Senior OT Cybersecurity Engineer

Chevron’s strategy is straight-forward: be a leader in efficient and lower carbon production of traditional energy, in high demand today and for decades to come, while growing lower carbon businesses that will be a bigger part of the future. To achieve these goals, we’ll build on the assets, experience, capabilities, and relationships we’ve developed over 140 years to incubate and grow new business. 

Technology will play a crucial role in unlocking ever cleaner and more affordable sources of energy. Chevron is seeking innovative, technology professionals with a desire to thrive in the global digital environment and help us lead the global energy transition. An IT career at Chevron offers you the opportunity to work in a technical environment with a global reach. You’ll find that we make a business of investing in our people and encouraging your professional development through a learning culture and challenging on-the-job opportunities. We differentiate ourselves through the application of cutting-edge technology, and by taking a collaborative approach that includes in-house expertise, proprietary solutions, and strategic partnerships. We also offer flexible work schedules and very competitive benefits. 

Join Chevron IT. Lend us your skills and enjoy a great career with Chevron.  

The OT Cyber Engineering and Innovation team is responsible for the strategic direction OT/ICS cybersecurity in Chevron. OT Cybersecurity Engineers support activities such as secure-by-design, standardized network architectures, and the secure implementation of OT/ICS digital technologies across Chevron.

OT Cyber Engineers are cybersecurity influencers functioning at the Chevron Enterprise level, reaching broadly across all platforms, all IT Foundational Platform product lines, select Digital Platforms, and OT/ICS Business Unit teams. These engineers have a grasp of business breadth, along with technical depth to help stakeholders make quality cybersecurity investment decisions.

This role positively impacts global security practices, in various operating assets and environments, delivering on the Chevron cybersecurity integrated risk management strategy.

The Role

• Contribute to developing strategic OT/ICS Cybersecurity initiatives, technology projects and security programs across the Chevron Enterprise globally

• Contribute to the design and review of secure ICS/OT network architectures and data flows including communication between applications, ports, protocols, and services

• Contribute to the creation of OT/ICS cybersecurity guardrails to ensure all OT architectures, solutions and technologies across the Chevron enterprise are built using a secure-by-design methodology

• Set cybersecurity expectations with governance boards, responsible for decision authority on policies, architecture, internal standards, guardrails, and initiatives for OT Cybersecurity

• Utilize industry standards and frameworks (e.g., NIST-800-53/82, ISA/IEC-62443, MITRE ATT&CK / D3FEND), to identify capabilities and technologies to provide enhanced cyber defenses in diverse scenarios

• Develop OT security research project proposals for consideration by external energy industry organizations or internal research portfolios. Research, test, and/or lead proof-of-concepts for new and emerging OT technologies

• Lead cybersecurity risk assessments for Chevron’s Business Unit ICS/PCN designs/installations and/or emerging technology OT solutions to determine criticality rankings and risk gaps

• Lead OT cybersecurity assessments including detailed design reviews, system and component descriptions, identification and selection of evaluation criteria, network topology reviews, mapping of data flows to ports, protocols, and services tables

• Safely support vulnerability scanning of OT/ICS including the qualified use of common scanning technologies and practices of new technologies

• Provide recommendations and plans to mitigate identified issues from OT/ICS cybersecurity and risk assessments, ICS Vulnerability assessments, and OT Pen tests

• Lead or participate in industry standard committees, customer advisory councils, and/or technology joint industry projects (JIPs) for OT/ICS environments

• Influence stakeholders at an enterprise level on OT Cyber initiatives.

• Provide subject matter leadership in cybersecurity infrastructure during cyber incidents, response, and remediation.

• Take a technical leadership role in the internal OT Cybersecurity Guild, for knowledge transfer and mentoring, and actively participate, contribute, and present to other OT/ICS Cybersecurity forums/conferences (both internal and external).

• Some travel (up to 20%) may be required.

