Position Summary:
The Senior OT Cyber Engineer is responsible for the technical design of a highly complex set of OT Cybersecurity guardrails as well as the secure implementation of all OT digital technologies across Chevron. OT Cyber Engineers reach broadly across all platforms and all IT Foundational Platform product lines (business breadth, along with technical depth) to help make quality investment decisions to enable identification and mitigation of risk. They possess an awareness and understanding of other Cyber capabilities such as detection and response to threats, risk management, forensics, and insider risk operations, etc.
Key Responsibilities:
- Influence stakeholders at an enterprise level on OT Cyber initiatives.
- Design, build and deploy OT guardrails
- Take a technical leadership role in the OT Cybersecurity Community of Practice, for knowledge transfer and mentoring, and actively participate, contribute, and present to other OT/ICS Cybersecurity forums/conferences (both internal and external).
- Lead cybersecurity risk assessments for Chevron’s Business Unit ICS/PCN designs/installations and/or emerging technology OT solutions
- Provide recommendations and plans to mitigate identified issues from OT cybersecurity risk assessments, ICS Vulnerability assessments, and OT Pen tests
- Define and validate cybersecurity expectations for OT/ICS solutions with Chevron’s digital platforms and product lines, and contribute to decision authority on policies, internal standards, guardrails, initiatives for OT Cybersecurity
- Participate in the development of OT security research project proposals
- Research, test or lead a POC for new and emerging OT technologies
- Lead or participate in industry standard committees, customer advisory councils, and/or technology joint industry projects (JIPs) for OT/ICS environments
Required Education & Experience:
- Bachelor’s degree or master’s degree in Information Technology, Computer Science or related STEM field is preferred, but not required.
- Experience with selecting, designing, architecting, and deploying security technologies to an OT/ICS environment
- Certifications in Industrial Control Systems Cybersecurity or in IT Cybersecurity are highly preferred.
- Minimum 5 years related work experience in Operational Technology field/Industrial Controls Systems Cybersecurity field with increasing levels of responsibility.
- Certifications in SAFe Scaled Agile or related scrum/agile project management framework is desirable.
- Strong network infrastructure and network security experience, preferably in an ICS/PCN environment
- Demonstrated ability to provide leadership behaviors across enterprise through rigorous change management and compliance processes, while driving efficiencies.
- Ability to influence and motivate teams, and work with a variety of disciplines, cultures, and environments.
- Knowledge of techniques and tools that promote effective analysis and the ability to determine root cause and resolution of problems.
- Communicates in a clear, concise, understandable manner both orally and in writing.
- Demonstrated ability to work effectively, and communicate effectively at all levels with operations, design, projects, vendors, peers, etc.
- Experience and working knowledge of cybersecurity frameworks and standards such as NIST-800-53/82 and IEC-62443 in an ICS environment
- Experience in leading cybersecurity assessments (risk, vulnerability) and creating a detailed mitigation plan and recommendations to address gaps identified
- Vendor-specific training on Operational Technology equipment manufacturers and internal network systems are highly preferred.