The Senior IT Cybersecurity Engineer is responsible for the technical design of IT cybersecurity architectural guidelines and standards, as well as the secure implementation of IT digital technologies across platforms and product lines in Chevron. The primary responsibility is to assure IT solutions are secure by design, and continuously improving our defenses as threats and technologies change. The expectation for this role is 5-10 years of relevant experience.
Key Responsibilities
Responsibilities include but are not limited to:
- Enable digital transformation by ensuring secure-by-design principles are incorporated in the IT digital capabilities across the enterprise.
- Establish cybersecurity governance for IT technologies across all technology functions
- Lead security research proposals and proofs of concept for emerging technologies
- Consult as a subject matter expert on cybersecurity risk assessments for IT technologies
- Define cybersecurity architectures for IT solutions
- Serve as a subject matter expert in one or more cybersecurity domains, including, but not limited to, Network Security, Cloud Security, Endpoint Security, Application Security, Data Security, and Identity and Access Management.
Required Qualifications
- Proficiency in SAST/DAST/IAST/MAST tools and techniques.
- Strong understanding of OWASP Top 10, Secure SDLC, and secure coding practices.
- Perform threat modeling and attack surface analysis during design and development phases.
- Secure SDLC: Deep understanding and application of secure software development lifecycle practices.
- Secure Coding: Adherence to language-specific secure coding standards, participation in code reviews, and development of reusable security components.
- Threat Modeling: Interpretation and feedback on threat models and attack surface analysis.
Preferred Qualifications
- Knowledge of industry-accepted cyber security frameworks such as NIST 800-53, MITRE ATT&CK, and the Cyber Kill Chain.
- Experience in conducting and/or leading cybersecurity assessments (risk, vulnerability) and creating a detailed mitigation plan and recommendations to address gaps identified
- Ability to influence and motivate teams, and work with a variety of disciplines, cultures, and environments.
- Demonstrated ability to work effectively, and communicate effectively at all levels with operations, design, projects, vendors, peers, etc.
- Communicates in a clear, concise, understandable manner both orally and in writing.
