Cyber Threat Prevention Advisor

**What’s the role**

As a Cyber Threat Prevention Advisor in the CyberDefence SecOps team, you'll join the Vulnerability team to manage and oversee vulnerability processes, ensuring they are trackable and measurable with robust tool support. Your team will lead the implementation of these processes within ServiceNow Security Operations (SecOps), establishing standard workflows and integrating them with IT service management processes executed by Line of Defence 1 within IRM. This role leverages market-standard tools and practices to streamline the architecture by reducing dependency on Collective.

**What you’ll be doing**

Asset Discovery:

- Set-up and lead adequate discovery of new Shell IT assets in Shell's legacy IT network, RES & Portfolio companies, Cloud environments and PCD and Retail environments.
- Ensure visibility in new areas such as Internet of Things and Cloud and investigate possibilities to keep track of IT assets.

Automated Vulnerability Scanning:

- Maintain a portfolio of tools for automated vulnerability scanning with a focus on Business-Critical systems and systems that are available from the public Internet.
- Set-up regular scanning and make results available for further analytics in IRM investigation platform.
- Take appropriate action on vulnerabilities where required.

Security Posture Reporting:

- Use the results from asset discovery, vulnerability scanning, penetration testing and attack simulation to provide an overview of vulnerabilities in Shell IT landscapes for different stakeholders including IRM LT and IDSO LT.
- Take mitigating actions coming out of identified threats or vulnerabilities either directly by the team or agree the actions with other parties in Shell.

**What you bring**
- Bachelor’s degree in Computer Science, Information Technology, or related field
- 5-8 years of total experience in IT Security including at least 3-4 years of experience in Vulnerability Assessment
- Proficient in analysing network traffic using tools such as tcpdump or wireshark
- Strong experience in using open-source scanning tools such as nmap, nessus, metasploit and/or commercial tools such as Rapid7 or Qualys
- Knowledge in integrating Vulnerability Management into modern CI/CD Pipelines with 'shift-left' strategy
- Understanding of Network Security, Cloud Security, Endpoint Security, Application Security
- Understanding Cyber Threat Landscape and analyzing Threats from various sources. Assess new threats, rate threat per Shell ratings and collaborate with Threat team on new threat criticality
- Understanding of CVE id / CVSS score and metrics
- Lead security research proposals and Proof Of Concepts for Emerging Technologies and assessing Fit-For-Purpose Tools.
- Understanding of Cloud Security Posture Management (CSPM)
- Expertise in operating Application security tools like Rapid7 Appspider, Netsparker
- Knowledge on CI/CD pipeline able to understand the integration of security tools and guide the developers
- Understanding of Application security design and providing guidance to developers on secure design. Good understating of SAST/DAST concepts and process
- Knowledge of Mobile DAST scanning and vulnerabilities and remediation consultation
- Knowledge of Splunk, SecOps VR, basic querying and creating dashboards

Additional Skills (Good to have):

- PCI-DSS Compliance Scan.
- SecOps VR Module in ServiceNow.
- Linux environment experience.
- Azure/AWS Cloud Console.
- Wiz.io tool knowledge.
- Advanced Splunk skills.

**What we offer**

You bring your skills and experience to Shell and in return you work with talented, committed people on one of the most important challenges facing our planet. You’ll have the opportunity to develop the skills you need to grow in an environment where we value honesty, integrity, and respect for one another. You’ll be able to balance your priorities as you become the best version of yourself.
- Progress as a person as we work on the energy transition together.
- Continuously grow the transferable skills you need to get ahead.
- Work at the forefront of technology, trends, and practices.
- Collaborate with experienced colleagues with unique expertise.
- Achieve your balance in a values-led culture that encourages you to be the best version of yourself.
- Benefit from flexible working hours, and the possibility of remote/mobile working.
- Perform at your best with a competitive starting salary and annual performance related salary increase - our pay and benefits packages are considered to be among the best in the world.
- Take advantage of paid parental leave, including for non-birthing parents.
- Join an organisation working to become one of the most diverse and inclusive in the world. We strongly encourage applicants of all genders, ages, ethnicities, cultures, abilities, sexual orientation, and life experiences to apply.
- Grow as you progress through diverse career opportunities in national and
- international teams.
- Gain access to a wide range