Shell Senior Security Incident Analyst - Houston, TX in Houston, Texas

Auto req ID 53691BR

Job Title Senior Security Incident Analyst - Houston, TX

Country of Work Location United States

City, State (if applicable) Houston, Texas

Work Location Houston - One Shell Plaza

Company Description Shell is a global group of energy and petrochemicals companies with over 90,000 employees in more than 70 countries and territories. In the US, we have operated for over a century and are a major oil and gas producer onshore and in the Gulf of Mexico, a recognized innovator in exploration and production technology, and a leading manufacturer and marketer of fuels, natural gas and petrochemicals. We deliver energy responsibly; operate safely with respect to our neighbours and work to minimize our environmental impact. We are in search of remarkable people who will thrive in a diverse and inclusive work environment to deliver exciting projects locally and globally. People who are passionate about exploring new frontiers. Innovators and pioneers. People with the drive to help shape our future. Because remarkable people achieve remarkable things.

Job Description

As businesses leverage digitalization opportunities, their cyber-attack surface structurally increases, which can lead to business disruptions, data breaches and brand damage. High profile industry incidents show that these risks are real, and this has turned cyber resilience into a topic for Boards.

As part of the Information Risk Management (IRM) function in Shell, the CyberDefence capability has specific focus on identifying cyber threats, discovery of IT vulnerabilities, monitoring for cyber intrusions and response to security incidents. Shell Cyberdefence is responsible for defending Shell against advanced Cyber attacks through monitoring for advanced Cyber threats, discovery of vulnerabilities and investigating global Cyber incidents. This organization is part of the Shell ITSO Information Risk Management (IRM) function.

The Senior Incident Analyst supports Cyberdefence by performing incident response and investigations into Cyber security incidents.

As part of the CyberDefence capability the global Incident Response team has the following main area of focus:

• To respond to security incidents performing detailed investigation and limiting Business impact as much as possible.

As an Incident Analyst you are responsible for executing the Shell IRM Incident Management process:

• Operate and improve Shell Incident Response processes

• Perform investigations and execute response activities on potentially IRM (major) breaches

• Provide triage, data acquisition and advice on all incidents to rapidly diagnose problems and identify immediate treatment.

• Develop and mature use of tools to support incident investigations, harvesting and analysis.

• Drive process improvements in incidents, forensics across all supplier teams.

• Developing less experienced incident managers

• Identify process improvements and help implement

• Report on incidents to the IRM function.

Execute the Shell IRM Incident Management process

• Serve as Lead Incident manager working with a team of business stakeholders, Incident Response/forensic staff to rapidly and effectively resolve information security incidents.

• Investigate and find root causes of incidents and document the lessons learned.

• Perform IT forensics (network and/or host based) in order to determine root causes of IRM breaches.

• Track and report status and drive rapid resolution of incidents and situations involving IRM controls.

• Liaise with authorities and support investigation and prosecutions where relevant.

• Support the Incident Lead in providing timely updates to direct leadership and senior leaders. Additional duties will include continuous testing processes including development and execution of enterprise tabletop and wargame exercises (Red Button), process optimization and routine case work support.

• Ensure security incident registration and provide overviews and reporting on security incidents for stakeholders in Information Risk Management, IT and various Audit Committees.

• Act as a Senior Subject Matter Expert on incident response processes, tools and approaches to the wider team.

• Provide training, guidance and knowledge sharing to more junior Incident Analysts on key topics related to incident response.

• Identify learnings from incidents that can be included in security monitoring, identification, analysis, mitigation, post-incident activity and continuous improvement of the Information Risk incident management process.

• Participate in and/or drive projects in the CyberDefence space that are related to incident management.

Common Tool Support

• Maintain and support the toolset used for all cross-process IRM activities.

• Help develop and deploy new IRM tools in ITSO

• Support proof of concept deployments and document results

As the Senior Incident Analyst you will take the lead in the major incident response activities and support the Incident Lead in planning activities.

The Senior Incident Analyst is part of an on-call procedure to enable 24/7 response capabilities.


  • Must have legal authorization to work in the US on a full-time basis for anyone other than current employer.

  • Minimum ten (10) years’ experience in Information Security areas such as Risk management, IncidentResponse, penetration testing.

  • Demonstrable experience performing incident response and IT forensic investigations.

  • Incident Management and IT forensics skills, with the ability to communicate effectively at all levels of the Organisation.

  • Experience in IT investigations and forensic processes.

  • Proven ability to work in teams on large scale investigations.

  • Sound understanding of IT infrastructure and management processes.

  • Demonstrated evidence of Enterprise First values and behaviours.

  • Has relevant certifications such as, CISSP, SANS and preferably:

  • GCIH: GIAC Certified Incident Handler

  • GCIA: GIAC Certified Intrusion Analyst

  • GCFA: GIAC Certified Forensic Analyst

  • GREM: GIAC Reverse Engineering Malware

  • Offensive Security Certified Professional – OSCP Certification

  • Offensive Security Wireless Professional – OSWP Certification

  • Offensive Security Certified Expert – OSCE Certification

  • Offensive Security Exploitation Expert – OSEE Certification

  • Offensive Security Web Expert – OSWE Certification

  • Knowledgeable, creative and responsible IT security professional.

  • Proven analytical skills and appreciates a technical challenge.

  • Proven technical understanding of and experience with IT networks, infrastructure and applications.

  • Produces high quality deliverables in terms of both content and presentation. Examples of deliverables include: reports, presentations and reasoned arguments.

  • Develops and maintains knowledge of Cyber security and maintains an awareness of current developments.

  • Promotes transfer of knowledge and awareness of information security to those in related areas.

No. of Positions 1


Please note: We occasionally amend or withdraw Shell jobs and reserve the right to do so at any time, including prior to the advertised closing date.

Before applying, you are advised to read our data protection policy. This policy describes the processing that may be associated with your personal data and informs you that your personal data may be transferred to Royal Dutch/Shell Group companies around the world.

The Shell Group and its approved recruitment consultants will never ask you for a fee to process or consider your application for a career with Shell. Anyone who demands such a fee is not an authorised Shell representative and you are strongly advised to refuse any such demand.

Shell/Motiva participates in E-Verify.

All qualified applicants will receive consideration for employment without regard to race, color, sex, national origin, age, religion, disability, sexual orientation, gender identity, protected veteran status, citizenship, genetic information or other protected status under federal, state or local laws.

Shell is an Equal Opportunity Employer - Minorities/Females/Veterans/Disability.

Removal Date 27-Aug-2017