Chevron is one of the world's leading energy companies, with approximately 60,000 employees working in over 100 countries around the world. We explore, produce and transport crude oil and natural gas; refine, market and distribute fuels and other energy products; manufacture and sell petrochemical products; generate power; and develop future energy resources, including biofuels and geothermal energy.
Chevron is seeking a dynamic team leader for the Risk Monitoring team within the Risk Monitoring and Analytics organization. The Lead is expected to meet the competencies of the highest level analyst and is responsible for the overall mission of conducting robust risk monitoring of Chevron's vast computer network infrastructure. The lead will possess current technical skills and have experience leading or supporting a 24x7 Security Operations Center (SOC) in the areas of network security monitoring and detection operations. The candidate will be an excellent communicator and will interact with others from executive levels down throughout the company in structured and unstructured situations. The lead oversees all production matters, helps build monitoring strategies, and makes sure appropriate processes are followed to triage relevant security events. The lead is the technical expert on intrusion detection and works closely with CIRT and the Technical Intelligence Team to ensure events are processed correctly and efficiently. The lead is responsible for accuracy, timeliness, and validity of all risk monitoring products ranging from Advisories to Monthly Activity Reports. They will possess excellent managerial skills and will mentor and train other team members. The lead will set priorities, goals, and deadlines, and makes determinations on how to plan and accomplish the teams work.
Chevron is accepting online applications for the position of Lead, Cyber Risk Monitoring located in Houston, TX through May 15, 2013 at 11:59 p.m. (Eastern Standard Time).
Responsibilities for this position may include but are not limited to:
Supervises and leads the overall real-time Risk Monitoring efforts for Chevron including the development of strategies, programs, and processes to deliver a world-class monitoring capability.
Responsible for operational management of the team and the processes and workflow of IPS/IDS/SIEM security event monitoring and analysis of cyber threat activity for the identification of advanced persistent threats and malware in near real-time.
Recognizes potential, successful, and unsuccessful intrusion attempts and compromises, and performs thorough reviews and analyses of relevant event detail and summary information.
Supervises, mentors, and trains analysts and team members and completes performance reviews for all direct reports.
Ability to conduct packet analysis and be able to modify and add custom monitoring policies and signatures within Intrusion Prevention Systems and Security Information and Event Management systems to account for lack of monitoring in areas as warranted by threat changes, such as zero-day threats.
Determines appropriate response action(s) required to mitigate risk and assist in providing threat and damage assessment for security threats which may impact Chevron networks.
Ensures all pertinent information is obtained to allow for the identification, categorization, and triage actions to occur in a time sensitive environment.
Track and maintain knowledge and understanding of adversarial tactics, techniques, and procedures.
Conduct data tracking and analysis tasks in order to identify computer probes/exploits/attacks as they occur, including technical aspects of intrusion detection and providing substantial input to cyber threat countermeasures.
Oversees the creation of detailed risk monitoring reporting that communicates effectively to every level of Chevron including monthly trends of incidents and detailed security events.
Optimize SIEM effectiveness by working with analysts and developers within Security Operations to ensure signature quality and fine tuning.
Collaborates with technical and threat intelligence analysts to provide indications and warnings and contribute to predictive analysis of malicious activity.
Coordinate activities across the integrated team ensuring that products merge threat and technical intelligence findings.
Develops collaborative information and knowledge sharing networks and builds alliances with colleagues and counterparts within and/or across the organization
Ability to recommend and propose new technical analysis solutions within the intrusion detection domain.
Provides input to assist with implementation of counter-measures or mitigating controls.
Creates and maintains appropriate documentation as needed including SOPs to be used by team members.
Ensure team coverage 24/7; this may also include weekend work.
Ensures requests for information are answered in a thorough and expedient manner.
Responsible for responding to “Requests for Information”
Hires, trains, and mentors team members.
Minimum of 8-12 years related Cyber Security experience in a large global organization. At least 7 years of direct experience in risk monitoring and incident response.
Bachelors Degree in Cyber Security, Computer Science, Engineering, Cyber Security or related studies. An additional 4 years of direct work experience in risk monitoring or incident response can be substituted for degree.
Vast experience with security technologies including with IDS/IPS/SIEM integration methodologies and best/common practices, firewalls & log analysis, network behavior analysis tools, data loss prevention, antivirus, network packet analyzers, and malware and forensic analysis tools.
Advanced knowledge of networking technologies and protocols, including Ethernet, TCP and IP routing, security architecture, and mobile technology.
Demonstrates problem solving and critical thinking capabilities in complex environments as lead of an intrusion detection team.
Previous experience working in a Cyber Security SOC/NOC/Operations Center, preferably in a leadership role.
Experience with Intrusion Prevention/Detection System signature development and management.
Experience with network monitoring tools (e.g., TCPDump, Wireshark) and experience in traffic analysis and packet inspection.
Ability to document and explain technical details clearly and concisely.
Must possess outstanding written and oral communication skills.
Ability to write analytical information products and clearly articulate findings
Comfortable communicating with senior management ranging from C-level executives to technical engineers and analysts.
Candidates must be comfortable in a high-tempo operational environment.
Previous experience participating in working groups with the oil and gas sector and/or with the United States Government.
Ability to successfully lead and manage multiple tasks concurrently on a regular basis.
Ability to work varying hours and operate in an "on call" status if required.
Must be self-starter, eager to take the initiative.
12 years related experience in Risk Monitoring, Incident Response, and/or Cyber Security experience in a large global organization.
Previous experience as a lead for a Cyber Security Operations Center or Risk Monitoring program.
Master’s Degree in Cyber Security, Computer Science, Engineering, Cyber Security or related studies.
Previous experience building cyber risk/threat monitoring capability.
Hands on experience with a variety of different IDS/IPS and SIEMs.
Previous experience managing and working with Managed Security Services Providers
Possession of one or more industry standard certification such as CISSP, CISM, GIAC Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), and GIAC Reverse Engineering Malware (GREM).
Relocation may be considered within Chevron parameters.
Expatriate assignments will not be considered.
Chevron regrets that it is unable to sponsor employment Visas or consider individuals on time-limited Visa status for this position.
Chevron is one of the world's leading energy companies, with approximately 60,000 employees working in countries around the world. We...