Skills: IT - Analysis & Management, IT - Networking & Telecom, IT - Sys Admin & Support
Experience: 5 + Years
Education: Bachelors/3-5 yr Degree
Employment Type: Full Time Salaried Employee
Location: Houston, Texas, United States
No location/work authorization restrictions found.
Chevron is one of the world's leading energy companies, with approximately 48,000 employees working in countries around the world. We explore, produce and transport crude oil and natural gas; refine, market and distribute fuels and other energy products; manufacture and sell petrochemical products; generate power; and develop future energy resources.
Chevron is accepting online applications for the position of ITC - IRSM-RMO-VM-Penetration Tester located in Houston, TX/San Ramon, CA through August 30, 2019 at 11:59 p.m. (Eastern Standard Time).
The Penetration Tester role on the Vulnerability Management team within Chevron ITC is responsible for safely planning and executing a variety of vulnerability assessments in both Business and Process Control environments. This position will allow individuals to grow cybersecurity skills and gain a depth of knowledge in information security, vulnerability management and penetration testing. Penetration Testers will engage with Business Units across the Chevron enterprise and, as needed, will travel to global operating locations for select assessments. Penetration testers will have the opportunity to work with the latest cybersecurity tools and hardware while given the flexibility to develop new capabilities and solutions to combat the evolving cyber threats.
Responsibilities for this position may include but are not limited to:
- Have a strong background in system administration, network engineering, and information security.
- Familiarity with penetration testing tools and techniques such as active/passive reconnaissance, vulnerability identification, exploitation, phishing, etc.
- Have general understanding of PCN/ICS environment, including SCADA, DCS, PLCs, HMIs, and other related OT technology, ICS communication protocols, as well as the IT Environment (system administration, firewalls, networking, network segmentation) required to support the PCN/ICS systems. Working experience in a PCN environment is preferred.
- Be able to review and assess architecture diagrams, data flows diagrams, asset inventories, and firewall configuration for misconfigurations, security discrepancies, as well as potential attack paths into an environment
- Effectively plan, coordinate, and lead assessments while working with other Vulnerability Management team members to meet milestones, deliverables and timelines.
- Understanding of computer programming and scripting languages such as Perl, Python, C, etc.
- Articulate complex technical assessment details, such as tool usage, exploitation techniques, and the impact assessment mythologies have on a system or network to the local business unit personnel.
- Perform administration of the assessment lab to include restore of virtual systems, IP compliance, user access, and be able to troubleshoot a variety of virtual products such as VMware, Acronis, etc.
- Build effective relationships and interface with a variety of IT, management, PCN and operations resources
- Possess strong interpersonal and communication skills and demonstrate the ability to navigate and overcome various obstacles/challenges when dealing with other business units and technology owners.
- Bachelor's or Associate's degree in Information Technology (IT), Computer Science, Engineering or equivalent experience.
- Prior pentesting experience.
- Travel is a required element of this position and is anticipated to average 20% to 30% per year
- This role can be located in either Houston, TX or San Ramon, CA.
- 5+ years of pentesting experience
- Strong Cybersecurity background with knowledge/experience of various information security technologies (i.e. IDS/IPS, HIPS, DLP, firewalls, network engineering, database, etc). Has an understanding of network traffic analysis, to include knowledge of the TCP/IP stack, the OSI model, wireless and industrial protocols, protocol analyzers such as Wireshark, traffic capture techniques using tools such as tcpdump,or arp poisoning, and hardware capture using network taps, hubs and port spanning/mirroring. Has broad understanding of common penetration testing tools and techniques such as active/passive reconnaissance, vulnerability identification, exploitation, phishing, social engineering and C2 staging & deployment. Prior experience with pentesting frameworks such as Canvas, Metasploit, Cobalt Strike, Empire, or Burp Suite, and vulnerability scanning tools such as Retina or Nessus, and network enumerations tools such as nmap is preferred. Has the ability to leverage computer programming and scripting languages such as Perl, python, C, etc. to facilitate exploitation and other assessment objectives
- Must have a thorough understanding of IT systems (Firewalls, Networking, Network Segmentation) and a general understanding of the PCN/ICS environment. Experience as a system administrator, application developer, programmer and familiarity with MS Windows or UNIX/Linux operating systems is desired. Have general understanding of the PCN/ICS environment, including SCADA, DCS, PLCs, HMIs, and other related OT technology, ICS communication protocols, and Purdue model architecture. Working experience in a PCN environment is preferred. Understands virtualization to include various hypervisor technologies, virtual networking, disaster recovery (various backup, reconstitution, and VM provisioning such as Acronis), virtual server management and access control.
