Clearly understands business requirements and is able to identify risk and risk mitigations.
Resolves routine multi-functional technical issues and supports resolution of complex issues.
Recognizes established Cybersecurity assessments, standards and applies them in practice to security systems.
Contributes to the efficiency and effectiveness of Security solutions, processes and controls in place by building, testing, and maintaining security automation and orchestration workflows to accelerate detection and response across environments
Identifies and provides recommendations towards process improvement and/or solution remediation and assists in developing steps within Standard Operating Procedures. Identifies business impacting events and performs initial investigation.
Monitors networks, systems, and applications for signs of potential cybersecurity incidents. Investigates and analyzes the nature and scope of cyber incidents by developing, implementing, and continuously refining cyber threat detection logic across the corporate SIEM/SOAR platform
Analyzes security protocols, administers and maintains security audits and reports of cyber systems access and activity; participates in disaster recovery planning per corporate guidelines.
Delivers and implements global security initiatives, policies, and compliance requirements. Identifies cybersecurity metrics and applicability for various teams.
Takes action through collaboration to improve metric results.
Executes cyber security-related consulting, guidance, and support to customers and stakeholders by documenting detection content, orchestration logic, tuning efforts, and automation workflows for internal knowledge sharing and auditability
Follows emerging Information Technology/Operations Technology and cybersecurity technology trends as well as their impact on the security landscape.
Education and Experience
Bachelor's Degree in Information Technology, related field or equivalent experience.
Professional certification, e.g. Security+, Network+, OSCP, GIAC, CEH preferred.
Two (2) or more years of relevant experience required.
Hands-on experience with SIEM platforms (e.g., Splunk, Google SecOps, QRadar), detection rule creation, and alert tuning required
Experience with scripting (e.g., Python, PowerShell) and security automation/orchestration tools (e.g., SOAR platforms like Google SecOps, Cortex XSOAR, Splunk SOAR, or Swimlane) required.
Familiarity with ICS/OT networks and industrial protocols such as Modbus, DNP3, and OPC preferred.
Knowledge of threat frameworks including MITRE ATT&CK and Cyber Kill Chain preferred.
Requirements
Authentic Communicator - Expresses ideas and information, both verbally and in writing, clearly and credibly. Listens to understand and fosters constructive dialogue.
General Programming - Applies a computer language to communicate with computers using a set of instructions and to automate the execution of tasks.
Intrusion
Benefits
Remote work options
Additional Information
An exciting career awaits you
At MPC, we're committed to being a great place to work - one that welcomes new ideas, encourages diverse perspectives, develops our people, and fosters a collaborative team environment.
Position Summary (please include a position summary)
The Senior Cybersecurity Engineer, Cyber Threat Detection plays a critical role in safeguarding Marathon Petroleum Corporation's digital and operational assets across enterprise IT and industrial control systems (ICS/OT). This position is responsible for engineering and optimizing threat detection logic to identify, analyze, and respond to emerging cyber threats targeting both business and field operations, including refineries, pipelines, terminals, and remote industrial facilities.
Working as part of the Cyber Threat Operations team within the Cyber Fusion Center, the engineer will translate complex threat intelligence into high-fidelity detection capabilities, develop automated response workflows, and contribute to the ongoing enhancement of incident response playbooks. The role requires close coordination with internal teams including threat hunting, incident response, threat intelligence, and infrastructure to ensure alignment between detection strategy, risk posture, and operational resiliency.
The ideal candidate is technically proficient, collaborative, and mission-driven, with a strong understanding of IT/OT security principles and a passion for protecting critical infrastructure within the energy sector.
Marathon Petroleum · San Antonio, TX