IT Security Specialist - Security Operations Center (SOC)

Murphy Oil Corp

Houston, TX

JOB DETAILS
SKILLS
Access Control, Applications Security, Authentication, Automation, Best Practices, CISSP - Certified Information Systems Security Professional, Campaigns, Cloud Applications, Cloud Computing, Computer Science, Computer Security, Control Systems, Corrective Action, Cryptography, Customer Support/Service, Data Processing, Documentation, E Programming Language, Emerging Technology, English Language, Establish Priorities, Firewalls, Follow Through, GCFA - GIAC Certified Forensic Analyst, GCIH - GIAC Certified Incident Handler, Help Desk, Homeland Security, Honeypots, Hunting, IR (Infrared), ISA Standards, ISO (International Organization for Standardization), Incident Management, Incident Response, Information Technology & Information Systems, Intel Product Family, International Electro-Technical Commission (IEC), Internet Security, Internet of Things, Intrusion Detection Systems, Intrusion Prevention Systems, Law Enforcement, Leadership, Legal, Maintain Compliance, Mentoring, Metrics, Microsoft Product Family, Microsoft Visual Basic, Microsoft Windows Azure, Multitasking, Network Administration/Management, Network Security, Offshoring, Oil and Gas, On Call, Operating Systems, Operational Support, Operations, Operations Management, Organizational Skills, Penetration Testing, Performance Analysis, Performance Metrics, Perl Programming Language, Phishing, Physical Demands, Process Development, Project/Program Management, Public/Media/Press/Analyst Relations, Python Programming/Scripting Language, Ransomware, Reporting Dashboards, Resource Management, Risk, SQL (Structured Query Language), Schedule Development, Scripting (Scripting Languages), Security Analysis, Security Architecture, Security Attacks, Security Information and Event Management (SIEM), Security Monitoring, Security Patches, Service Level Agreement (SLA), Standard Operating Procedures (SOP), Supervisory Control and Data Acquisition (SCADA), Supply Chain, Systems Administration/Management, Team Player, Technical Leadership, Technical Strategy, Threat Modeling, Time Management, U.S. National Institute of Standards and Technology (NIST), United States Citizenship and Immigration Services (USCIS), Use Cases, Viruses, Windows PowerShell
LOCATION
Houston, TX
POSTED
1 day ago

Career Opportunities: IT Security Specialist - Security Operations Center (SOC) (5230)

Requisition ID 5230 - Posted 07/03/2026 - United States - Texas - Houston - IT

Job Description Print Preview

Apply Save Job Email Job to Friend Return to List

At Murphy Oil Corporation, we believe the rich experiences and backgrounds of our employees strengthen our Company, create a productive workforce, and drive our success. We encourage you to apply for the positions for which you meet the qualifications.

Job Summary

Murphy Oil Corporation is looking for an IT Security Specialist to support our growing Global Cybersecurity team. The ideal candidate is an experienced and dynamic individual who will serve as the lead for our Security Operations Center (SOC) function. This critical role involves overseeing the detection and response to cyber incidents, managing daily SOC operations, maturing the SOC capability, leading and mentoring specialists, and supporting our expanding Global Cybersecurity team. Given Murphy's oil and gas operations, this role also carries awareness-level accountability for operational technology (OT) and industrial control system (ICS) cybersecurity risk, working in coordination with OT/OT Security teams. The right candidate is passionate about learning and exploring new areas, keeping up with breaking cyber security incidents/ events/ vulnerabilities/ best practices, designing solutions, and working with stakeholders in the business, internal IT, Operations, and 3rd party service providers, to securely enable the business.

The IT Security Specialist will work in our Houston Corporate office and may work two (2) days a week remote.

