Skills: Business Analyst, IT - Analysis & Management
Experience: 5 + Years
Education: Bachelors/3-5 yr Degree
Location: Houston, Texas, United States
No location/work authorization restrictions found.
Chevron is one of the world's leading energy companies, with approximately 60,000 employees working in countries around the world. We explore, produce and transport crude oil and natural gas; refine, market and distribute fuels and other energy products; manufacture and sell petrochemical products; generate power; and develop future energy resources, including biofuels and geothermal energy.
Chevron is accepting online applications for the position of Business Vulnerability Assessor, located in Houston, Texas or San Ramon, California.
Requisition ID# 338519
The Senior Penetration Tester position in the Business Vulnerability Assessment (BVA) Team is responsible for safely planning and executing penetration tests utilizing a comprehensive approach to identify vulnerabilities on the enterprise business company intranet. Successful candidates will be expected to partner with business and IT contacts across the enterprise throughout all phases of an assessment to understand systems in scope (including architecture diagrams, data flows diagrams and asset inventories), to define high value objectives and to manage the approach, tools and techniques used to support the mission.
The Senior Penetration Tester is focused specifically on the application of security assessment of tactics, techniques and procedures, identifying security rigor, attack vectors, and effective remediation steps within Chevron computing and network resources across the various lines of business.
Responsibilities for this position may include but are not limited to:
- Performs various aspects of vulnerability assessments / penetration tests across a wide variety of platforms and technologies.
- This role will also include the execution of targeted testing activities to identify weaknesses and methods in which to exploit them.
- Help evolve the knowledge of adversarial TTPs and apply that knowledge when evaluating and testing corporate resources. Adherence to the highest standards of safety, ethics, and professional conduct are critical requirements of this position.
- Support project initiatives to assess vulnerabilities in Chevron’s IT assets (via penetration tests, social engineering, testing policies and procedures, etc.).
- Gain exposure to real world cybersecurity related threats and how they can impact Chevron’s business.
- Apply existing IT technical expertise to address cybersecurity related issues and challenges
- Interact with business and IT partners across the entire business environment.
- Bachelor’s degree in Cybersecurity, Computer Science, Computer Engineering or related field.
- Strong Information Technology and Cyber Security background.
- Minimum five years of conducting penetration testing on live corporate and production environments.
- Have a broad understanding of various information technology areas used to support and manage the business (i.e. web, networking, database, cloud, telephony, mobile, applications, etc.) and an in-depth experience in at least one area of relevant technology.
- The candidate should be analytical and creative with the ability to drive threat identification to closure.
- A strong core understanding of security tests and experience, possess strong skills in both computer and networking hardware and software.
- Excellent technical expertise (in both breadth and depth), written communication skills, time management skills, and the ability to communicate effectively with numerous lines of business representatives.
- Must be willing to work flexible hours, to include nights and weekends; they must also be able to travel, as required.
- Experience conducting full-scope vulnerability assessments and penetration tests, including social engineering, server and client-side attacks, protocol subversion, physical access restrictions, and web/database application exploitation
- Oil and Gas industry experience.
- Experience with open source and commercial penetration testing security tools in an enterprise environment.
- Proficiency with Windows, Unix/Linux, and mobile platform operating systems.
- Ability to utilize and gather Intelligence for indicators, information gathering, Operations Security, and Open Source Intelligence.
- Knowledge of exploits, threat actors, and attack methods.
- Effective analytical and critical thinking skills - proven problem solving and remediation.
- Demonstrated strong practices in security engineering, network protocols, computer security, and network security.
- Effective reporting, communication, and presentation skills.
- Teamwork and Collaboration Experience:
- Able to build and maintain relationships throughout the enterprise and to effectively engage subject matter experts as needed to ultimately draw upon the best experience base possible.
- Must be a solid team player willing to share new technology knowledge with the team, the greater cybersecurity organization and Chevron's IT community.
- Organizational and Customer Focus:
- Able to engage and interview stakeholders requesting vulnerability management services to capture key information needed to effectively understand, clearly articulate and document the scope of a vulnerability assessment engagement.
- Excellent verbal and written communication and presentation skills, management of priorities and deliverables, and heavy interaction with numerous lines of business representatives will be required.
- Risk Management:
- Comprehension of NIST technical controls and standards, and able to understand and communicate how the standards and controls relate to risk management strategies.
- Able to identify and prioritize discovered vulnerabilities in enterprise business systems, addressing both business risks and technical risks and able to translate those risks into business language so that they can be understood by the stakeholder community and addressed by an appropriate vulnerability remediation and risk mitigation plan.
- Cybersecurity preferred certifications: Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP).
- Previous experience as a system administrator, application developer, programmer and familiarity with MS Windows or UNIX/Linux operating systems.
Relocation may be considered.
Expatriate assignments will not be considered.
Chevron regrets that it is unable to sponsor employment Visas or consider individuals on time-limited Visa status for this positon.Regulatory Disclosure for US Positions:Chevron is an Equal Opportunity / Affirmative Action employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status, or other status protected by law or regulation. Chevron participates in E-Verify in certain locations as required by law.
Nearest Major Market: Houston
Chevron is one of the world’s leading integrated energy companies. Our success is driven by our people and their commitment to get results the right way – by operating responsibly, executing with excellence, applying innovative technologies and capturing new opportunities for profitable growth. Some of our specialties include generating power and produce geothermal energy; investing in profitable renewable energy and energy efficiency solutions; and developing the energy resources of the future, including researching advanced biofuels.
Our diverse and highly skilled workforce consists of approximately 64,700 employees, including more than 3,200 service station employees. At Chevron, we’re focused on safely delivering the energy needed to power human and economic progress worldwide. But how do we do that when harnessing fossil fuels can be inherently risky? To meet these challenges, Chevron has spent more than 20 years expanding systems that support a culture of safety and environmental stewardship that strives to achieve unequaled performance and prevent all serious incidents and fatalities. We call this Operational Excellence, and it drives everything we do.
Diversity & Inclusion
We’re committed to reflecting in our workforce the rich diversity of cultures and racial and ethnic backgrounds in the communities where we live and work. We’re also devoted to encouraging a diversity of ideas.
Diversity is one of the cornerstones of our values, which we call The Chevron Way. The Chevron Way states:
“We learn from and respect the cultures in which we work. We value and demonstrate respect for the uniqueness of individuals and the varied perspectives and talents they provide. We have an inclusive work environment and actively embrace a diversity of people, ideas, talents and experiences.”
As a core value, diversity is critical to developing a talented, high-performing workforce needed for ongoing business success. The Chevron Way’s focus on people has helped establish a culture that attracts, develops and retains more diverse talent.
We Support Career & Personal Development
We value the importance of managing work/life priorities by offering flexible work schedules, on-site child care at some facilities, adoption assistance, dual-career couple support, scholarships and tuition reimbursement.
At Chevron, you’ll find a workplace committed to your professional development. You’ll receive support and tools to create your own career path, including education assistance support which pays up to 75% of the cost (including tuition, textbooks, lab fees, and registration and administration fees) for approved courses. To strengthen organizational capability, we develop our employees’ and contractors’ skills and experience through our Invest in People strategy. As part of this strategy, discussions focused on continually improving individual performance are held between managers and employees.
Chevron is ranked in the Global Top 10 in Rigzone's Ideal Employer Rankings - find out more here.