Lead OT Cybersecurity Engineer

Total Number of Openings

About the position:

The OT (Operational Technology) Cybersecurity Engineering and Innovation team is responsible for the strategic and technical direction of OT/IACS (Industrial Automated Control Systems) cybersecurity in Chevron. OT Cybersecurity Engineers support activities such as secure-by-design standardized solution and network architectures and the secure implementation of OT/IACS digital technologies across Lead OT Cyber Engineers are cybersecurity influencers functioning at the Chevron Enterprise level reaching broadly across multiple IT Foundational Platform product lines select Digital Platforms and OT/IACS Business Unit. These engineers have a grasp of business breadth along with technical depth to help stakeholders make quality cybersecurity investment decisions. This role positively impacts global cybersecurity practices in various operating assets and environments delivering on the Chevron cybersecurity integrated risk management strategy.

Key responsibilities:

Contribute to OT/IACS Cybersecurity initiatives technology projects and security programs for one or more digital platform
Contribute to the design and review of secure IACS/OT network architectures and data flows including communication between applications ports protocols and services
Contribute to the creation of OT/IACS cybersecurity guardrails and IT engineering standards to ensure OT architectures solutions and technologies across the Chevron enterprise are built using a secure-by-design methodology
Utilize industry standards and frameworks (e.g. NIST-800-53/82 IEC-62443 MITRE ATT&CK / D3FEND) to identify capabilities and technologies to provide enhanced cyber defenses in diverse scenarios
Participate in OT cybersecurity research projects. Research test and/or lead proof-of-concepts for new and emerging OT technologies
Lead or participate in cybersecurity assessments (risk vulnerability) for Chevrons Business Unit IACS designs/installations and/or emerging technology OT solutions to determine criticality rankings and risk gaps
Take an active role in the internal OT Cybersecurity Guild for knowledge transfer and mentoring and actively participate contribute and present at OT/IACS Cybersecurity forums
Some travel (up to 20%) may be required.

Required Qualifications:

1. Preferred Required education / degrees
Bachelors degree or masters degree in Information Technology Computer Science Engineering or related STEM field is preferred but not required.

2. Preferred qualifications / certifications
Certifications in Industrial Control Systems Cybersecurity or in IT Cybersecurity are highly preferred (e.g. GISCP GCIP CISSP or other similar certification)
Vendor-specific training on Operational Technology IACS equipment manufacturers and internal network systems are highly preferred.
Certifications in SAFe Scaled Agile or related scrum/agile project management framework is desirable.

3. Required work experience
Minimum 5 years related work experience in Operational Technology/Industrial Controls Systems Cybersecurity field with increasing levels of responsibility.
Hands-On experience with OT/IACS critical infrastructure in energy or similar industries preferred.

Preferred Qualifications:

4. Other preferred skills / competencies
Experience in utilizing frameworks and standards such as NIST-800-53/82 and IEC-62443 in an IACS environment
Experience with Industrial Internet of Things (IIoT) optimization Big data analytics OT integration and/or SCADA from the Cloud is preferred.
Experience in conducting and/or leading cybersecurity assessments (risk vulnerability) and creating a detailed mitigation plan and recommendations to address gaps identified
Demonstrated OT Cybersecurity project experience including leading the development of security architectures (programs) and secure network architectures (systems).
Experience in performing OT/IACS vulnerability scans passively and actively with technologies such as Tenable Nessus or NMAP scanning tools.
Understanding of threats vulnerabilities attack paths and exploits in an OT/IACS environment
Experience with selecting designing architecting and deploying security technologies to an OT/IACS environment
Ability to influence and motivate teams and work with a variety of disciplines cultures and environments.
Demonstrated ability to work effectively and communicate effectively at all levels with operations design projects vendors peers etc.
Demonstrated ability to provide leadership behaviors across enterprise through rigorous change management and compliance processes while driving efficiencies.
Knowledge of techniques and tools that promote effective analysis and the ability to determine root cause and resolution of problems.
Communicates in a clear concise understandable manner both orally and in writing.

Chevron ENGINE supports global operations supporting business requirements across the world. Accordingly the work hours for employees will be aligned to support business requirements. The standard work week will be Monday to Friday. Working hours are 8:00am to 5:00pm or 1.30pm to 10.30pm.

Chevron participates in E-Verify in certain locations as required by law.