Senior Cyber Security Analyst

Job Title: Senior Cyber Security Analyst

Department:   Technology & Operations | IT | Cybersecurity

Reporting to: Cyber Security Lead

Location: London

About Lightsource bp

Lightsource bp is a global leader in the development and management of solar energy projects. We are a 50:50 joint venture with bp with a mission to help drive the world’s transition to low carbon energy.

With solar set to increase tenfold in the next 20 years, we are well-positioned to capitalize on this growth. By joining the Lightsource bp team, you will ‘be the change’ on the world’s energy transition to a more sustainable future.

We pride ourselves on our entrepreneurial spirit as we continue to push the boundaries of an ever-changing energy landscape. By choosing a career with us, you can expect a challenging and fulfilling role surrounded by people who are passionate and have brilliant ideas about sustainable technology, innovation and making the world a better place.

What You’ll do (the role)

Summary

We are looking for a dynamic, hands-on senior analyst who will be responsible for monitoring cyber risk and facilitating the remediation of identified vulnerabilities for IT systems across Lightsource bp. The ideal candidate will have extensive experience in cybersecurity, a strong understanding of threat landscapes, and the ability to mentor junior analysts. This role will leverage global resources and tools to develop business cyber maturity, with a strong focus on the Microsoft security stack.

• Continually monitor the organization’s security systems and related infrastructure for signs of compromise
• Proactively make use of available toolsets such as Azure Sentinel, Defender XDR, Cisco Secure Access, Purview and Tenable to hunt for issues, using threat intelligence relevant to the organisation
• Assess new threats to the business, seeking to optimise existing technology to better counter the issues identified
• Identify vulnerabilities in our systems and applications, working alongside Infrastructure, Digital Workplace and Support teams to proactively patch and remediate in a timely manner
• Working via Cyber Security Managers, communicate to stakeholders around the business and provide timely updates during an investigation.
• Ensure all security events are investigated and documented to completion
• Support the development and enforcement of cloud security policies, standards and procedures. Ensure alignment with industry standards (e.g., NIST, CIS), regulations, and best practices.

Core Responsibilities

• Threat detection, investigation and incident response
• Managing the core SecOps tooling platforms, ensuring they are correctly configured and maximizing security value from existing investments
• Understand the key risks the organisation faces, the key tactics techniques and procedures that likely threat actors will use and create mitigation options to overcome them.
• Designing, producing and maintaining high quality configuration documentation for all technologies in your area of responsibility
• Generate reports for both technical and non-technical staff and stakeholders
• Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues

Who we’re looking for

Knowledge

• SIEM – Azure Sentinel, Defender XDR, Defender for Cloud, Defender for Cloud Apps, Defender EASM, Copilot for Security
• Vulnerability Management – Defender XDR, Tenable IO/Nessus, Defender EASM
• EDR – Defender for Endpoint, Defender for IoT and Crowdstrike
• SSE - Cisco Secure Access (Umbrella)
• Data Governance – Purview
• IDAM - Entra
• Device Management - working understanding of Intune including MDM/MAM
• Networking/Firewalls – exposure to Cisco FirePower and Cisco Meraki desirable
• Good understanding of ISO27001 and Cyber Essentials Plus requirements required
• Knowledge of NIST Cyber Security Framework required
• Knowledge of NERC CIP and/or SOCI standards desirable
• Knowledge of IEC 62443 OT standard desirable
• ITIL Knowledge - Good understanding of ITIL principles and their application required

Qualifications

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• Azure Security Engineer (AZ-500), Certified Cyber Professional (CCP), Certified Information Systems Security Professional (CISSP), CompTIA Security+, GCIA, GCIH

Experience

• Extensive experience in managing and utilizing Azure Sentinel, Defender XDR, Defender for Cloud Apps and Defender for Cloud/EASM
• At least five years’ experience in security incident handling and security incident response
• Demonstratable experience of working in an Azure focused cloud environment.
• Proven experience of understanding and responding to cyber threats
• Expertise in information security technologies: Firewalls, intrusion detection, vulnerability assessment tools, logging solutions, gateway security products, end-point security products, authentication mechanisms, etc.
• Experience of the Cyber Kill Chain, MITRE ATT&CK and other information security defence and intelligence frameworks.
• OT Cyber Security experience is desirable but not required
• Experience in stakeholder management and engagement to C-Suite level.
• Experience working for Critical National Infrastructure (CNI) Organisations

What challenges can you expect in this role?

• Required to interface with multiple business areas
• Global focus with an expanding workforce, technology stack and small team of talented individuals geographically spread
• Continued convergence of IT and OT worlds, creating new challenges in security
• Growing requirement to understand different regulations worldwide and how they impact on cyber security demands.

Why you’ll make a great member of the team

Personal qualities

• Enjoys being the subject matter expert (SME) and being proactive in pushing improvement opportunities, ability to interact with multiple functions and teams worldwide
• A genuine enthusiasm and passion for Cyber Security
• Ability to deal calmly with pressurized situations
• Enjoys the challenge of working for an exciting fast-paced organization that is truly global in scope
• Identifies with our core values

Why you’ll want to work for us

Our company is a place where you can be yourself and grow; a place where your ideas and opinions matter.

Be you

We pride ourselves on being an inclusive community, where every individual is valued and treated with respect.

Be responsible

Our culture is driven by our core values. From operating safely to ensuring our solar projects are responsible and promote biodiversity. 

Be recognized

Alongside a competitive salary, we offer a variety of benefits including annual bonus, retention bank, health insurance, pension and other local benefits.

Be inspired

Beyond your day-to-day working life at Lightsource bp, there’s a variety of initiatives that will contribute to your own personal development. Initiatives to get involved with including our charitable causes, supporting our solar honey project or our net-zero by 2025 campaign.

Our Core Values

Lightsource bp truly cares about creating a sustainable future through safe, responsible and meaningful low carbon energy projects. Our core values of Safety, Integrity, Respect, Sustainability and Drive are the guiding principles for everything we do. 

https://www.lightsourcebp.com/careers/