Summary

We are looking for a dynamic, hands-on senior analyst who will be responsible for monitoring cyber risk and facilitating the remediation of identified vulnerabilities for IT systems across Lightsource bp. The ideal candidate will have extensive experience in cybersecurity, a strong understanding of threat landscapes, and the ability to mentor junior analysts. This role will leverage global resources and tools to develop business cyber maturity, with a strong focus on the Microsoft security stack.

Continually monitor the organization’s security systems and related infrastructure for signs of compromise Proactively make use of available toolsets such as Azure Sentinel, Defender XDR, Cisco Secure Access, Purview and Tenable to hunt for issues, using threat intelligence relevant to the organisation Assess new threats to the business, seeking to optimise existing technology to better counter the issues identified Identify vulnerabilities in our systems and applications, working alongside Infrastructure, Digital Workplace and Support teams to proactively patch and remediate in a timely manner Working via Cyber Security Managers, communicate to stakeholders around the business and provide timely updates during an investigation. Ensure all security events are investigated and documented to completion Support the development and enforcement of cloud security policies, standards and procedures. Ensure alignment with industry standards (e.g., NIST, CIS), regulations, and best practices.

Core Responsibilities

Threat detection, investigation and incident response Managing the core SecOps tooling platforms, ensuring they are correctly configured and maximizing security value from existing investments Understand the key risks the organisation faces, the key tactics techniques and procedures that likely threat actors will use and create mitigation options to overcome them. Designing, producing and maintaining high quality configuration documentation for all technologies in your area of responsibility Generate reports for both technical and non-technical staff and stakeholders Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues

Who we’re looking for

Knowledge

SIEM – Azure Sentinel, Defender XDR, Defender for Cloud, Defender for Cloud Apps, Defender EASM, Copilot for Security Vulnerability Management – Defender XDR, Tenable IO/Nessus, Defender EASM EDR – Defender for Endpoint, Defender for IoT and Crowdstrike SSE - Cisco Secure Access (Umbrella) Data Governance – Purview IDAM - Entra Device Management - working understanding of Intune including MDM/MAM Networking/Firewalls – exposure to Cisco FirePower and Cisco Meraki desirable Good understanding of ISO27001 and Cyber Essentials Plus requirements required Knowledge of NIST Cyber Security Framework required Knowledge of NERC CIP and/or SOCI standards desirable Knowledge of IEC 62443 OT standard desirable ITIL Knowledge - Good understanding of ITIL principles and their application required

Qualifications

Bachelor’s degree in Computer Science, Information Security, or a related field. Azure Security Engineer (AZ-500), Certified Cyber Professional (CCP), Certified Information Systems Security Professional (CISSP), CompTIA Security+, GCIA, GCIH

Experience

Extensive experience in managing and utilizing Azure Sentinel, Defender XDR, Defender for Cloud Apps and Defender for Cloud/EASM At least five years’ experience in security incident handling and security incident response Demonstratable experience of working in an Azure focused cloud environment. Proven experience of understanding and responding to cyber threats Expertise in information security technologies: Firewalls, intrusion detection, vulnerability assessment tools, logging solutions, gateway security products, end-point security products, authentication mechanisms, etc. Experience of the Cyber Kill Chain, MITRE ATT&CK and other information security defence and intelligence frameworks. OT Cyber Security experience is desirable but not required Experience in stakeholder management and engagement to C-Suite level. Experience working for Critical National Infrastructure (CNI) Organisations

What challenges can you expect in this role?

Required to interface with multiple business areas Global focus with an expanding workforce, technology stack and small team of talented individuals geographically spread Continued convergence of IT and OT worlds, creating new challenges in security Growing requirement to understand different regulations worldwide and how they impact on cyber security demands.

Why you’ll make a great member of the team

Personal qualities

Enjoys being the subject matter expert (SME) and being proactive in pushing improvement opportunities, ability to interact with multiple functions and teams worldwide A genuine enthusiasm and passion for Cyber Security Ability to deal calmly with pressurized situations Enjoys the challenge of working for an exciting fast-paced organization that is truly global in scope Identifies with our core values

Why you’ll want to work for us

Our company is a place where you can be yourself and grow; a place where your ideas and opinions matter.

Be you

We pride ourselves on being an inclusive community, where every individual is valued and treated with respect.

Be responsible

Our culture is driven by our core values. From operating safely to ensuring our solar projects are responsible and promote biodiversity.

Be recognized

Alongside a competitive salary, we offer a variety of benefits including annual bonus, retention bank, health insurance, pension and other local benefits.

Be inspired

Beyond your day-to-day working life at Lightsource bp, there’s a variety of initiatives that will contribute to your own personal development. Initiatives to get involved with including our charitable causes, supporting our solar honey project or our net-zero by 2025 campaign.

Our Core Values

Lightsource bp truly cares about creating a sustainable future through safe, responsible and meaningful low carbon energy projects. Our core values of Safety, Integrity, Respect, Sustainability and Drive are the guiding principles for everything we do.