Cybersecurity Engineer

Cybersecurity Engineer page is loaded## Cybersecurity Engineerlocations: San Antonio, Texastime type: Full timeposted on: Posted Todaytime left to apply: End Date: December 7, 2025 (15 days left to apply)job requisition id: 00019489# **An exciting career awaits you**At MPC, we’re committed to being a great place to work – one that welcomes new ideas, encourages diverse perspectives, develops our people, and fosters a collaborative team environment.# Position SummaryWe are seeking a skilled and motivated Cybersecurity Engineer to join our Cyber Operations team, supporting both IT and OT environments at Marathon Petroleum. This mid-career role will primarily focus on supporting our Zero Trust security strategy, while also contributing to the operation and enhancement of standard cybersecurity tools.The ideal candidate will have hands-on experience deploying and managing Zero Trust frameworks, with an understanding of secure access, identity management, and data protection across hybrid environments. Some familiarity with common cybersecurity technologies—including endpoint protection, application allowlisting, email protection, and firewalls—will round out the skill set needed to succeed in this role.You will collaborate with cross-functional teams to secure enterprise assets, support digital transformation initiatives, and ensure compliance with industry standards and regulatory requirements, helping to protect critical infrastructure and maintain operational resilience.# Key Responsibilities* Clearly understands business requirements and is able to identify risk and risk mitigations.* Resolves routine multi-functional technical issues and supports resolution of complex issues.* Recognizes established Cybersecurity assessments, standards and applies them in practice to security systems.* Contributes to the efficiency and effectiveness of Security solutions, processes and controls in place.* Identifies and provides recommendations towards process improvement and/or solution remediation and assists in developing steps within Standard Operating Procedures. Identifies business impacting events and performs initial investigation.* Monitors networks, systems, and applications for signs of potential cybersecurity incidents. Investigates and analyzes the nature and scope of cyber incidents.* Analyzes security protocols, administers and maintains security audits and reports of cyber systems access and activity; participates in disaster recovery planning per corporate guidelines.* Delivers and implements global security initiatives, policies, and compliance requirements. Identifies cybersecurity metrics and applicability for various teams.* Takes action through collaboration to improve metric results.* Executes cyber security-related consulting, guidance, and support to customers and stakeholders.* Follows emerging Information Technology/Operations Technology and cybersecurity technology trends as well as their impact on the security landscape.# Education and Experience* Bachelor’s Degree in Information Technology, related field or equivalent experience.* Professional certification, e.g. Security+, Network+, OSCP, GIAC, CEH preferred.* 2+ years of relevant experience required.* Experience with administration of zero trust platforms required.* Experience in implementing process improvement and automation is required.* Experience supporting large corporate projects while working with architecture and engineering teams, as well as vendors and contractors is required.* Experience with administration of standard security tooling including, AV, allowlisting, email protection, firewalls, logging and monitoring preferred.* Experience supporting Operational Technology environments with a good understanding of the Purdue model preferred.* Experience working within the SAFE Agile framework is preferred.# Skills* **Authentic Communicator** - Expresses ideas and information, both verbally and in writing, clearly and credibly. Listens to understand and fosters constructive dialogue.* **Cybersecurity Risk Management** - The process of developing cyber risk assessment and treatment techniques that can effectively pre-empt and identify significant security loopholes and weaknesses, demonstrating the business risks associated with these loopholes and providing risk treatment and prioritization strategies to effectively address the cyber-related risks, threats and vulnerabilities, ensuring appropriate levels of protection, confidentiality, integrity and privacy in alignment with the security framework.* **General Programming** - Applies a computer language to communicate with computers using a set of instructions and to automate the execution of tasks.* **Intrusion Detection*** **Penetration Testing** - The practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Penetration testing can be automated with software applications or performed manually.* **Security Controls** - Manages and maintains an information system that focuses on the management of risk and the management of information systems security.* **Security Governance** - The process of developing and disseminating corporate security policies, frameworks and guidelines to ensure that day-to-day business operations are guarded and well protected against risks, threats and vulnerabilities.* **Security Information & Event Management (SIEM)** - A set of tools and services offering real-time visibility across an organization's information security systems, and event log management that consolidates data from numerous sources.* **Security Policy Management** - The process of identifying, implementing, and managing the rules and procedures that all individuals must follow when accessing and using an organization's IT assets and resources.* **Threat Analysis** - Monitor intelligence-gathering and anticipate potential threats to an IT/OT systems proactively. This involves the pre-emptive analysis of potential perpetrators, anomalous activities and evidence-based knowledge and inferences on perpetrators' motivations and tactics.* **Threat Hunting** - Searches through networks, endpoints, and datasets to detect and isolate cyber threats that evade existing security solutions.* **Vulnerability Management** - The process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures and providing the organization with the necessary knowledge, awareness and risk background to understand the threats to its business.As an energy industry leader, our career opportunities fuel personal and professional growth.Location:San Antonio, TexasAdditional locations:Job Requisition ID:00019489Location Address:19100 Ridgewood PkwyEducation:Employee Group:Full timeEmployee Subgroup:RegularMarathon Petroleum Company LP is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without discrimination on the basis of race, color, religion, creed, sex, gender (including pregnancy, childbirth, breastfeeding or related medical conditions), sexual orientation, gender identity, gender expression, reproductive health decision-making, age, mental or physical disability, medical condition or AIDS/HIV status, ancestry, national origin, genetic information, military, veteran status, marital status, citizenship or any other status protected by applicable federal, state, or local laws. If you would like more information about your EEO rights as an applicant, . If you need a reasonable accommodation for any part of the application process at Marathon Petroleum LP, please contact our Human Resources Department at talentacquisition@marathonpetroleum.com. Please specify the reasonable accommodation you are requesting, along with the job posting number in which you may be interested.
#J-18808-Ljbffr