Share this Job
Apply now »
Apply now

Apply for Job

Company Name: MarkWest Energy Partners, L.P.  
Location Name: DenverCO
Location Address: 1515 Araphaoe St Twr1 Ste 1600, Denver, CO, United States (US), 80202
Education Level: Master's Desired 
Relevant Experience Level: Mid Career (4-10 Years) 
Employee Group: Regular - Full Time
Employee Subgroup: Salaried Exempt


The Enterprise Security Architect plays an integral role in defining and assessing the MarkWest security strategy, architecture and practices. This role will span traditional IT and Operational Technologies (OT). The Enterprise Security Architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.


The role of the Enterprise Security Architect demands business insight, technical acuity and the ability to think and communicate (verbal and written) focusing on different audiences throughout the organization (technical and non-technical). This individual must possess both project supervision skills and in-depth technical ability to architect, engineer and operate security processes, solutions and tools.


This is an expert/hands-on role that requires the ability to work in an enterprise environment, where system availability is critical, and the ability to interact across IT, operations and business owners to define security requirements. This role is required to keep up to date on security policy, standards and procedures and to ensure they are consistently followed.




  • Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers, both within traditional IT and Operational Technologies
  • Develop security strategy plans and roadmaps based on sound enterprise architecture practices
  • Develop and maintain security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
  • Participate in Security Incident Response and escalated troubleshooting events
  • Ability to get “hands-on” with the organizations’ security tools, when needed
  • Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts
  • Participate in application, infrastructure and OT projects to provide security-planning advice
  • Determine baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, and identity and access management (IAM)
  • Help develop the organization’s data classification criteria
  • Develop standards and practices for data encryption and tokenization in the organization, based on the organization's data classification criteria
  • Conduct or facilitate threat modeling of services and applications that tie to the risk and data associated with the service or application
  • Ensure a complete, accurate and valid inventory of all systems, infrastructure and applications that should be logged by the security information and event management (SIEM) or log management tool
  • Establish a taxonomy of indicators of compromise (IOCs) and share this detail with other security colleagues, including the security operations center (SOC), information security engineers and analysts, as well as other counterparts within IT
  • Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
  • Validate security configurations and access to security infrastructure tools, including firewalls, IPSs, WAFs and anti-malware/endpoint protection systems
  • Review network segmentation to ensure least privilege for network access
  • Liaise with the Information Security Compliance and Internal Audit teams to review and evaluate the design and operational effectiveness of security-related controls
  • Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics
  • Coordinate with operational and facility management teams to assess the security of operational technology (OT) and Internet of Things (IoT) systems








  • Education: BS in Computer Science, Information Systems or equivalent required. Masters in Business, Computer Science or Information Security preferred.
  • Professional Certifications: CISSP, CISSP-ISSAP, SANS GSE, SANS GSC, CISM,  or other certification at the discression of the hiring manager is required
  • At least 10 years of experience architecting enterprise security solutions. At least 3 years experience architecting security solutions in the Operational Technology space.
  • At least 7 years of experience with security incident response, including resolving and documenting complex security issues including root cause analysis, prevention and workarounds
  • Experience in using architecture methodologies such as SABSA, Zachman and/or TOGAF
  • Direct, hands-on experience or strong working knowledge of managing security infrastructure — e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology
  • Direct, hands-on experience or a strong working knowledge of vulnerability management tools
  • Direct working knowledge of operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS)
  • Direct understanding of IT and OT network communication routing and routed protocols (For example: TCP/IP, UDP, OSPF, BGP, EIGRP, DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.)
  • Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
  • Full-stack knowledge of IT infrastructure:
    • Applications
    • Databases
    • Operating systems — Windows, Unix and Linux
    • Hypervisors
    • IP networks — WAN and LAN
    • Storage networks — Fibre Channel, iSCSI and NAS
    • Backup networks and media
  • Direct experience designing IAM technologies and services:
    • Active Directory
    • Lightweight Directory Access Protocol (LDAP)
    • SAML
  • Strong working knowledge of IT Service Management (e.g., ITIL-related disciplines):
    • Change management
    • Configuration management
    • Asset management
    • Incident management
    • Problem management
  • Knowledge and understanding of relevant legal and regulatory requirements, such as SOX, Department of Homeland Security (DHS), PHMSA and API
  • Knowledge of common information security supervision frameworks, such as the 20 Critical Controls, ITIL, API, PHMSA and those from NIST
  • Experience in the Oil and Natural Gas industry highly preferred


About Marathon Petroleum Corporation

Headquartered in Findlay, Ohio, Marathon Petroleum Corporation (MPC) operates an integrated refining, marketing and transportation system.


MPC is the nation's third-largest refiner, with a crude oil refining capacity of approximately 1.8 million barrels per calendar day in its seven-refinery system. Marathon brand gasoline is sold through approximately 5,500 independently owned retail outlets across 19 states. In addition, Speedway LLC, an MPC subsidiary, owns and operates the nation's second-largest convenience store chain, with approximately 2,730 convenience stores in 21 states.


Through subsidiaries, MPC owns the general partner of MPLX LP, a midstream master limited partnership. MarkWest Energy Partners, L.P., a wholly owned subsidiary of MPLX LP, is one of the largest processors of natural gas in the U.S. MPC owns, leases or has ownership interests in approximately 10,800 miles of crude and light product pipelines and more than 5,600 miles of gas gathering and natural gas liquids (NGL) pipelines.


MPC's fully integrated system provides operational flexibility to move crude oil, NGLs, feedstocks and petroleum-related products efficiently through the company's distribution network and midstream service businesses in the Midwest, Northeast, East Coast, Southeast and Gulf Coast regions.


Job Function: MarkWest
Travel Expected: None


If you have visited our site in search of information on U.S. employment opportunities and require an accommodation to submit your application, please contact the MPC EEO/Compliance Office at 866-492-7802. Note that we only accept resumes and applications for posted positions.

Marathon Petroleum Company LP (“MPC”) is an equal employment opportunity employer.  All applicants will be considered without regard to their race, color, religion, sex, age, disability, national origin, sexual orientation, genetic information, gender identity, veteran status or other legally protected status.

Nearest Major Market: Denver

Job Segment: Developer, Information Systems, Computer Science, Risk Management, Unix, Technology, Finance

Apply now »
Apply now

Apply for Job

Find similar jobs: