Lead Cyber Security Engineer

Total Number of Openings

1

About the position

The Chevron ENGINE – This role is responsible for network security operations, ensuring that network security devices are configured and maintained according to a least privileged access approach. The primary responsibility of the [Network Security Compliance Engineer] is to assure network infrastructure devices meet secure by design principles, leveraging secure network protocols and communications. The [Network Security Compliance Engineer] demonstrates behaviors that align with the Chevron Way and is an active champion of Operational Excellence. Additional responsibilities include but are not limited to: ensuring compliance with cybersecurity governance for network security technologies; responsible for ensuring that network security practices comply with industry standards (NIST Cybersecurity Framework) and regulatory requirements; implementing architectures for network security solutions; enabling digital transformation by ensuring alignment with secure-by-design principles of network security devices across the enterprise.

Key responsibilities:

• Design, implement, and maintain business and industrial communication solutions to solve and maintain compliance and cyber requirements and problems.
• Participate in the design, implementation and troubleshooting of our network infrastructure with a focus on cyber, compliance and secure by design.
• Work closely with PO's, Operations Mgr., Risk Managers, MSP's, Cybersecurity and Vendors resolve, remediate and maintain a strong compliance stance within the Network.
• Analyzes network security needs and designs solutions that meet business requirements for protection, standardization, efficiency, scalability, supportability, and cost-effectiveness. Contributes to lifecycle activities.
• Gather requirements and interact with multiple internal and external stakeholders to design and engineer our network infrastructure to support Network products.
• Create technical design documentation and implementation/test plans. Provide comprehensive tier-3 support for the operational teams, this includes working with and coordinating vendors and service providers.
• Interact with global peers within the network design, operation and across other support teams to support change implementations and solve challenging escalated problems. Implement and maintain processes, procedures and associated plans for network infrastructure including administration, usage, and disaster recovery Use ticketing and change management systems to track incidents and changes.
• Participate in BCP and DRP events and exercises as part of a team supporting the overall network and business environment.
• Develops and implements solutions and processes to maintain the reliability, effectiveness, and efficiency of network security infrastructure components across the enterprise and associated process control environments.
• Works with project managers, team members, architects, business units and other stakeholders to create agile solutions, identifying continuous improvement opportunities, creating new or improved processes and automation to support step changes in operational efficiencies.
• Analyzes network security needs and designs solutions that meet business requirements for protection, standardization, efficiency, scalability, supportability, and cost-effectiveness. Contributes to lifecycle activities.
• Follows standard change management processes and practices when introducing technical changes to the environment.
• Develops and shares best practices with other teams.

Required Qualifications:

• Requires a bachelor's or master's degree in computer science, Information Technology, or a related field.
• Minimum of 10 years of experience network engineering and wireless communications.
• English language (advanced)

• Demonstrated skilled to advanced knowledge and experience in critical skills:

• o Cloud and on prem networking e.g., routing, BDGP, UDR, VNM, SDWAN, XR; IP Transport Advanced services e.g. VRF

• o Palo Alto - Security services e.g. Prisma or Global Protect
• o Palo Alto - Firewalls and Panorama

• o Network Fundamentals and troubleshooting

• CCNP or CCIE certification.

• Managing IP Transport across various technologies, including Wireless Network, LTE 4/5G, Private LTE 4/5G, VPN, and VSAT/LEO.
• Basic proficiency in scripting and automation, particularly using Python.
• Awareness of system and network monitoring solutions to ensure optimal performance.
• Functional understanding of Azure Network services, including vWAN, vNet, UDR, and NSG to support cloud data communications.
• Understanding of IP Services and advanced Network Access services, including Aruba Wireless, Cisco Wireless, and Wired LAN.
• Advanced understanding of Network Access Control through solutions such as Cisco ISE and Aruba ClearPass.
• Security management utilizing Palo Alto Firewalls and Panorama.
• Basic understanding of RF technologies, including 2-way Radio Systems, PTP, MPTP, Cellular, and In-building systems.

Preferred Qualifications:

• Certifications in Industrial Control Systems Cybersecurity or in IT Cybersecurity are highly preferred (e.g., GISCP, GCIP, CISSP, or other similar certification)
• Vendor-specific training on Operational Technology, IACS equipment manufacturers and internal network systems are highly preferred.
• Certifications in SAFe Scaled Agile or related scrum/agile project management framework is desirable.

Other preferred skills / competencies

• Experience in utilizing frameworks and standards such as NIST-800-53/82 and IEC-62443 in an IACS environment
• Experience with Industrial Internet of Things (IIoT), optimization, "Big data" analytics, OT integration and/or SCADA from the Cloud is preferred.
• Experience in conducting and/or leading cybersecurity assessments (risk, vulnerability) and creating a detailed mitigation plan and recommendations to address gaps identified
• Demonstrated OT Cybersecurity project experience including leading the development of security architectures (programs) and secure network architectures (systems).
• Experience in performing OT/IACS vulnerability scans, passively and actively with technologies such as Tenable Nessus or NMAP scanning tools.
• Understanding of threats, vulnerabilities, attack paths and exploits in an OT/IACS environment
• Experience with selecting, designing, architecting, and deploying security technologies to an OT/IACS environment
• Ability to influence and motivate teams, and work with a variety of disciplines, cultures, and environments.
• Demonstrated ability to work effectively, and communicate effectively at all levels with operations, design, projects, vendors, peers, etc.
• Demonstrated ability to provide leadership behaviors across enterprise through rigorous change management and compliance processes, while driving efficiencies.
• Knowledge of techniques and tools that promote effective analysis and the ability to determine root cause and resolution of problems.
• Communicates in a clear, concise, understandable manner both orally and in writing.

Chevron ENGINE supports global operations, supporting business requirements across the world. Accordingly, the work hours for employees will be aligned to support business requirements. The standard work week will be Monday to Friday. Working hours are 8:00am to 5:00pm or 1.30pm to 10.30pm.

Chevron participates in E-Verify in certain locations as required by law.