Murphy Oil Corporation

IT Security Specialist - Security Operations Center (SOC)

Murphy Oil Corporation$90K — $130K *
Energy & Utilities
11 - 15 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Cyber Security, Computer Science, or related field
  • 15+ years of experience in cybersecurity with 2 years in a Security Operations Center (SOC)
  • Hands-on expertise in investigating security incidents and analyzing attack artifacts
  • Experience documenting Incident Response plans and playbooks following industry best practices
  • Familiarity with NIST CSF, NIST 800-53, ISO 27001, and relevant security standards

Responsibilities

  • Contribute to the cybersecurity vision and execution plan
  • Lead the enterprise incident response process and automate IR to reduce response times
  • Respond to security-related incidents and manage triage to facilitate rapid remediation
  • Oversee daily SOC operations and handle incident prioritization
  • Manage On-Call support for timely incident response after hours
  • Collaborate with service desk to expedite security patch deployment and formalize vulnerability management
  • Stay updated on cybersecurity developments and disseminate knowledge across IT

Benefits

  • Hybrid work schedule with two remote workdays per week
  • Leadership opportunities within a growing cybersecurity team
  • Training and development in cutting-edge cybersecurity tools and practices
  • Work in a controlled environment with limited physical hazards
  • Potential for involvement in special projects related to emerging cybersecurity challenges
Full Job Description
Job Summary

Murphy Oil Corporation is looking for an IT Security Specialist to support our growing Global Cybersecurity team. The ideal candidate is an experienced and dynamic individual who will serve as the lead for our Security Operations Center (SOC) function. This critical role involves overseeing the detection and response to cyber incidents, managing daily SOC operations, maturing the SOC capability, leading and mentoring specialists, and supporting our expanding Global Cybersecurity team. Given Murphy's oil and gas operations, this role also carries awareness-level accountability for operational technology (OT) and industrial control system (ICS) cybersecurity risk, working in coordination with OT/OT Security teams. The right candidate is passionate about learning and exploring new areas, keeping up with breaking cyber security incidents/ events/ vulnerabilities/ best practices, designing solutions, and working with stakeholders in the business, internal IT, Operations, and 3rd party service providers, to securely enable the business.

The IT Security Specialist will work in our Houston Corporate office and may work two (2) days a week remote.

Responsibilities

  • Contribute to cybersecurity vision, roadmap, and execution plan
  • Lead and mature the enterprise incident response process including updating the plan, documenting playbooks, facilitating cyber drills, coordinating with Incident Response vendors, setting up alternate communication channels, implementing automation in IR process to reduce response time, etc.
  • Respond immediately to any security-related incidents (e.g., data breaches, viruses, phishing scams) and perform/lead cyber incident triage, including determining scope, urgency, potential impact, and materiality, identifying the specific vulnerability, and making recommendations that enable expeditious remediation.
  • Oversee the day-to-day operational support of the SOC, including leading the weekly SOC Incident review meetings, handling and prioritizing help desk tickets, incidents, and cases. This role maintains direct oversight of the cyber service desk queue and is accountable for queue hygiene, SLA reporting, and driving corrective action when SLA targets are missed.
  • Oversee On-Call support capability and provide On-Call support ensuring timely response in remediating critical incidents after hours and weekends. This role owns the on-call support function end-to-end: maintaining a current on-call schedule, ensuring all on-call personnel understand their roles and escalation paths, monitoring that after-hours and weekend incidents are acknowledged and responded to within defined SLAs, and conducting post-incident reviews when response timeliness falls short of expectations.
  • Collaborate with service desk and infrastructure teams to deploy critical security patches in a timely manner, formalize vulnerability management program and introduce automation.
  • Collaborate with the Head of IT Security to implement security architecture best practices within incident response and daily SOC activities
  • Support the Head of IT Security by providing leadership and guidance to the cybersecurity team in managing day-to-day operations and responding to incidents.
  • Establish scoring and grading metrics to measure effectiveness of the SOC
  • Establish relationships between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies, vendors, public relations professionals)
  • Keep current with latest cyber security developments, threat intel, attack methods, emerging tools/technologies/strategies, and disseminate across IT
  • Lead special projects as assigned
  • Oversee SIEM use case development and alert tuning in partnership with the managed SOC/MDR provider; identify automation opportunities and work to eliminate false positive noise and detection gaps.
  • Lead proactive threat hunting activities, either directly or through coordination with the MDR partner, to identify threats that evade automated detection; document findings and translate results into new detection logic.
  • Develop, schedule, and facilitate cybersecurity tabletop exercises and simulations for SOC staff, IT leadership, legal, and relevant business stakeholders; track findings and drive remediation of identified process gaps.
  • Define, track, and report on SOC key performance indicators (KPIs) and security metrics dashboards for IT leadership and executive audiences, including mean time to detect (MTTD), mean time to respond (MTTR), and vulnerability remediation SLA compliance.
  • Oversee application security coordination responsibilities within the vulnerability management program: track findings from DAST/SAST scans and penetration tests, partner with development and IT teams to prioritize and remediate application-layer vulnerabilities.


