Job Description

POSITION SUMMARY:

The Cybersecurity Engineer is a highly critical role tasked with providing assurance for the security posture of the enterprise through discovering, assessing, reporting, and tracking the remediation of security vulnerabilities.  The engineer will perform research on current vulnerabilities and will be responsible for authoring security advisories. This position will work directly with system and business owners to remediate and track system vulnerabilities while maintaining a positive, customer-centric attitude.

*This position is a part of a job family with multiple levels. The successful candidate will be placed at a level commensurate with experience and qualifications.

KEY RESPONSIBILITIES:

Conduct ongoing vulnerability scanning of networks and systems.
Identify new vulnerabilities and threats through proactive research.
Prioritize vulnerabilities based on an understanding of the threat landscape and the asset risk profile.
Improve and automate upon existing vulnerability management processes.
Normalize vulnerability data by developing metrics and trending data.
Work with business stakeholders to ensure remediation efforts adhere to corporate standards and policies.
Perform reoccurring and on demand scanning activities of both corporate and cloud environments utilizing enterprise scanning platforms.
Perform analysis and validation of vulnerability scan results.
Communicate to clients through reporting and results review meetings.
Provide system owners with remediation recommendations and guidance, up to and including remediation tracking and reporting.
Performs weekly, monthly, and quarterly vulnerability scans.
Verifies if vulnerabilities are actual threats or false positives.
Creates plans to remediate and track vulnerabilities with system owners.

Stays abreast of the latest security threat and vulnerabilities.

EDUCATION AND EXPERIENCE:

Bachelor’s degree in technical field (Computer Science, Information Systems, Information Systems Security) or equivalent background and experience
5+ years of experience in a technical, professional role for an enterprise, with a minimum of 2 years in a cybersecurity vulnerability management position.
Knowledge of OWASP, MITRE ATT&CK, and SANS Critical Controls
Ability to understand information security risks associated with vulnerability testing, patch management, and secure configuration management.
Ability to analyze and prioritize vulnerabilities to appropriately characterize threats and provide remediation advice. Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE).
Experience with common commercial vulnerability scanning tools.
Experience with data metrics & normalization with the ability to provide qualitative & quantitative analysis and recommendations

Professional certification such as CISSP and/or SANS GSEC

SKILLS:

Strong problem solving and organization skills
Building Partnerships: Developing and leveraging relationships within and across workgroups to achieve results
Self-starter with demonstrated ability to produce excellent results with minimal supervision.
Strong presentation and communication skills

About Marathon Petroleum Corporation

Marathon Petroleum Corporation (MPC) is a leading, integrated, downstream energy company headquartered in Findlay, Ohio. The company operates the nation's largest refining system. MPC's marketing system includes branded locations across the United States, including Marathon brand retail outlets. MPC also owns the general partner and majority limited partner interest in MPLX LP, a midstream company that owns and operates gathering, processing, and fractionation assets, as well as crude oil and light product transportation and logistics infrastructure.