Chevron is one of the world's leading energy companies, with approximately 60,000 employees working in countries around the world. We explore, produce and transport crude oil and natural gas; refine, market and distribute fuels and other energy products; manufacture and sell petrochemical products; generate power; and develop future energy resources, including biofuels and geothermal energy.
Chevron is accepting online applications for the position of Business Vulnerability Assessor, located in Houston, Texas or San Ramon, California, through (insert posting close date) at 11:59 p.m. (Eastern Standard Time).
Requisition ID# 338519
The Senior Penetration Tester position in the Business Vulnerability Assessment (BVA) Team is responsible for safely planning and executing penetration tests utilizing a comprehensive approach to identify vulnerabilities on the enterprise business company intranet. Successful candidates will be expected to partner with business and IT contacts across the enterprise throughout all phases of an assessment to understand systems in scope (including architecture diagrams, data flows diagrams and asset inventories), to define high value objectives and to manage the approach, tools and techniques used to support the mission.
The Senior Penetration Tester is focused specifically on the application of security assessment of tactics, techniques and procedures, identifying security rigor, attack vectors, and effective remediation steps within Chevron computing and network resources across the various lines of business.
Responsibilities for this position may include but are not limited to:
- Performs various aspects of vulnerability assessments / penetration tests across a wide variety of platforms and technologies.
- This role will also include the execution of targeted testing activities to identify weaknesses and methods in which to exploit them.
- Help evolve the knowledge of adversarial TTPs and apply that knowledge when evaluating and testing corporate resources. Adherence to the highest standards of safety, ethics, and professional conduct are critical requirements of this position.
- Support project initiatives to assess vulnerabilities in Chevron’s IT assets (via penetration tests, social engineering, testing policies and procedures, etc.).
- Gain exposure to real world cybersecurity related threats and how they can impact Chevron’s business.
- Apply existing IT technical expertise to address cybersecurity related issues and challenges
- Interact with business and IT partners across the entire business environment.
- Bachelor’s degree in Cybersecurity, Computer Science, Computer Engineering or related field.
- Strong Information Technology and Cyber Security background.
- Minimum five years of conducting penetration testing on live corporate and production environments.
- Have a broad understanding of various information technology areas used to support and manage the business (i.e. web, networking, database, cloud, telephony, mobile, applications, etc.) and an in-depth experience in at least one area of relevant technology.
- The candidate should be analytical and creative with the ability to drive threat identification to closure.
- A strong core understanding of security tests and experience, possess strong skills in both computer and networking hardware and software.
- Excellent technical expertise (in both breadth and depth), written communication skills, time management skills, and the ability to communicate effectively with numerous lines of business representatives.
- Must be willing to work flexible hours, to include nights and weekends; they must also be able to travel, as required.
- Experience conducting full-scope vulnerability assessments and penetration tests, including social engineering, server and client-side attacks, protocol subversion, physical access restrictions, and web/database application exploitation
- Oil and Gas industry experience.
- Experience with open source and commercial penetration testing security tools in an enterprise environment.
- Proficiency with Windows, Unix/Linux, and mobile platform operating systems.
- Ability to utilize and gather Intelligence for indicators, information gathering, Operations Security, and Open Source Intelligence.
- Knowledge of exploits, threat actors, and attack methods.
- Effective analytical and critical thinking skills - proven problem solving and remediation.
- Demonstrated strong practices in security engineering, network protocols, computer security, and network security.
- Effective reporting, communication, and presentation skills.
- Teamwork and Collaboration Experience:
- Able to build and maintain relationships throughout the enterprise and to effectively engage subject matter experts as needed to ultimately draw upon the best experience base possible.
- Must be a solid team player willing to share new technology knowledge with the team, the greater cybersecurity organization and Chevron's IT community.
- Organizational and Customer Focus:
- Able to engage and interview stakeholders requesting vulnerability management services to capture key information needed to effectively understand, clearly articulate and document the scope of a vulnerability assessment engagement.
- Excellent verbal and written communication and presentation skills, management of priorities and deliverables, and heavy interaction with numerous lines of business representatives will be required.
- Risk Management:
- Comprehension of NIST technical controls and standards, and able to understand and communicate how the standards and controls relate to risk management strategies.
- Able to identify and prioritize discovered vulnerabilities in enterprise business systems, addressing both business risks and technical risks and able to translate those risks into business language so that they can be understood by the stakeholder community and addressed by an appropriate vulnerability remediation and risk mitigation plan.
- Cybersecurity preferred certifications: Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP).
- Previous experience as a system administrator, application developer, programmer and familiarity with MS Windows or UNIX/Linux operating systems.
Relocation may be considered.
Expatriate assignments will not be considered.
Chevron regrets that it is unable to sponsor employment Visas or consider individuals on time-limited Visa status for this positon.
Regulatory Disclosure for US Positions:
Chevron is an Equal Opportunity / Affirmative Action employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status, or other status protected by law or regulation.
Chevron participates in E-Verify in certain locations as required by law.