Licenses/ Certifications

  • CISSP, GCIH or GCFA certification
  • Preferred for oil and gas sector: GICSP (Global Industrial Cyber Security Professional) or ICS/OT security certification (e.g., CSSA, ISA/IEC 62443 certificate)


Qualifications/Requirements

  • Bachelor's degree in cyber security, Computer Science, or a related Information Technology field
  • Minimum 15 years' experience in cyber security with 2 years' experience in working in a Security Operations Center (SOC)
  • Hands-on experience investigating (potential) security incidents including analyzing high volumes of logs, network data and other attack artifacts
  • Hands-on experience documenting Incident Response plans, playbooks and SOPs in line with security best practice standards such as NIST, SANS, etc.
  • Knowledge of incident categories, incident responses, and timelines for responses
  • Knowledge of security best practice standards such as NIST CSF, NIST 800-53, ISO 27001, etc.
  • Familiarity with a standardized incident response framework (SANS/NIST)
  • Knowledge of different classes of attacks (e.g., passive, active, insider, distribution attacks)
  • Knowledge of cyberattack vectors and stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, etc.)
  • Knowledge of penetration testing principles, tools, and techniques
  • Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection)
  • Knowledge of Cyber Kill Chain methodology, and/or MITRE ATT&CK framework
  • Able to manage multiple projects and initiatives concurrently
  • Ability to work independently and with others
  • Highly organized with strong time-management skills
  • Basic awareness of operational technology (OT) / industrial control system (ICS) security concepts, including the difference between IT and OT threat models and the applicability of standards such as NIST 800-82 or ISA/IEC 62443


The individual is required to follow all applicable safety precautions. Work is performed almost entirely in a controlled (i.e., inside) environment and does not typically subject the incumbent to any hazardous/extreme elements; some positions may require regularly moving or transporting items weighing up to 25 lbs. around the office for various needs. The successful candidate must be able to complete all essential physical requirements of the job with or without reasonable accommodation.

Desired/Preferred Qualifications

  • Minimum 2 years' experience working in a managed SOC environment
  • Experience leading a SOC (with both onshore and offshore resources)
  • Hands-on cyber incident response experience including prior experience responding to large scale incidents such as a Ransomware attack, supply chain attack, or data breach
  • Experience with industry leading SIEM platforms such as Google Chronicle SIEM, Azure Sentinel
  • Strong experience with Microsoft 365 Defender suite (Defender for Identity, O365, Endpoints, Cloud App Security, Conditional Access), Azure Defender suite (Defender for Cloud, Servers, App Service, Storage, SQL, Kubernetes, Resource Manager, IoT, Key Vault), Microsoft Purview Compliance Manager, and Intune
  • Experience deploying Security Orchestration, Automation and Response (SOAR) Solutions
  • Experience in writing scripts (e.g., PowerShell, PERL, Python, KQL, VBS) to perform tasks like parsing large data files, automating manual tasks, and fetching/processing data
  • Experience working within Oil/Gas industry
  • Knowledge of network security implementations (e.g., host-based IDS, IPS, access control lists), including their function and placement in a network
  • Knowledge of system administration, network, and operating system hardening techniques
  • Experience with proactive threat hunting methodologies and tools (e.g., hypothesis-driven hunting using MITRE ATT&CK, behavioral analytics, or TIP platforms); ability to translate threat intelligence into actionable hunting campaigns
  • Hands-on experience with detection engineering: writing and tuning SIEM detection rules, developing SOAR playbooks, and reducing alert fatigue through use case optimization
  • Experience with OT/ICS cybersecurity environments in oil and gas, energy, or critical infrastructure; familiarity with Purdue Model, OT network segmentation, or SCADA security concepts is a plus
  • Experience defining and reporting on SOC performance metrics (MTTD, MTTR, SLA adherence, false positive rate) to IT leadership and executive stakeholders


#LI-Hybrid

About Murphy Oil Corporation

Murphy Oil Corporation is an oil and gas exploration and production company. It was founded in 1950 and is headquartered in El Dorado, Arkansas. The company operates in the United States, Canada, and other international locations. Murphy Oil Corporation is focused on developing its oil and gas reserves, as well as exploring for new reserves. The company's operations include offshore drilling, onshore drilling, and production of oil and gas. Murphy Oil Corporation is committed to sustainable development and environmental stewardship in all of its operations.
Learn more about Murphy Oil Corporation
Size
696 employees
Market Cap
$6.5 billion
Industry
Net Income
-$1.1 billion
Founded
1950
5 Year Trend
+4.7%
Revenue
$1.9 billion
NASDAQ

Similar Jobs

More Jobs at Murphy Oil Corporation

More Energy & Utilities Jobs

Find similar IT Security Specialist - Security Operations Center (SOC) jobs: