About this role
Total Number of Openings
15The Vulnerability Management Analyst will drive change within vulnerability management. Lead in defining processes and tool recommendations needed to identify vulnerabilities, tests Chevron’s digital security defenses, analyzes malicious code, and leverages all authorized resources and analytic techniques to secure Chevron's environment. Support the Information Risk Strategy Management (IRSM) Vulnerability Management (VM) program reporting to the Vulnerability Management Team Lead.Responsibilities include, but are not limited to, the following:
Manage the vulnerability remediation process to ensure weaknesses identified through vulnerability scanning and assessments / penetration tests along with any emergency concerns are assigned to owners and tracked to resolution.
Responsible for analyzing information/data collected from vulnerability assessments and scans; and in conjunction with the IRSM risk managers, helps recommend mitigations in the form of policies, standards, and controls as they apply to the major risk domains. This person will also support project initiatives to assess vulnerability of Chevron’s IT assets.
Support project initiatives to assess vulnerabilities in Chevron’s IT assets and perform validation testing of remediated vulnerabilities from business vulnerability assessments, as needed.
Foundational knowledge in cybersecurity and apply that knowledge toward remediation initiatives.
Foundational skills in cybersecurity toolsets including infrastructure and application scanning, phishing campaigns, cloud access security broker, and other cross functional security tools.
Engage technical resources and leaders across the enterprise to share results and gain commitment.
Technical
Demonstrated ability in vulnerability management or related field such as penetration testing, SOC, or threat intelligence.
Understanding of attacker mindset, exploitation, and how vulnerabilities are leveraged.
Knowledge of Cybersecurity principles and various information security technologies (i.e., IDS/IPS, HIPS, DLP, firewalls, network engineering, database, etc.).
In-depth experience with cybersecurity concepts, vulnerability scanning tools, and other security techniques such as active/passive reconnaissance, vulnerability identification, exploitation, phishing, social engineering, and command and control techniques.
Broad understanding in one of the following information technology areas used to support and manage the business (i.e., web, networking, database, cloud, telephony, mobile, applications, etc.).
Domain Knowledge
Must understand IT systems (Operating Systems, databases, and applications).
Experience in one of the following areas: a system administrator, application developer, programmer familiarity with MS Windows or UNIX/Linux operating systems.
Strong desire to learn new tools and technologies highly motivated to apply that knowledge toward understanding and communicating the sources of vulnerabilities.
Communication
Candidates should demonstrate strong verbal, written and presentation skills, as well as an ability to communicate technical information to different audiences (management, non-technical, IT Professionals, PCN Professionals). Able to engage and interview stakeholders requesting vulnerability management services to capture key information needed to effectively understand, clearly articulate, and document remediation plans.
Chevron participates in E-Verify in certain locations as required by law.
Other facts
About Chevron
Chevron Holdings Inc. (CHI) is a pioneer and leading multi-function Shared Services Center in the Philippines located in Makati City. With a workforce of more than 1,000, CHI delivers business services and solutions in areas such as finance, human resources, procurement, marketing support and information technology.
There are two Chevron companies operating in the Philippines: Chevron Holdings Incorporated (CHI) and Chevron Philippines Incorporated (CPI).
CHI is a shared services center providing transactional, processing, and consulting services in the areas of finance and accounting, information technology, supply chain management, human resources, downstream customer service and marketing. Established in 1998, CHI serves Chevron affiliates in six continents around the world. Over the years, it has grown to be one of the leading members of the shared services industry in the Philippines.
CHI has received various recognitions as a top employer: the 2022 Diversity Company of the Year, 2021 Asia’s Best Employer Brand Award; 2021 Global Best Employer Brand Award; 2020 HR Asia Best Companies to Work for in Asia; 2019 Circle of Excellence, Top Employer Category at Asia CEO Awards and the 2018 Wellness Company of the Year at the same Asia CEO Awards.
CPI markets the Caltex brand of top-quality fuels, lubricants and petroleum products through a network of service stations, terminals and sales offices.
At Chevron, we are committed to fostering diversity and inclusion at all levels of our company and at all stages of the employee experience. We constantly strive to attract, develop and retain diverse Filipino talent. Globally, Chevron Corporation has achieved a rating of 100 percent in the Human Rights Campaign Equality Index for the past 17 years. The Index ranks American companies based on their commitment to equality in the workplace.
What you'll do
- The Vulnerability Management Analyst will manage the vulnerability remediation process and analyze data from vulnerability assessments. They will also support project initiatives to assess vulnerabilities in Chevron’s IT assets.
Ready to join Chevron?
Take the next step in your career journey