Job Description
This position will be part of Occidental Petroleum's Industrial Control Systems (ICS) Security Team responsible for the implementation and maintenance of systems protecting and improving the security posture for Oxy ICS environment. The position will work closely with internal and external resources to contribute the development, implementation, and compliance of security policies and procedures for the ICS environment. The responsibilities include assessment of network topologies and environments to ensure the ICS/OT environment remains compliant and work with other teams to track/remediate deficiencies.
Required Skills & Experience
Bachelor's degree in information technology, Computer Science, Computer Engineering, or related field
3 or more years of experience in the IT/OT security field with hands-on experience and knowledge of ICS / SCADA System Security (design, controls)
Knowledge of the Oil and Gas industry and ICS environments Excellent project management, organizational, time management, and interpersonal skills.
Ability to work with sensitive and confidential information while maintaining the highest level of confidentiality, professionalism, and ethics.
Moderate level understanding of IT-OT convergence, Purdue Model, IDMZ concepts, network technologies, systems, and concepts.
General understanding of Cyber security frameworks and standards such as NIST CSF, CIS, and MITRE ATT&CK
General knowledge of industrial communication protocols and technologies from main vendors.
Knowledge and experience of anomaly detection tools in the ICS/OT environment with the emphasis on correlation of data and remediation of any misconfigurations.
Knowledge of OT asset & vulnerability management. Work with OT asset owners to remediate asset or vulnerability issues.
Familiarity with OT monitoring technologies with some traffic analysis experience: Wireshark PCAPs, Intrusion Detection Systems (IDS).
Experience with responding to security related incidents, incident response, conducting tabletop exercises.
Experience with analyzing system, application, security, network logging data from a SIEM to create actionable work tasks for a SOC, IT security analysts, or other IT staff.
Ability to effectively communicate technical information to a non-technical audience.
Nice to Have Skills & Experience
Experience in supporting or troubleshooting industrial protocols such as OPC, Modbus TCP, HART etc. is a plus.
IT certifications are desirable such as GISCP, CISSP, CEH, Cisco CCENT/CCNA
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.