Senior Cybersecurity Engineer, OT Cybersecurity jobs in United States
cer-icon
Apply on Employer Site
company-logo

Marathon Petroleum Corporation · 21 hours ago

Senior Cybersecurity Engineer, OT Cybersecurity

positionGreater Houston
timeFull-time
remoteOnsite
senioritySenior Level
date5+ years exp

Marathon Petroleum Corporation is committed to being a great place to work, and they are seeking a Senior Cybersecurity Engineer for OT Cybersecurity. This role is critical in safeguarding the company's digital and operational assets, focusing on threat and vulnerability management to address cyber threats across various industrial control systems.

EnergyNatural ResourcesOil and Gas
check
H1B Sponsor Likelynote

Responsibilities

Conducts detailed analyses on changes to cybersecurity solutions and its relationship to internal and external systems to assess business impact and cybersecurity risk. Resolves complex multi-functional technical issues
Leverages cybersecurity assessments, standards and ensures compliance across security systems
Improves the efficiency and effectiveness of Security solutions, processes and controls in place
Analyzes existing processes and procedures and leads efforts for implementing improvements or remediation
Responsible for development and submission of Standard Operating Procedures
Analyzes business impacting events, performs initial investigation. Monitors networks, systems, and applications for signs of potential cybersecurity incidents
Investigates and analyzes the nature and scope of cyber incidents. Assists in the development of innovative and creative ideas to formulate risk mitigation and remediation plans and approaches to ensure regulatory compliance
Leads implementation of global security initiatives, policies, and compliance requirements. Collects and validates all security metrics and any remediation efforts associated with them
Manages cyber security-related consulting, guidance, and support to customers and stakeholders
Translates security principles to assist configuration teams with incorporating security into build and configuration processes
Monitors emerging IT/OT and cybersecurity technologies as well as their impact on the security landscape

Qualification

Dragos PlatformCybersecurity Risk ManagementVulnerability ManagementThreat HuntingPenetration TestingSecurity Information & Event Management (SIEM)Security GovernanceSecurity Policy ManagementIntrusion DetectionRelationship ManagementSecurity ControlsThreat AnalysisGeneral Programming

Required

Bachelor's Degree in Information Technology, related field or equivalent experience
5+ years of relevant experience required
Dragos Platform Certified User Certification required
Dragos ICS/OT Cybersecurity Training Certification required
Authentic Communicator - Expresses ideas and information, both verbally and in writing, clearly and credibly. Listens to understand and fosters constructive dialogue
Cybersecurity Risk Management - The process of developing cyber risk assessment and treatment techniques that can effectively pre-empt and identify significant security loopholes and weaknesses, demonstrating the business risks associated with these loopholes and providing risk treatment and prioritization strategies to effectively address the cyber-related risks, threats and vulnerabilities, ensuring appropriate levels of protection, confidentiality, integrity and privacy in alignment with the security framework
General Programming - Applies a computer language to communicate with computers using a set of instructions and to automate the execution of tasks
Intrusion Detection - The use of security analytics, including the outputs from intelligence analysis, predictive research and root cause analysis in order to search for and detect potential breaches or identify recognized indicators and warnings. Also, monitoring and collating external vulnerability reports for organizational relevance, ensuring that relevant vulnerabilities are rectified through formal change processes
Penetration Testing - The practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Penetration testing can be automated with software applications or performed manually
Relationship Management - Relationship Management is the conscious aim to develop and manage long-term and/or trusting relationships with internal or external customers, distributors, suppliers, or other parties in an environment which can include marketing, selling, servicing and other areas where a relationship is crucial to on-going success. At a senior level, it includes C-level relationships with senior management
Security Controls - Manages and maintains an information system that focuses on the management of risk and the management of information systems security
Security Governance - The process of developing and disseminating corporate security policies, frameworks and guidelines to ensure that day-to-day business operations are guarded and well protected against risks, threats and vulnerabilities
Security Information & Event Management (SIEM) - A set of tools and services offering real-time visibility across an organization's information security systems, and event log management that consolidates data from numerous sources
Security Policy Management - The process of identifying, implementing, and managing the rules and procedures that all individuals must follow when accessing and using an organization's IT assets and resources
Threat Analysis - Monitor intelligence-gathering and anticipate potential threats to an IT/OT systems proactively. This involves the pre-emptive analysis of potential perpetrators, anomalous activities and evidence-based knowledge and inferences on perpetrators' motivations and tactics
Threat Hunting - Searches through networks, endpoints, and datasets to detect and isolate cyber threats that evade existing security solutions
Vulnerability Management - The process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures and providing the organization with the necessary knowledge, awareness and risk background to understand the threats to its business

Preferred

Professional certification, e.g. Security+, Network+, OSCP, GIAC, CEH preferred
ICS/OT Cybersecurity certifications such as GCISP and GRID preferred

Benefits

Access to health, vision, and dental insurance
Paid time off
401k matching program
Paid parental leave
Educational reimbursement
Discretionary company-sponsored annual bonus program

Company

Marathon Petroleum Corporation

twittertwittertwitter
Glassdoor3.7
company-logo
Marathon Petroleum Corporation (MPC) is a leading, integrated, downstream and midstream energy company headquartered in Findlay, Ohio.
dateFounded in 2005
location
Findlay, Ohio, USA
people-size10001+ employees
web-link
http://www.marathonpetroleum.com

H1B Sponsorship

Marathon Petroleum Corporation has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (29)
2024 (6)
2022 (21)
2021 (5)
2020 (4)

Funding

Current Stage
Public Company
Total Funding
$2B
2025-02-06Post Ipo Debt· $2B
2011-07-01IPO

Leadership Team

leader-logo
Maryann Mannen
Chairman
linkedin

Recent News

The European Financial Review
US Oil Stocks Rise on Venezuela Access Hopes After Trump Remarks
2026-01-08
New Orleans CityBusiness
US says it needs to control Venezuelan oil sales indefinitely to drive change
2026-01-08
PR Newswire
Marathon Petroleum Corp. to Report Fourth-Quarter and Full-Year Financial Results on February 3, 2026
2026-01-06
Company data provided by crunchbase