ConocoPhillips Security Architect in HOUSTON, Texas
Title: Security Architect
Location: NORTH AMERICA-USA-TEXAS-HOUSTON
Job Number: 00UP6
Who We Are
We are one of the world’s largest independent exploration and production companies, based on proved reserves and production of liquids and natural gas. With operations and activities in 15 countries, we explore for, develop, and produce crude oil and natural gas globally. We are challenged with an important job to safely find and deliver energy to the world. Our employees are critical to our success, and with them we power civilization.
We’re grounded by our SPIRIT Values – safety, people, integrity, responsibility, innovation, and teamwork. These values position us to deliver strong performance in a dynamic business – but not at all costs. We believe it’s not just what we do – it’s how we do it – that sets us apart.
We strive to make a significant difference in the communities where we live and operate. We create an inclusive environment that values all voices and opinions. Together, the different backgrounds, experiences, ideas, and perspectives of our employees drive our success.
The Security Architect will be a key member of the IT Security Team, playing an integral role in defining and assessing the organization's security strategy, architecture, and practices. As the security architect you will be helping to define the security aspects of the newly defined ConocoPhillips Digital Strategy.
This position can be based in Washington DC, Houston, Texas, Bartlesville, Oklahoma, or any U.S. ConocoPhillips location.
Your responsibilities may include:
Planning and Design Activities
Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology, and threat drivers
Develops security strategy plans and roadmaps based on sound enterprise architecture practices
Develops and maintains security architecture artifacts (e.g., models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations
Drafts security procedures and standards to be reviewed and approved by executive management and/or formally authorized by the Manager, IT Security
Develop security threat models and provide security assessment of hardware and firmware security solutions
Tracks developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts
Validates IT infrastructure and other reference architectures for security standard methodologies and recommend changes to enhance security and reduce risks, where applicable
Coordinates with DevOps teams to advocate secure coding practices, and to raise concerns related to poor coding practices to the Manager of IT Security
Reviews network segmentation to ensure the least privilege for network access
Supports the testing and validation of internal security controls, as directed by the Manager, IT Security, or the internal audit team
Reviews security technologies, tools, and services, and makes recommendations to the broader security team for their use, based on security, financial and operational metrics
Liaises with other security architects and security practitioners to share standard methodologies and insights
Liaises with the internal audit (IA) team to review and evaluate the design and operational effectiveness of security-related controls
Work across teams to define requirements, evaluate architectures, analyze tradeoffs, and recommend solutions
Drive alignment between teams to ensure they are marching towards a common robust infrastructure
Technical and Business Experience
Provides operational guidance to the Manager of IT Security and develops detailed work plans for the completion of tasks
An ability to communicate sophisticated and technical issues to diverse audiences, verbally, and in writing, in an easily-understood, authoritative, and practical manner
An understanding of cybersecurity fundamentals and general security technologies
Excellent presentation skills, especially with senior executive audiences
Must be legally authorized to work in the United States as a U.S. citizen or national, or an alien admitted as a permanent resident, refugee or asylee
Must have received or be willing to receive the COVID-19 vaccination, by date of hire to be considered. Proof of vaccination, or ConocoPhillips approved accommodation, required
1 years of experience in hardware and software design
1 years of experience using the methodologies to conduct threat-modeling exercises on new applications and services
1 years of hands-on experience using vulnerability management tools
Advanced working knowledge of managing security infrastructure in at least two of the following areas: firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, Security Information Event Management (SIEM) and log management technology
Advanced knowledge of threat modeling of services and applications that tie to the risk and data associated with the service or application
Bachelor's degree or higher in Business Admin/Mgmt, Computer Science, Engineering, Information Technology, Management Information Systems, other related business field, other related technical field, or foreign equivalent
5 years of experience designing the deployment of applications and infrastructure into public cloud services
5 years of experience with Full-stack IT infrastructure
Advanced problem resolution and influencing skills
Ability to drive architecture into product groups and suppliers
Takes ownership of actions and follows through on commitments by holding others accountable and standing up for what's right
Delivers positive results through realistic planning to accomplish goals
Builds effective solutions based on available information and makes timely decisions that are safe and ethical
To be considered for this position you must complete the entire application process, which includes answering all prescreening questions and providing your eSignature on or before the requisition closing date of February 14, 2022 .
Candidates for this U.S. position must be a U.S. citizen or national, or an alien admitted as permanent resident, refugee or asylee. Individuals with temporary visas such as A, B, C, D, E, F, G, H, I, J, L, M, NATO, O, P, Q, R or TN or who need sponsorship for work authorization in the United States now or in the future, are not eligible for hire.
ConocoPhillips is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, veteran status, gender identity, or expression, genetic information, or any other legally protected status.
Job Function: Information Management-Information Technology
Job Level: Individual Contributor/Staff Level
Line of Business: IT SECURITY
Title: Security Architect