Responsibilities

  • Contribute to cybersecurity vision, roadmap, and execution plan
  • Lead and mature the enterprise incident response process including updating the plan, documenting playbooks, facilitating cyber drills, coordinating with Incident Response vendors, setting up alternate communication channels, implementing automation in IR process to reduce response time, etc.
  • Respond immediately to any security-related incidents (e.g., data breaches, viruses, phishing scams) and perform/lead cyber incident triage, including determining scope, urgency, potential impact, and materiality, identifying the specific vulnerability, and making recommendations that enable expeditious remediation.
  • Oversee the day-to-day operational support of the SOC, including leading the weekly SOC Incident review meetings, handling and prioritizing help desk tickets, incidents, and cases. This role maintains direct oversight of the cyber service desk queue and is accountable for queue hygiene, SLA reporting, and driving corrective action when SLA targets are missed.
  • Oversee On-Call support capability and provide On-Call support ensuring timely response in remediating critical incidents after hours and weekends. This role owns the on-call support function end-to-end: maintaining a current on-call schedule, ensuring all on-call personnel understand their roles and escalation paths, monitoring that after-hours and weekend incidents are acknowledged and responded to within defined SLAs, and conducting post-incident reviews when response timeliness falls short of expectations.
  • Collaborate with service desk and infrastructure teams to deploy critical security patches in a timely manner, formalize vulnerability management program and introduce automation.
  • Collaborate with the Head of IT Security to implement security architecture best practices within incident response and daily SOC activities
  • Support the Head of IT Security by providing leadership and guidance to the cybersecurity team in managing day-to-day operations and responding to incidents.
  • Establish scoring and grading metrics to measure effectiveness of the SOC
  • Establish relationships between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies, vendors, public relations professionals)
  • Keep current with latest cyber security developments, threat intel, attack methods, emerging tools/technologies/strategies, and disseminate across IT
  • Lead special projects as assigned
  • Oversee SIEM use case development and alert tuning in partnership with the managed SOC/MDR provider; identify automation opportunities and work to eliminate false positive noise and detection gaps.
  • Lead proactive threat hunting activities, either directly or through coordination with the MDR partner, to identify threats that evade automated detection; document findings and translate results into new detection logic.
  • Develop, schedule, and facilitate cybersecurity tabletop exercises and simulations for SOC staff, IT leadership, legal, and relevant business stakeholders; track findings and drive remediation of identified process gaps.
  • Define, track, and report on SOC key performance indicators (KPIs) and security metrics dashboards for IT leadership and executive audiences, including mean time to detect (MTTD), mean time to respond (MTTR), and vulnerability remediation SLA compliance.
  • Oversee application security coordination responsibilities within the vulnerability management program: track findings from DAST/SAST scans and penetration tests, partner with development and IT teams to prioritize and remediate application-layer vulnerabilities.

Licenses/ Certifications

  • CISSP, GCIH or GCFA certification
  • Preferred for oil and gas sector: GICSP (Global Industrial Cyber Security Professional) or ICS/OT security certification (e.g., CSSA, ISA/IEC 62443 certificate)

Qualifications/Requirements

  • Bachelor's degree in cyber security, Computer Science, or a related Information Technology field
  • Minimum 15 years' experience in cyber security with 2 years' experience in working in a Security Operations Center (SOC)
  • Hands-on experience investigating (potential) security incidents including analyzing high volumes of logs, network data and other attack artifacts
  • Hands-on experience documenting Incident Response plans, playbooks and SOPs in line with security best practice standards such as NIST, SANS, etc.
  • Knowledge of incident categories, incident responses, and timelines for responses
  • Knowledge of security best practice standards such as NIST CSF, NIST 800-53, ISO 27001, etc.
  • Familiarity with a standardized incident response framework (SANS/NIST)
  • Knowledge of different classes of attacks (e.g., passive, active, insider, distribution attacks)
  • Knowledge of cyberattack vectors and stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, etc.)
  • Knowledge of penetration testing principles, tools, and techniques
  • Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection)
  • Knowledge of Cyber Kill Chain methodology, and/or MITRE ATT&CK framework
  • Able to manage multiple projects and initiatives concurrently
  • Ability to work independently and with others
  • Highly organized with strong time-management skills
  • Basic awareness of operational technology (OT) / industrial control system (ICS) security concepts, including the difference between IT and OT threat models and the applicability of standards such as NIST 800-82 or ISA/IEC 62443

The individual is required to follow all applicable safety precautions. Work is performed almost entirely in a controlled (i.e., inside) environment and does not typically subject the incumbent to any hazardous/extreme elements; some positions may require regularly moving or transporting items weighing up to 25 lbs. around the office for various needs. The successful candidate must be able to complete all essential physical requirements of the job with or without reasonable accommodation.