As a Senior OT Cybersecurity Engineer you will:

• Lead OT cybersecurity, and secure by design assessments including detailed design reviews, system and component descriptions, identification and selection of evaluation criteria, network topology reviews, mapping of data flows to ports, protocols, and services tables 

• Contribute to the creation of OT/ICS cybersecurity guardrails to ensure all OT architectures, solutions and technologies across the Chevron enterprise are built using a secure-by-design methodology

• Contribute to the design and review of secure ICS/OT network architectures and data flows including communication between applications, ports, protocols, and services

• Lead cybersecurity risk assessments for Chevron’s Business Unit ICS/PCN designs/installations and/or emerging technology OT solutions to determine criticality rankings and risk gaps

• Safely support vulnerability scanning of OT/ICS including the qualified use of common scanning technologies and practices of new technologies

• Provide recommendations and plans to mitigate identified issues from OT/ICS cybersecurity and risk assessments, ICS Vulnerability assessments, and OT Pen tests

• Influence stakeholders at an enterprise level on OT Cyber initiatives. 

• Provide subject matter leadership in cybersecurity infrastructure during cyber incidents, response, and remediation.  

Requirements

Experience

• Minimum 5 years related work experience in Operational Technology/Industrial Controls Systems Cybersecurity field with increasing levels of responsibility.  

• “Hands-On” experience with OT/ICS critical infrastructure in energy or similar industries preferred.

• Experience in utilizing frameworks and standards such as NIST SP 800-53/82 and IEC-62443 in an ICS environment  

• Experience in conducting and/or leading cybersecurity assessments (risk, vulnerability) and creating a detailed mitigation plan and recommendations to address gaps identified

• Experience in performing OT/ICS vulnerability scans, passively and actively with technologies such as Tenable Nessus or NMAP scanning tools. 

• Experience with selecting, designing, architecting, and deploying security technologies to an OT/ICS environment 

• Demonstrated OT Cybersecurity project experience including leading the development of security architectures (programs) and secure network architectures (systems).

Skills

• Demonstrated understanding of OT/ICS critical infrastructure in energy or similar industries including and understanding of threats, vulnerabilities, attack paths and exploits in an OT/ICS environment.

• Proficiency in OT/ICS network design and building network architecture drawings.

• Demonstrated ability to influence others, work effectively, and communicate effectively at all levels with operations, design, projects, vendors, peers, etc. 

• Demonstrated ability to provide leadership behaviors across enterprise through rigorous change management and compliance processes, while driving efficiencies. 

• Knowledge of techniques and tools that promote effective analysis and the ability to determine root cause and resolution of problem.

• Communicates in a clear, concise, understandable manner both orally and in writing.

• Hands on use of cybersecurity technologies such as network mapping and vulnerability scanning in OT/ICS environments preferred, but not required.

• Familiarity with Cloud and OT/ICS integration is preferred, but not required.

Education

• Bachelor’s degree or master’s degree in information technology, Computer Science, Engineering, or related STEM field is preferred, but not required.

• Cybersecurity certification such as the CISSP, CISA, GICSP, or ISA Secure, is preferred, but not required.

Flexible Working

Chevron offers a complete package and provides career development opportunities to all employees. We do this through on-boarding, training and development, mentoring, volunteering opportunities and employee networking groups. We advocate work-life balance and offer employees access to various health and wellness programs.

 What type of flex work does the position offer?

• ☒  We offer alternative work schedules including 9/80 (work 9-hour days, with every other Friday off)

• ☒  We offer a hybrid work model - work remotely from home 2-3 days a week

Relocation & International Considerations

• Relocation [☒  will not be] considered.

• Expatriate assignments [  ☐  may / will not be  ☒  ] considered.

Chevron regrets that it is unable to sponsor employment Visas or consider individuals on time-limited Visa status for this position.

Working with us

Chevron is one of the world’s leading integrated energy companies. We believe affordable, reliable and ever-cleaner energy is essential to achieving a more prosperous and sustainable world. Chevron produces crude oil and natural gas; manufactures transportation fuels, lubricants, petrochemicals and additives; and develops technologies that enhance our business and the industry. We are focused on lowering the carbon intensity in our operations and seeking to grow lower carbon businesses along with our traditional business lines. More information about Chevron is available at www.chevron.com.

Benefits

Chevron offers competitive compensation and benefits programs which includes, but is not limited to, variable pay, healthcare coverage, retirement plan, insurance, time off programs, training and development opportunities and a range of allowances connected to specific work situations. Details of such benefits and allowances are available at https://hr2.chevron.com/.

The compensation and reference to benefits for this role is listed on this posting in compliance with Colorado law. The selected candidate’s salary will be determined based on his or her skills, experience, and qualifications.