- Candidates should demonstrate strong verbal, written and presentation skills, as well as an ability to communicate technical information to different audiences (management, non-technical, IT Professionals, PCN Professionals). Able to engage and interview stakeholders requesting vulnerability management services to capture key information needed to effectively understand, clearly articulate and document the scope of a vulnerability assessment engagement as well as findings and remediation plans.
- Able to build and maintain relationships throughout the enterprise to effectively engage subject matter experts as needed that ultimately draw upon the best experience base possible in order to deliver a high quality, trusted and complete vulnerability assessment product. Each person on the pentesting team must be a solid team player willing to share new technology knowledge with the team and the greater Chevron IT and PCN community.
Relocation may be considered within Chevron parameters.
Expatriate assignments will not be considered.
Chevron regrets that it is unable to sponsor employment Visas or consider individuals on time-limited Visa status for this position.
Regulatory Disclosure for US Positions:
Chevron is an Equal Opportunity / Affirmative Action employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status, or other status protected by law or regulation.
Chevron participates in E-Verify in certain locations as required by law.
Nearest Major Market: Houston
Chevron is one of the world’s leading integrated energy companies. Our success is driven by our people and their commitment to get results the right way – by operating responsibly, executing with excellence, applying innovative technologies and capturing new opportunities for profitable growth. Some of our specialties include generating power and produce geothermal energy; investing in profitable renewable energy and energy efficiency solutions; and developing the energy resources of the future, including researching advanced biofuels.
Our diverse and highly skilled workforce consists of approximately 64,700 employees, including more than 3,200 service station employees. At Chevron, we’re focused on safely delivering the energy needed to power human and economic progress worldwide. But how do we do that when harnessing fossil fuels can be inherently risky? To meet these challenges, Chevron has spent more than 20 years expanding systems that support a culture of safety and environmental stewardship that strives to achieve unequaled performance and prevent all serious incidents and fatalities. We call this Operational Excellence, and it drives everything we do.
Diversity & Inclusion
We’re committed to reflecting in our workforce the rich diversity of cultures and racial and ethnic backgrounds in the communities where we live and work. We’re also devoted to encouraging a diversity of ideas.
Diversity is one of the cornerstones of our values, which we call The Chevron Way. The Chevron Way states:
“We learn from and respect the cultures in which we work. We value and demonstrate respect for the uniqueness of individuals and the varied perspectives and talents they provide. We have an inclusive work environment and actively embrace a diversity of people, ideas, talents and experiences.”
As a core value, diversity is critical to developing a talented, high-performing workforce needed for ongoing business success. The Chevron Way’s focus on people has helped establish a culture that attracts, develops and retains more diverse talent.
We Support Career & Personal Development
We value the importance of managing work/life priorities by offering flexible work schedules, on-site child care at some facilities, adoption assistance, dual-career couple support, scholarships and tuition reimbursement.
At Chevron, you’ll find a workplace committed to your professional development. You’ll receive support and tools to create your own career path, including education assistance support which pays up to 75% of the cost (including tuition, textbooks, lab fees, and registration and administration fees) for approved courses. To strengthen organizational capability, we develop our employees’ and contractors’ skills and experience through our Invest in People strategy. As part of this strategy, discussions focused on continually improving individual performance are held between managers and employees.