Full Job Description

An exciting career awaits you
At MPC, we’re committed to being a great place to work – one that welcomes new ideas, encourages diverse perspectives, develops our people, and fosters a collaborative team environment.
Role Overview:
The Vulnerability/Penetration Testing is a highly critical role tasked with providing assurance for the security posture of the enterprise through discovering, assessing, reporting, and tracking the remediation of security vulnerabilities. This role performs assessments within Information and Operation Technology IT/OT environments. Identifying where systems/networks deviate from acceptable security configurations. The role is given structured opportunities to expose system vulnerabilities achieved through active evaluations (penetration tests and/or vulnerability assessments) using specialty tools and techniques that simulate adversarial techniques. This role are also known as vulnerability assessors, vulnerability analysts or penetration testers.
Key Responsibilities and Requirements:
  • Develop test procedures and/or document recommendations for test plan modifications that improve validation of cybersecurity controls. Test procedures may cover a wide range of systems such as but not limited to IP network discovery, password length requirements, password complexity requirements and vulnerability exploitation.
  • Understanding of APT TTPs and how to replicate their attack methodology.
  • Write penetration testing rules of engagements, test plans, standard operating procedures, and reports.
  • Thoroughly document exploit chain/proof of concept scenarios.
  • Research and remain up to date with new threats and adversary emulation methodologies.
  • Ability to test web applications for common web application security vulnerabilities including input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues.
  • Hands-on experience with commercial and open-source cyber security tools such as proxies, port scanners, vulnerability scanners, exploit frameworks (ex: BurpSuite Pro, Nmap, Metasploit, Cobalt Strike).
  • Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
  • Knowledge and understanding of the MITRE ATT&CK Framework.
  • Experience developing detailed penetration testing reports that can speak to multiple audience types.
  • Penetration testing experience with web applications, operating systems, network protocols, wireless, mobile, databases and middleware.
  • Must be willing to travel as needed (10%)
The successful Vulnerability/Penetration Tester:
  • Verifies if vulnerabilities are actual threats or false positives.
  • Creates plans to remediate and track vulnerabilities with system owners.
  • Stays abreast of the latest security threat and vulnerabilities.
  • Maintains a positive, customer-centric attitude.
  • Has strong problem solving and organization skills.
  • Builds and maintains excellent relationships with internal customers.
  • Is a self-starter and can regularly produce results with minimal supervision.
  • Has strong presentation and communication skills
  • Bachelor’s degree in technical field (Computer Science, Computer Engineering, Information Systems, Information Systems Security) or equivalent background and experience
  • Experience in security engineering, system and network security, authentication, and security protocols, applied cryptography, and application security
  • Network and web-related protocol knowledge (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
  • Understanding security fundamentals and common vulnerabilities such OWASP Top Ten and CIS Critical Security Controls.
  • 8+ years in a cybersecurity vulnerability/penetration tester position.
  • Knowledge of OWASP, MITRE ATT&CK, and SANS Critical Controls
  • Ability to understand information security risks associated with vulnerability testing, patch management, and secure configuration management.
  • Experience with common commercial and open-source penetration tools such as Kali Linux, BurpSuite Pro, Metasploit, password cracking tools.
  • The following certifications are strongly preferred.
  • Offensive Security Certified Professional (OSCP)
  • Certified Penetration Tester (GPEN)
  • Web Application Penetration Tester (GWAPT)
  • Certified Information Systems Security Professional (CISSP)
As an energy industry leader, our career opportunities fuel personal and professional growth.

Findlay OH Main Bldg

Additional locations:

Denver CO, Houston TX, San Antonio TX

Job Requisition ID:


Location Address:

539 S Main St

Employee Group:

Full time

Employee Subgroup:


Marathon Petroleum Company LP is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without discrimination on the basis of race, color, religion, creed, sex, gender (including pregnancy, childbirth, breastfeeding or related medical conditions), sexual orientation, gender identity, gender expression, age, mental or physical disability, medical condition or AIDS/HIV status, ancestry, national origin, genetic information, military, veteran status, marital status, citizenship or any other status protected by applicable federal, state, or local laws. If you would like more information about your EEO rights as an applicant,

click here

If you need a reasonable accommodation for any part of the application process at Marathon Petroleum LP, please contact our Human Resources Department at


. Please specify the reasonable accommodation you are requesting, along with the job posting number in which you may be interested. A Human Resources representative will review your request and contact you to discuss a reasonable accommodation. To view benefit information for Marathon Petroleum Corporation please visit


Equal Opportunity Employer: Veteran / Disability

More Information

Apply for this job

Leave your thoughts