Lead it cybersecurity engineer

About the position :

The Lead IT Cybersecurity Engineer is responsible for the technical design of IT cybersecurity architectural guidelines and standards, as well as the secure implementation of IT digital technologies across platforms and product lines in Chevron. The primary responsibility is to assure IT solutions are "secure by design", with a high focus on delivering secure digital capabilities and retiring legacy technology when possible.

Key responsibilities :

Responsibilities include but are not limited to :

Enable digital transformation by ensuring secure-by-design principles are incorporated in the IT digital capabilities across the enterprise.

Establish cybersecurity governance for IT technologies across all technology functions

Lead security research proposals and proofs of concept for emerging technologies

Consult as a subject matter expert on cybersecurity risk assessments for IT technologies

Define cybersecurity architectures for IT solutions

Serve as a subject matter expert in one or more cybersecurity domains, including, but not limited to, Network Security, Cloud Security, Endpoint Security, Application Security, Data Security, and Identity and Access Management.

Required Qualifications :

Minimum 10 years related work experience in cybersecurity with increasing levels of responsibility.

Technical experience in one or more cybersecurity domains, including, but are not limited to, Network Security, Cloud Security, Endpoint Security, Application Security, Data Security, and Identity and Access Management.

General understanding of the cyber threat landscape, including cyber-criminal and cyber-espionage threats.

Previous experience administering cybersecurity technologies and / or supporting cybersecurity operations.

Proficiency in SAST / DAST / IAST / MAST tools and techniques.

Strong understanding of OWASP Top 10 , Secure SDLC , and secure coding practices.

Perform threat modeling and attack surface analysis during design and development phases.

Secure SDLC : Deep understanding and application of secure software development lifecycle practices.

Secure Coding : Adherence to language-specific secure coding standards, participation in code reviews, and development of reusable security components.

Threat Modeling : Interpretation and feedback on threat models and attack surface analysis

Preferred Qualifications :

Bachelor’s degree or master’s degree in Cybersecurity, Information Technology, Information Systems, or Computer Science

Certifications in IT Cybersecurity are highly preferred (e.g., GISP, GREM, ISSEP, OSCP or other similar certification)

Certifications in SAFe Scaled Agile or related scrum / agile project management framework is desirable.

Knowledge of industry-accepted cyber security frameworks such as NIST 800-53, MITRE ATT&CK, and the Cyber Kill Chain.

Experience in conducting and / or leading cybersecurity assessments (risk, vulnerability) and creating a detailed mitigation plan and recommendations to address gaps identified

Ability to influence and motivate teams, and work with a variety of disciplines, cultures, and environments.

Demonstrated ability to work effectively, and communicate effectively at all levels with operations, design, projects, vendors, peers, etc.

Communicates in a clear, concise, understandable manner both orally and in writing.

Chevron ENGINE supports global operations, supporting business requirements across the world. Accordingly, the work hours for employees will be aligned to support business requirements. The standard work week will be Monday to Friday. Working hours are 8 : 00am to 5 : 00pm or 1.30pm to 10.30pm.