offensive Security) who will lead a team managing large security data sets, developing data-driven solutions and insights, and building data integration solutions and digital automation. Our digital solutions are primarily built in the cloud using Azure and AWS, enabling quick adaptation, showcasing the latest technology, and scaling solutions globally.

You will advocate for application development, platform development, and infrastructure teams to adhere to secure design and development practices (e.g., threat modeling, technical design review, resilience testing, monitoring alerting, code review, and documentation). Additionally, you will contribute to standard processes shaping BP's security agenda and fostering a culture of excellence.

1. Provide advanced technical expertise to support information security and risk activities, designing and developing security solutions across BP's digital environments in line with current policies.
2. Support investigations and incident response processes, ensuring consistent responses to cyber threats.
3. Implement and apply relevant operating processes and procedures, ensuring compliance with standards.
4. Evolve the security roadmap to meet future requirements.
5. Create and communicate strategies for embedding and measuring security throughout the software and platform development lifecycle.
6. Develop and maintain customer relationships, delivering technical knowledge to support project delivery, collaboratively addressing challenges, and ensuring security solutions effectively protect BP against cyber risks.
7. Build awareness of technological developments, manage process and system improvements, and share best practices across the team.
8. Sponsor and mentor emerging talent, promote a culture of continuous development, and provide informal mentoring and training to junior team members.

1. 7-10+ years of leadership experience in growing and developing a security/software engineering team of 10-30 members.
2. Deep experience designing, planning, maintaining, and documenting reliable and scalable data infrastructure and cloud data products in complex environments.
3. Strong understanding of information and cybersecurity principles and methodologies.
4. Professional security certifications such as CISSP, CISM, CEH, OSCP, or equivalents are advantageous.
5. Technical leadership experience overseeing all aspects of projects.
6. Proficiency in object-oriented programming languages (Python, Scala, Java, C#) and cloud environments (AWS, Azure, Alibaba, etc.).
7. Hands-on experience across all data lifecycle stages and security technologies like SIEM, IPS/IDS, MFA, EDR, SOAR, firewalls, vulnerability scanners.
8. Knowledge of security frameworks such as CIS CSC, NIST CSF, ISO 27001, and operational proficiency with industry laws and regulations like PCI-DSS, GDPR, CCPA, SOX.
9. Strong collaboration and leadership skills, with the ability to influence both managerially and technically.
10. Commitment to continuous learning and improvement.