Shell Manager - Cyber Monitoring - Houston, TX in Houston, Texas

Auto req ID 58487BR

Job Title Manager - Cyber Monitoring - Houston, TX

Country of Work Location United States

City, State (if applicable) Houston, TX

Work Location Houston

Company Description Shell is a global group of energy and petrochemicals companies with over 90,000 employees in more than 70 countries and territories. In the US, we have operated for over a century and are a major oil and gas producer onshore and in the Gulf of Mexico, a recognized innovator in exploration and production technology, and a leading manufacturer and marketer of fuels, natural gas and petrochemicals. We deliver energy responsibly; operate safely with respect to our neighbours and work to minimize our environmental impact. We are in search of remarkable people who will thrive in a diverse and inclusive work environment to deliver exciting projects locally and globally. People who are passionate about exploring new frontiers. Innovators and pioneers. People with the drive to help shape our future. Because remarkable people achieve remarkable things.

Job Description

"As businesses leverage digitalization opportunities, their cyber-attack surface structurally increases, which can lead to business disruptions, data breaches and brand damage. High profile industry incidents show that these risks are real, and this has turned cyber resilience into a topic for Boards.”

As part of the Information Risk Management (IRM) function in Shell, the CyberDefence capability has specific focus on identifying cyber threats, discovery of IT vulnerabilities, monitoring for cyber intrusions and response to security incidents.". Shell Cyberdefence is responsible for defending Shell against advanced Cyber attacks through monitoring for advanced Cyber threats, discovery of vulnerabilities and investigating global Cyber incidents. This organization is part of the Shell ITSO Information Risk Management (IRM) function.

The Monitoring Lead supports Cyberdefence by lead the Detect capability of the Shell’s Cyberdefence department. Being based in the Americas region, this role includes being a local leader for the Americas Cyberdefence staff.

As part of the CyberDefence team, the global Monitoring team has the following main area of focus:

  • To monitor real-time for cyber intrusions based on indicators of compromise or anomalies from normal behaviour and raise security incidents where necessary.

As the lead of this global Monitoring team you are responsible:

  • To lead a global team of CyberDefence Monitoring analysts.

  • Staff development, hiring new staff.

  • To develop and maintain the necessary CyberDefence skills within the team, to continuously improve Shell's Monitoring processes and to plan and develop the necessary technology.

  • To ensure that incidents are raised in a near 24/7 mode where necessary based on "telemetry" data available from IT landscapes or other sources such as the helpdesk.

  • Responsible for enhancement of operational procedures, development of standard operating procedures, and maintenance of documentation

  • Having excellent communication skills, strong organizational skills, and utilization of key performance indicators to support operational excellence

  • Responsible for driving collaboration between multiple stakeholders to provide the best solutions; achieving customer satisfaction and success by focusing on team development, delivery management, and relationship building with customers and partners

  • Support architectural design of, and coordinates the implementation of, security solutions to integrate into the existing IT environment; establish requirements and make recommendations on the appropriate infrastructure protection tools, methods, and technologies

  • Produce Security Operations Daily and Monthly reports for management project statuses and risks/issues.

Real-time Monitoring

  • Ensure continuous monitoring of the Shell IT landscape for cyber breaches, performing triage and analysis of events.

  • Ensure a proper balance between raising suspicious behaviours and raising too many false positives.

  • Together with the Incident Lead and Threat and Analytics Lead create a feedback loop to enhance the monitoring technology.

  • Ensure proper handover takes place between Asia-Pac, Europe and US regions to create a near 24/7 coverage of monitoring.

  • Together with the Incident Lead ensure end to end management of cyber security related incident functions, which include security monitoring, identification, analysis, mitigation and post-incident activity.

  • Lead the team of monitoring analysts, develop and maintain the skills of analysts, provide training, and bring in new talent.

  • Together with Analytics Engineering develop and optimize the technology that is supporting monitoring for information security incidents.

  • Build and manage the relationship with other monitoring teams within our main IT suppliers

  • Continuously improve the security monitoring process.

  • Steer projects in the CyberDefence space that is related to monitoring.

Community Liaison

  • Liaison with the other teams in IRM to drive process improvements.

  • Liaise with IT Operations on situations involving IRM control violations

  • Liaisons with external bodies (FIRST, local CSIRT teams, support CERTs to share information and learnings).


  • Must have legal authorization to work in the US on a full-time basis for anyone other than current employer.

  • Bachelor's degree.

  • Minimum ten (10) years of IT Security related experience, and a minimum of three (3) years in relevant leadership role (e.g. SOC Lead).

  • Proven experience analyzing events/ data feeds for Event Detection, Correlation from monitoring solutions, triage and classify the output using automated systems for further investigation.

  • Proven experience recommending changes to monitoring policies, filters and rules to improve event analysis.

  • Proven experience troubleshooting issues involving SOC operational tools; liaise with SIEM Engineer.

  • Demonstrable experience performing incident response and IT forensic investigations.

  • Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts.

  • Incident Management and IT forensics experience, with the ability to communicate effectively at all levels of the organization.

  • Experience in IT investigations and forensic processes.

  • Minimum seven (7) years’ experience in Information Security areas such as Risk management, Security Operations, Incident Response, penetration testing

  • Proven ability to lead teams on large scale investigations.

  • Sound understanding of IT infrastructure and management processes.

  • Demonstrated evidence of Enterprise First values and behaviours.

  • Has at least one relevant certifications such as, CISSP, SANS and preferably:

  • GCIH: GIAC Certified Incident Handler

  • GCIA: GIAC Certified Intrusion Analyst

  • GCFA: GIAC Certified Forensic Analyst

  • GREM: GIAC Reverse Engineering Malware

  • Offensive Security Certified Professional – OSCP Certification

  • Offensive Security Wireless Professional – OSWP Certification

  • Offensive Security Certified Expert – OSCE Certification

  • Offensive Security Exploitation Expert – OSEE Certification

  • Offensive Security Web Expert – OSWE Certification

No. of Positions 1


Please note: We occasionally amend or withdraw Shell jobs and reserve the right to do so at any time, including prior to the advertised closing date.

Before applying, you are advised to read our data protection policy. This policy describes the processing that may be associated with your personal data and informs you that your personal data may be transferred to Royal Dutch/Shell Group companies around the world.

The Shell Group and its approved recruitment consultants will never ask you for a fee to process or consider your application for a career with Shell. Anyone who demands such a fee is not an authorised Shell representative and you are strongly advised to refuse any such demand.

Shell/Motiva participates in E-Verify.

All qualified applicants will receive consideration for employment without regard to race, color, sex, national origin, age, religion, disability, sexual orientation, gender identity, protected veteran status, citizenship, genetic information or other protected status under federal, state or local laws.

Shell is an Equal Opportunity Employer - Minorities/Females/Veterans/Disability.

Removal Date 27-Sep-2017