Desired/Preferred Qualifications

  • Minimum 2 years' experience working in a managed SOC environment
  • Experience leading a SOC (with both onshore and offshore resources)
  • Hands-on cyber incident response experience including prior experience responding to large scale incidents such as a Ransomware attack, supply chain attack, or data breach
  • Experience with industry leading SIEM platforms such as Google Chronicle SIEM, Azure Sentinel
  • Strong experience with Microsoft 365 Defender suite (Defender for Identity, O365, Endpoints, Cloud App Security, Conditional Access), Azure Defender suite (Defender for Cloud, Servers, App Service, Storage, SQL, Kubernetes, Resource Manager, IoT, Key Vault), Microsoft Purview Compliance Manager, and Intune
  • Experience deploying Security Orchestration, Automation and Response (SOAR) Solutions
  • Experience in writing scripts (e.g., PowerShell, PERL, Python, KQL, VBS) to perform tasks like parsing large data files, automating manual tasks, and fetching/processing data
  • Experience working within Oil/Gas industry
  • Knowledge of network security implementations (e.g., host-based IDS, IPS, access control lists), including their function and placement in a network
  • Knowledge of system administration, network, and operating system hardening techniques
  • Experience with proactive threat hunting methodologies and tools (e.g., hypothesis-driven hunting using MITRE ATT&CK, behavioral analytics, or TIP platforms); ability to translate threat intelligence into actionable hunting campaigns
  • Hands-on experience with detection engineering: writing and tuning SIEM detection rules, developing SOAR playbooks, and reducing alert fatigue through use case optimization
  • Experience with OT/ICS cybersecurity environments in oil and gas, energy, or critical infrastructure; familiarity with Purdue Model, OT network segmentation, or SCADA security concepts is a plus
  • Experience defining and reporting on SOC performance metrics (MTTD, MTTR, SLA adherence, false positive rate) to IT leadership and executive stakeholders

#LI-Hybrid

PURPOSE

We believe in providing energy that empowers people.

MISSION

We challenge the norm, tap into our strong legacy and use our foresight and financial discipline to deliver inspired energy solutions.

VISION

We see a future where we are an industry leader who is positively impacting lives for the next 100 years and beyond.

VALUES & BEHAVIORS

Do Right Always

  • Respect people, safety, environment and the law
  • Follow through on commitments
  • Make it better

Think Beyond Possible

  • Offer solution
  • Step up and lead
  • Don't settle for "good enough"
  • Embrace new opportunities

Stay With It

  • Show resilience
  • Lean into challenges
  • Support each other
  • Consider the implications

_____

Murphy Oil Corporation participates in the Department of Homeland Security U.S. Citizenship and Immigration Services'' E-Verify program. Please read the E-Verify Notice-English / E-Verify Notice-Spanish and Right to Work Notice before proceeding with your job application.

For additional information, you may also visit the USCIS website.

Murphy Oil Corporation is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, genetic information, disability, and status as a protected veteran, or any other category protected by federal, state or local laws.

EEO is the Law Poster

EEO is the Law Supplement

Apply Save Job Email Job to Friend Return to List

Email this job to a friend

The job has been sent to

Please provide the information below Job title: *Your friend's email address: Message:

Maximum character limit: 1000

  • Confirm you are not a robot:

Send Cancel

At Murphy Oil Corporation, we believe the rich experiences and backgrounds of our employees strengthen our Company, create a productive workforce, and drive our success. We encourage you to apply for the positions for which you meet the qualifications.

Job Summary

Murphy Oil Corporation is looking for an IT Security Specialist to support our growing Global Cybersecurity team. The ideal candidate is an experienced and dynamic individual who will serve as the lead for our Security Operations Center (SOC) function. This critical role involves overseeing the detection and response to cyber incidents, managing daily SOC operations, maturing the SOC capability, leading and mentoring specialists, and supporting our expanding Global Cybersecurity team. Given Murphy's oil and gas operations, this role also carries awareness-level accountability for operational technology (OT) and industrial control system (ICS) cybersecurity risk, working in coordination with OT/OT Security teams. The right candidate is passionate about learning and exploring new areas, keeping up with breaking cyber security incidents/ events/ vulnerabilities/ best practices, designing solutions, and working with stakeholders in the business, internal IT, Operations, and 3rd party service providers, to securely enable the business.

