Industrial Control Systems (ICS) Security Specialist

Entity:

Job Family Group:

Job Description:

About us
Our purpose is to bring together people, energy and markets to power and navigate a changing world. In a time of constant change and possibility we need new talent to pursue commercial opportunities, fueled by world-class insight and expertise. We’re always striving for more innovative digital solutions, sustainable outcomes and closer collaboration across our company and beyond, and you could be part of that too. Together we continue to grow as the world’s leading energy company!
Role Overview

The Industrial Control Systems (ICS) Security Specialist is a hands‑on security specialist within the global Process Control Network (PCN) centralized security service. The role focuses on the deployment, operation, monitoring, and continuous improvement of Intrusion Detection Systems (IDS) and supporting security controls across industrial and operational technology (OT) environments.

The analyst works closely with Digital Security (DS) leaders, the Security Operations Center (SOC), and regional PCN teams to support effective monitoring, threat detection, incident response, and service reliability.

Key Responsibilities

IDS Operations & Security Monitoring

• Deploy, operate, and maintain IDS solutions within PCN / OT environments, including Microsoft‑based IDS technologies.
• Monitor IDS alerts and security telemetry, using Azure‑based reporting and analytics platforms such as Azure Data Explorer (ADX).
• Tune and optimize IDS use cases to improve detection accuracy and reduce false positives.
• Monitor network traffic patterns and security events to identify potential threats and anomalous behavior.

Threat Hunting & Incident Response

• Perform operational threat hunting activities across PCN environments.
• Investigate detected security events to determine severity, impact, and required response.
• Support incident response and investigation activities in collaboration with the SOC, including post‑incident analysis.
• Execute incident response and notification activities in alignment with the Global BP Digital security incident management process.

Security Analysis & Tooling

• Analyze security events using enterprise tools, including firewalls, Windows Active Directory event logs, syslog, antivirus platforms, file integrity monitoring, vulnerability scanners, and IDS tooling.
• Perform detailed traffic analysis, configuration review, and event correlation to support accurate issue identification and root cause analysis.
• Support evaluation and adoption of new or enhanced Microsoft security capabilities for PCN use cases.

Operational Improvement & Automation

• Contribute to tool integration, scripting, and DevSecOps‑oriented automation (including API‑based solutions where applicable).
• Develop and maintain operational procedures, runbooks, and documentation for IDS and security services.
• Support automation of routine tasks such as reporting, data collection, and operational health checks to improve efficiency and analytical focus.
• Suggest and contribute to improvements in monitoring content and security use cases in collaboration with senior team members.

Collaboration & Stakeholder Engagement

• Work closely with Digital Security (DS) leaders across global PCN environments to support investigations and site‑specific security needs.
• Collaborate with OT, PCN, IT security teams, vendors, and the SOC to support secure and reliable operations.
• Participate in cross‑regional coordination, shift handovers, and follow‑the‑sun operational support.
• Contribute to structured knowledge sharing and ongoing enablement of regional teams.

Skills & Capabilities

• Hands‑on experience supporting cybersecurity controls within PCN, OT, or ICS environments
• Practical knowledge of IDS technologies in industrial networks (Microsoft IDS preferred)
• Experience with Microsoft security technologies and Azure security services
• Azure Data Explorer (ADX) for log ingestion, querying, and analytics
• Working knowledge of Kusto Query Language (KQL) for log analysis and threat hunting (preferred)
• Experience supporting SOC workflows and incident handling processes
• Understanding of OT / PCN constraints, including safety, availability, and reliability requirements
• Strong collaboration, documentation, and technical communication skills

Behavioral Expectations

• Demonstrates strong collaboration with technical and non‑technical stakeholders across regions
• Operates with professionalism and integrity in line with company policies and Code of Conduct
• Proactively identifies opportunities to improve monitoring, detection, and operational efficiency
• Takes ownership of assigned activities and delivers reliably within defined processes

Why join bp:
At bp, we support our people to learn and grow in a diverse and challenging environment. We believe that our team is strengthened by diversity. We are committed to encouraging an inclusive environment in which everyone is respected and treated fairly.
There are many aspects of our employees’ lives that are meaningful, so we offer benefits to enable your work to fit with your life. These benefits can include flexible working options, a generous paid parental leave policy, and excellent retirement benefits, among others!
 

Travel Requirement

Relocation Assistance:

Remote Type:

Skills:

Legal Disclaimer:

We are an equal opportunity employer. We do not discriminate on the basis of protected characteristics like race, religion, color, sex, national origin, sexual orientation, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us.
If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.