Chevron is one of the world's leading energy companies, with approximately 60,000 employees working in countries around the world. We explore, produce and transport crude oil and natural gas; refine, market and distribute fuels and other energy products; manufacture and sell petrochemical products; generate power; and develop future energy resources, including biofuels and geothermal energy.
Chevron is accepting online applications for the position of Risk Monitoring Analyst located in Houston, TX through October 3, 2013 at 11:59 p.m. (Eastern Standard Time).
Chevron is seeking a dynamic team player for the Risk Monitoring team within the Cyber Threat Analysis and Monitoring organization. This individual is responsible for conducting robust security monitoring of Chevron’s vast computer network infrastructure. The analyst will possess current technical skills and have experience supporting a 24x7 Security Operations Center (SOC) in the areas of network security monitoring and detection operations. The candidate will be an excellent communicator and will interact with others from executive levels down throughout the company in structured and unstructured situations. This individual ensures appropriate processes are followed to triage relevant security events, and makes recommendations for process improvements in support of Lean Six Sigma / Lean IT initiatives. The analyst is a technical expert on intrusion detection and works closely with CIRT and the Technical Intelligence team to ensure events are processed and triaged correctly and efficiently.
Responsibilities for this position may include but are not limited to:
Responsible for operational processes and workflow of IPS/IDS/SIEM security event monitoring and analysis of cyber threat activity for the identification of advanced persistent threats and malware in near real-time.
Recognizes potential, successful, and unsuccessful intrusion attempts and compromises, and performs thorough reviews and analyses of relevant event detail and summary information.
Ability to conduct packet analysis and be able to modify and add custom monitoring policies and signatures within Intrusion Prevention Systems and Security Information and Event Management systems to account for lack of monitoring in areas as warranted by threat changes, such as zero-day threats.
Determines appropriate response action(s) required to mitigate risk and assist in providing threat and damage assessment for security threats which may impact Chevron networks.
Ensures all pertinent information is obtained to allow for the identification, categorization, and triage actions to occur in a time sensitive environment.
Track and maintain knowledge and understanding of adversarial tactics, techniques, and procedures.
Conduct data tracking and analysis tasks in order to identify computer probes/exploits/attacks as they occur, including technical aspects of intrusion detection and providing substantial input to cyber threat countermeasures.
Gathers data and contributes to the creation of detailed security monitoring reporting that communicates effectively to every level of Chevron including monthly trends of incidents and detailed security events.
Optimizes SIEM effectiveness by working with analysts and developers within Security Operations to ensure signature quality and fine tuning.
Collaborates with technical and threat intelligence analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity.
Coordinates activities across the integrated team ensuring that products merge threat and technical intelligence findings.
Develops collaborative information and knowledge sharing networks and builds alliances with colleagues and counterparts within and/or across the organization.
Possesses the ability to recommend and propose new technical analysis solutions within the intrusion detection and SIEM domains.
Provides input to assist with implementation of counter-measures or mitigating controls.
Performs activities per established documentation as needed, including SOPs to be used by team members.
Works within the security monitoring team to ensure functional coverage on a 24/7 basis; this may also include weekend work.
Ensures requests for information are answered in a thorough and expedient manner.
Minimum of 4 years of security monitoring, incident response, and/or cyber security experience in a large organization.
Bachelors Degree in Cyber Security, Computer Science, Engineering, Information Security or related studies. An additional 3 years of direct work experience in security monitoring or incident response can be substituted for degree.
Experience with security technologies including with IDS/IPS/SIEM integration methodologies and best/common practices, firewalls & log analysis, network behavior analysis tools, data loss prevention, antivirus, network packet analyzers, and malware and forensic analysis tools.
Knowledge of networking technologies and protocols, including Ethernet, TCP and IP routing, security architecture, and mobile technology.
Demonstrates problem solving and critical thinking capabilities in complex environments.
Previous experience working in a Cyber Security SOC/NOC/Operations Center.
Ability to document and explain technical details clearly and concisely.
Must possess outstanding written and oral communication skills.
Ability to write analytical information products and clearly articulate findings.
Comfortable communicating with senior management ranging from C-level executives to technical engineers and analysts.
Candidates must be comfortable in a high-tempo operational environment.
Ability to work varying hours and operate in an "on call" status if required.
Must be self-starter, eager to take the initiative.
6-10 years related experience in Security Monitoring, Incident Response, and/or Cyber Security experience in a large global organization.
Advanced degree in Cyber Security, Computer Science, Engineering, Cyber Security or related studies.
Previous experience participating in working groups with the oil and gas sector and/or with the United States Government.
Previous experience building cyber risk/threat monitoring capability.
Hands on experience with a variety of different IDS/IPS and SIEMs.
Previous experience managing and working with Managed Security Services Providers.
Possession of one or more industry standard certification such as CISSP, CISM, GIAC Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), and GIAC Reverse Engineering.
Relocation may be considered. *LI-JM1
Expatriate assignments will be/will not be considered.
Chevron regrets that it is unable to sponsor employment Visas or consider individuals on time-limited Visa status for this position.