The IT Security Specialist will work in our Houston Corporate office and may work two (2) days a week remote.

Responsibilities

  • Contribute to cybersecurity vision, roadmap, and execution plan
  • Lead and mature the enterprise incident response process including updating the plan, documenting playbooks, facilitating cyber drills, coordinating with Incident Response vendors, setting up alternate communication channels, implementing automation in IR process to reduce response time, etc.
  • Respond immediately to any security-related incidents (e.g., data breaches, viruses, phishing scams) and perform/lead cyber incident triage, including determining scope, urgency, potential impact, and materiality, identifying the specific vulnerability, and making recommendations that enable expeditious remediation.
  • Oversee the day-to-day operational support of the SOC, including leading the weekly SOC Incident review meetings, handling and prioritizing help desk tickets, incidents, and cases. This role maintains direct oversight of the cyber service desk queue and is accountable for queue hygiene, SLA reporting, and driving corrective action when SLA targets are missed.
  • Oversee On-Call support capability and provide On-Call support ensuring timely response in remediating critical incidents after hours and weekends. This role owns the on-call support function end-to-end: maintaining a current on-call schedule, ensuring all on-call personnel understand their roles and escalation paths, monitoring that after-hours and weekend incidents are acknowledged and responded to within defined SLAs, and conducting post-incident reviews when response timeliness falls short of expectations.
  • Collaborate with service desk and infrastructure teams to deploy critical security patches in a timely manner, formalize vulnerability management program and introduce automation.
  • Collaborate with the Head of IT Security to implement security architecture best practices within incident response and daily SOC activities
  • Support the Head of IT Security by providing leadership and guidance to the cybersecurity team in managing day-to-day operations and responding to incidents.
  • Establish scoring and grading metrics to measure effectiveness of the SOC
  • Establish relationships between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies, vendors, public relations professionals)
  • Keep current with latest cyber security developments, threat intel, attack methods, emerging tools/technologies/strategies, and disseminate across IT
  • Lead special projects as assigned
  • Oversee SIEM use case development and alert tuning in partnership with the managed SOC/MDR provider; identify automation opportunities and work to eliminate false positive noise and detection gaps.
  • Lead proactive threat hunting activities, either directly or through coordination with the MDR partner, to identify threats that evade automated detection; document findings and translate results into new detection logic.
  • Develop, schedule, and facilitate cybersecurity tabletop exercises and simulations for SOC staff, IT leadership, legal, and relevant business stakeholders; track findings and drive remediation of identified process gaps.
  • Define, track, and report on SOC key performance indicators (KPIs) and security metrics dashboards for IT leadership and executive audiences, including mean time to detect (MTTD), mean time to respond (MTTR), and vulnerability remediation SLA compliance.
  • Oversee application security coordination responsibilities within the vulnerability management program: track findings from DAST/SAST scans and penetration tests, partner with development and IT teams to prioritize and remediate application-layer vulnerabilities.

Licenses/ Certifications

  • CISSP, GCIH or GCFA certification
  • Preferred for oil and gas sector: GICSP (Global Industrial Cyber Security Professional) or ICS/OT security certification (e.g., CSSA, ISA/IEC 62443 certificate)

