Sr. Operations Technology (OT) Cybersecurity Specialist Job

ABOUT HESS CORPORATION

Hess is a leading international independent energy company engaged in the exploration and production of crude oil and natural gas.

We have an industry leading position in the Bakken in North Dakota – a key U.S. shale play. Hess is also one of the largest producers in the deepwater Gulf of Mexico and a key natural gas producer and supplier to Peninsular Malaysia and Thailand. The company is engaged in exploration and appraisal activities offshore Guyana, participating in one of the industry’s largest oil discoveries in the past decade, as well as the Gulf of Mexico, Suriname and Nova Scotia.

Hess aims to attract, retain and energize the best people by investing in their professional development and providing them with challenging and rewarding opportunities for personal growth. We are always looking for talented professionals who share our values and are passionate about making a difference in the world and in their careers. We strive to meet the highest standards of corporate citizenship by protecting the health and safety of our employees, safeguarding the environment and creating a long-lasting, positive impact on the communities where we do business.

For more information about Hess Corporation, please visit our website at Hess.com.

Position Overview

The Cyber Field Technician role is responsible for ensuring compliance with the HESS Process Control Domain (PCD) Cybersecurity Policy and Standards and protecting the HESS PCD from an evolving cyber threat landscape. The HESS PCD Cybersecurity Policy defines guiding principles for implementing, maintaining, and operating networks and systems for a secure PCD.

The Cyber Field Technician will assist and perform Tier 3 assessments with Technical Authorities to ensure compliance of PCD Elements and develop remediation plans in conjunction with the Technical Authorities and the Cybersecurity team for deficiencies. The Cyber Field Technician will work with operational personal and the Asset Operational Technology team to communicate necessary remediation outages and follow the MOC process for implementation. The Cyber Field Technician will assist in managing access control processes and the identity lifecycle for PCD elements.

Responsibilities & Duties

• Ensure compliance with the Process Control Domain (PCD) Cybersecurity Policy and Standards.
• Manage logical access to PCD Elements through the entire identity life cycle including onboarding, offboarding, access permissions, and

password rotation.
• Remediate PCD Element vulnerabilities through patching and configuration (i.e., firmware, operating system, drivers, applications).
• Review PCD Element logs for anomalies, indicators of compromise, or other events of note.
• Facilitate site specific cybersecurity incident response for the PCD.
• Maintain and manage PCD network perimeter and segmentation through firewall administration.
• Standardize and maintain PCD element configurations.
• Maintain and update endpoint protection (i.e. antimalware) capabilities on PCD Elements
• Create, maintain and test Disaster Recovery Plans (DRP) for PCD elements and applications
• Create and maintain PCD asset and facility documentation, such as specifications, for asset or facility cybersecurity controls aligning with PCD

Cybersecurity Policy and Standards.
• Assist and participate in cybersecurity awareness for site specific and enterprise program to ensure an PCD users are mindful.
• Participate in cybersecurity planning, governance, and risk management activities with technical authority.
• Manage PCD Elements including server, network devices, and application life cycle ensuring PCD elements are under support and critical

spares are available.

Experience/Skills
• Experience with the following:

• Oil and Gas experience preferred
• Knowledge experience of AB PLCs and Factory Talk products
• Controls domain/OT experience strongly preferred (not strictly IT experience)
• Industrial Control Systems (i.e. DCS, ESD, SIS, PLC, HMI, SCADA)
• Networking Fundamentals (i.e. Routing, Switches, IP Management)
• Firewall Administration (i.e. Palo Alto, Juniper)
• Microsoft Windows Server Administration
• Vmware ESXi & vCenter
• Antimalware applications (i.e., McAfee)

• Cybersecurity Fundamentals (i.e. Security+)
• Excellent writing and verbal communication skills
• Knowledge of safety requirements and practices

Qualifications:

• Associates or Engineering Degree preferred
• Clean driving license preferred
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or, Certified in Risk and Information Systems Control (CRISC) accreditation preferred

Education & Training
• High school diploma or equivalent required
• Associates or technical degree preferred
• Must have valid driver’s license

Core Behaviors
• Continuous Improvement – 30%
• Process Execution – 40%
• Problem Solving / Decision Making – 25%
• Leadership / Coaching – 5%

Work Environment
• Field Time (“go see”, meetings/collaboration) – 75%
• Desk Time (admin, invoices, data analysis, emails) – 25%

Competencies

The Hess Way of Working refers to competencies considered absolute pre-requisites for success. How you deliver results is as important as what you achieve. Every employee is expected to demonstrate the behaviors within these competencies to be considered an effective performer and, ultimately, earn career growth opportunities.

• Builds Trusted Relationships
• Develops Talent
• Creates Effective Teams
• Thinks Strategically
• Inspires Innovation
• Demonstrates Courage
• Drives Continuous Improvement
• Makes Quality Decisions
• Delivers High Performance

Posting Notes: Lisa B Willet | Employee | Field/Plant Operations | United States| North Dakota | Minot | | | | | No | 25978