Senior IT Cybersecurity Engineer

Overview

The Senior IT Cybersecurity Engineer is responsible for the technical design of IT cybersecurity architectural guidelines and standards, as well as the secure implementation of IT digital technologies across platforms and product lines in Chevron. The primary responsibility is to assure IT solutions are "secure by design", with a high focus on delivering secure AI applications and digital capabilities.

Key Responsibilities

Responsibilities include but are not limited to:

• Enable digital transformation by ensuring secure-by-design principles are incorporated in the IT digital capabilities across the enterprise.
• Serve as a subject matter expert in AI security domain of Cybersecurity.
• Prepare AI security research proposals and proofs of concept for emerging technologies
• Define cybersecurity architectures for AI applications and solutions
• Create SOPs and Checklists for AI assessments.
  
  

• Minimum 9 years related work experience in cybersecurity with increasing levels of responsibility.
• 2 years of experience in AI security with end-to-end assessment of AI applications along with security of related components.
• Specialized AI and machine learning knowledge, emphasizing secure development, threat detection for AI systems, and compliance with emerging AI regulations.
• A strong understanding of machine learning algorithms, LLM Models, neural networks, deep learning, and frameworks/libraries
• Familiarity with deploying and securing AI systems on major cloud platforms ( Azure, Google Cloud).
• Technical experience in one or more cybersecurity domains i.e. Cloud Security, Application Security, Data Security, and Identity and Access Management.
• General understanding of the cyber threat landscape
  
  

• OWASP Top 10 for LLMs : Strong understanding of the OWASP Top 10 for LLMs and mitigation strategies. Enforce secure LLM practices across development teams through training, code reviews, and automated checks.
• Ensure that AI systems comply with relevant global AI laws, data privacy regulations (like GDPR), and industry standards (such as the NIST AI Risk Management Framework).
• Work with data science, engineering, and legal teams to integrate security best practices into the AI development lifecycle and address legal and ethical concerns (e.g., bias, transparency).
• Secure SDLC Integration: Deep experience embedding security into every phase of the Software Development Lifecycle (SDLC)—from requirements gathering to deployment—ensuring compliance with organizational and regulatory standards.
• Threat Modeling & Attack Surface Analysis: Conduct threat modeling sessions during design phases using frameworks like STRIDE and DFDs. Perform attack surface analysis to identify potential entry points and recommend design-level mitigations.
  
  

• Bachelor’s degree or master’s degree in Cybersecurity, Information Technology, Information Systems, or Computer Science
• Certifications in IT Cybersecurity are highly preferred (e.g., GISP, GREM, ISSEP, OSCP or other similar certification)