Qualifications/Requirements

  • Bachelor's degree in cyber security, Computer Science, or a related Information Technology field
  • Minimum 15 years' experience in cyber security with 2 years' experience in working in a Security Operations Center (SOC)
  • Hands-on experience investigating (potential) security incidents including analyzing high volumes of logs, network data and other attack artifacts
  • Hands-on experience documenting Incident Response plans, playbooks and SOPs in line with security best practice standards such as NIST, SANS, etc.
  • Knowledge of incident categories, incident responses, and timelines for responses
  • Knowledge of security best practice standards such as NIST CSF, NIST 800-53, ISO 27001, etc.
  • Familiarity with a standardized incident response framework (SANS/NIST)
  • Knowledge of different classes of attacks (e.g., passive, active, insider, distribution attacks)
  • Knowledge of cyberattack vectors and stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, etc.)
  • Knowledge of penetration testing principles, tools, and techniques
  • Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection)
  • Knowledge of Cyber Kill Chain methodology, and/or MITRE ATT&CK framework
  • Able to manage multiple projects and initiatives concurrently
  • Ability to work independently and with others
  • Highly organized with strong time-management skills
  • Basic awareness of operational technology (OT) / industrial control system (ICS) security concepts, including the difference between IT and OT threat models and the applicability of standards such as NIST 800-82 or ISA/IEC 62443

The individual is required to follow all applicable safety precautions. Work is performed almost entirely in a controlled (i.e., inside) environment and does not typically subject the incumbent to any hazardous/extreme elements; some positions may require regularly moving or transporting items weighing up to 25 lbs. around the office for various needs. The successful candidate must be able to complete all essential physical requirements of the job with or without reasonable accommodation.

Desired/Preferred Qualifications

  • Minimum 2 years' experience working in a managed SOC environment
  • Experience leading a SOC (with both onshore and offshore resources)
  • Hands-on cyber incident response experience including prior experience responding to large scale incidents such as a Ransomware attack, supply chain attack, or data breach
  • Experience with industry leading SIEM platforms such as Google Chronicle SIEM, Azure Sentinel
  • Strong experience with Microsoft 365 Defender suite (Defender for Identity, O365, Endpoints, Cloud App Security, Conditional Access), Azure Defender suite (Defender for Cloud, Servers, App Service, Storage, SQL, Kubernetes, Resource Manager, IoT, Key Vault), Microsoft Purview Compliance Manager, and Intune
  • Experience deploying Security Orchestration, Automation and Response (SOAR) Solutions
  • Experience in writing scripts (e.g., PowerShell, PERL, Python, KQL, VBS) to perform tasks like parsing large data files, automating manual tasks, and fetching/processing data
  • Experience working within Oil/Gas industry
  • Knowledge of network security implementations (e.g., host-based IDS, IPS, access control lists), including their function and placement in a network
  • Knowledge of system administration, network, and operating system hardening techniques
  • Experience with proactive threat hunting methodologies and tools (e.g., hypothesis-driven hunting using MITRE ATT&CK, behavioral analytics, or TIP platforms); ability to translate threat intelligence into actionable hunting campaigns
  • Hands-on experience with detection engineering: writing and tuning SIEM detection rules, developing SOAR playbooks, and reducing alert fatigue through use case optimization
  • Experience with OT/ICS cybersecurity environments in oil and gas, energy, or critical infrastructure; familiarity with Purdue Model, OT network segmentation, or SCADA security concepts is a plus
  • Experience defining and reporting on SOC performance metrics (MTTD, MTTR, SLA adherence, false positive rate) to IT leadership and executive stakeholders

#LI-Hybrid

PURPOSE

We believe in providing energy that empowers people.

MISSION

We challenge the norm, tap into our strong legacy and use our foresight and financial discipline to deliver inspired energy solutions.

VISION

We see a future where we are an industry leader who is positively impacting lives for the next 100 years and beyond.

VALUES & BEHAVIORS

Do Right Always

  • Respect people, safety, environment and the law
  • Follow through on commitments
  • Make it better

Think Beyond Possible

  • Offer solution
  • Step up and lead
  • Don't settle for "good enough"
  • Embrace new opportunities

Stay With It

  • Show resilience
  • Lean into challenges
  • Support each other
  • Consider the implications

_____

Murphy Oil Corporation participates in the Department of Homeland Security U.S. Citizenship and Immigration Services'' E-Verify program. Please read the E-Verify Notice-English / E-Verify Notice-Spanish and Right to Work Notice before proceeding with your job application.

For additional information, you may also visit the USCIS website.

Murphy Oil Corporation is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, genetic information, disability, and status as a protected veteran, or any other category protected by federal, state or local laws.

EEO is the Law Poster

EEO is the Law Supplement

About the Company

M

Murphy Oil Corp