The Red Team analyst is charged with providing assurance by reducing the uncertainty regarding cyber detection and defense capabilities using adversarial cyber-attack & exploitation techniques. The Red Team Analyst will plan and execute engagements that test specified threat scenarios against BP’s businesses and/or internal security systems. This will involve the emulation of threat actors to discover security weaknesses in people, processes and technology. The analysts’ secondary tasks will also include utilizing technical expertise (up to and including system forensics), during cyber related investigations. This mission is critical to the protection of BP assets, our customers, the brand and shareholder value.
Engage relevant stakeholders to develop Red Team proposals, establish execution plans, and prioritize engagement using a risk-based approach
Execute testing utilizing the latest tactics, techniques and procedures of advanced adversaries
Develop final report and presentations to debrief Information Security Officers, decision makers and various business stakeholders
The role is further responsible for conducting and measuring cyber readiness and defense capability testing
Support incident investigations with forensic analysis
Certifications, Qualifications & Experience:
Formal education and degree in Information Security, Cybersecurity, Computer Science or similar and/or commensurate demonstrated work experience in the same.
Well versed in system exploits (e.g. host-based controls bypass), network exploitation (e.g. scanning, evasion, MiTM, etc. ), Wi-Fi hacking, mobile platform and application hacking (e.g. Android or IOS) or web application exploitation (SQL Injection, RFI, XSS, logic flaws, etc.)
Proven experience of vulnerability assessments or penetration testing.
Proven experience in simulating advanced cyber threats including post-compromised IOCs
Excellent communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external stakeholder groups
Experience in a liaison role, working with customers and third parties
xperience in supporting fast paced operations and working in ambiguous situations
Essential Skills: Strong experience in information systems/security including but not limited to:
Common application frameworks
Operating systems (Windows, Unix, Linux, databases.
Experience with cloud services
Strong understanding of the Cyber Kill Chain as a workflow
Strong understanding of web technologies, e.g. HTTP, HTML, CSS, forms, database connectivity
Full grasp and ability to articulate the “OWASP Top 10” and related concepts
Programming and/or scripting in multiple languages: Python, Java, PHP, Ruby, Perl, Bash, or similar languages is a plus
Membership of a technical or professional body that has confirmed an individual has reached a level of capability within a technical or professional field or Formal certification (e.g. CISSP, C|EH, GWAPT, GIAC, OSCP)
Job Title:Cyber Emergency Response Team – Red Team Analyst