ConocoPhillips Enterprise Security Architect in HOUSTON, Texas

Title: Enterprise Security Architect


Job Number: 00RO6

Our Company

ConocoPhillips is the world’s largest independent E&P company based on production and proved reserves. Headquartered in Houston, Texas, ConocoPhillips had operations and activities in 17 countries, $69 billion of total assets, and approximately 11,200 employees as of June 30, 2018. Production excluding Libya averaged 1,216 MBOED for the six months ended June 30, 2018, and proved reserves were 5.0 billion BOE as of Dec. 31, 2017.

Employees across the globe focus on fulfilling our core SPIRIT Values of safety, people, integrity, responsibility, innovation and teamwork. And we apply the characteristics that define leadership excellence in how we engage each other, collaborate with our teams, and drive the business.


The Enterprise Security Architect plays an integral role in defining and assessing the organization's security strategy, architecture and practices. The enterprise security architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.

Responsibilities may include:

  • Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers

  • Develop security strategy plans and roadmaps based on sound enterprise architecture practices

  • Develop and maintain security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations

  • Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts

  • Participate in application and infrastructure projects to provide security-planning advice

  • Provide input to security procedures and standards

  • Provide input to baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, and identity and access management (IAM)

  • Develop practices for data encryption and tokenization in the organization, based on the organization's data classification criteria

  • Ensure a complete, accurate and valid inventory of all systems, infrastructure and applications that should be logged by the security information and event management (SIEM) or log management tool

  • Coordinate with Development/DevOps teams to advocate secure coding practices, and to escalate concerns related to poor coding practices to the CISO

  • Coordinate with the privacy officer or office to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization)

  • Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable

  • Validate security configurations and access to security infrastructure tools, including firewalls, IPSs, WAFs and anti-malware/endpoint protection systems

  • Review network segmentation to ensure least privilege for network access

  • Liaise with the Supply Chain team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data:

  • Software as a service (SaaS) providers

  • Cloud/infrastructure as a service (IaaS) providers

  • Managed service providers (MSPs)

  • Payroll providers

  • Evaluate the statements of work (SOWs) for these providers to ensure that adequate security protections are in place. Assess the providers' SSAE 16 SOC 1 and SOC 2 audit reports (or alternative sources) for security-related deficiencies and required "user controls" and report any findings to the CISO and vendor management teams

  • Liaise with the internal audit (IA) team to review and evaluate the design and operational effectiveness of security-related controls

  • Support the testing and validation of internal security controls, as directed by the CISO or the internal audit team

  • Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics

  • Coordinate with operational and facility management teams to assess the security of operational technology (OT) and Internet of Things (IoT) systems

  • Liaise with other architects, security architects and security practitioners to share best practices and insights

  • Liaise with the business continuity management (BCM) team to validate security practices for BCM testing and operations when a failover occurs



  • Legally authorized to work in the United States

  • Bachelor's degree in Computer Science, Information Technology, MIS or other related technical discipline

  • 10 years of IT experience

  • 5 years of IT security experience


  • Intermediate proficiency using architecture methodologies such as SABSA, Zachman and/or TOGAF

  • Direct, hands-on, security experience, including:

  • Managing security infrastructure — e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology

  • Reviewing application code for security vulnerabilities

  • Threat modeling methodologies, with a preferred emphasis on new applications and services.

  • Vulnerability management tools

  • Documented experience and a strong working knowledge of:

  • Designing the deployment of applications and infrastructure into public cloud services.

  • Complete IT infrastructure, including:

  • Applications

  • Databases

  • Operating systems — Windows, Unix and Linux

  • Hypervisors

  • IP networks — WAN and LAN

  • Storage networks — Fibre Channel, iSCSI and NAS

  • Backup networks and media

  • Direct experience designing IAM technologies and services:

  • Active Directory

  • Lightweight Directory Access Protocol (LDAP)

  • Amazon Web Service (AWS) IAM

  • IT service management (e.g., ITIL-related disciplines):

  • Change management

  • Configuration management

  • Asset management

  • Incident management

  • Problem management

  • Takes ownership of actions and follows through on commitments by courageously dealing with important problems, holding others accountable, and standing up for what is right

  • Delivers results through realistic planning to accomplish goals

  • Generates effective solutions based on available information and makes timely decisions that are safe and ethical

To be considered for this position you must complete the entire application process, which includes answering all prescreening questions and providing your eSignature on or before the requisition closing date of December 27, 2018 .

Candidates for this U.S. position must be a U.S. citizen or national, or an alien admitted as permanent resident, refugee, asylee or temporary resident under 8 U.S.C. 1160(a) or 1255(a) (1). Individuals with temporary visas such as A, B, C, D, E, F, G, H, I, J, L, M, NATO, O, P, Q, R or TN or who need sponsorship for work authorization in the United States now or in the future, are not eligible for hire.

ConocoPhillips is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, veteran status, gender identity or expression, genetic information or any other legally protected status.

Job Function: Information Management-Information Technology

Job Level: Individual Contributor/Staff Level


Title: Enterprise Security Architect