Share this Job

Location Name: Findlay, OH or San Antonio, TX
Job/Requisition ID: 62689
Education Level: Bachelor's Desired 
Relevant Experience Level: Mid Career (4-10 Years) 
Employee Group: Regular - Full Time
Employee Subgroup: Salaried Exempt



The Senior Cybersecurity Threat Analyst (Threat Analyst) is a highly critical role tasked with analyzing threat intelligence and managing threat modeling and threat hunting exercises. The threat analyst is responsible for leading and conducting research associated with techniques, tactics and procedures related to threat actor groups and campaign activity.  A thorough understanding of the current threat landscape and emerging threats is necessary. The Threat Analyst will join the Threat and Vulnerability Management team and will work closely with the cybersecurity operations center (CSOC) and other cybersecurity domains.  The threat analyst is responsible for operating a formal threat program including intelligence processing and analysis, threat modeling and scoping threat hunting exercises.



  • Collects and aggregates raw threat intelligence from internal and external sources, including outputs from threat modeling exercises, data from detection technology, and results from threat hunting campaigns.
  • Conducts threat modeling exercises by leveraging threat intelligence with knowledge of known vulnerabilities and business risk to understand how specific threats affect the company.
  • Regularly produces and disseminates actionable intelligence briefings to key stakeholders in various formats.
  • Perform threat analysis using common threat intelligence frameworks such as but not limited to the Cyber Kill Chain and MITRE ATT&CK Framework
  • Tracks industry specific adversaries and leverages the MITRE ATT&CK Framework to model their tactics, techniques and procedures.
  • Responsible for understanding the insider threat landscape and applying innovative solutions to mitigate insider threats.
  • Identify patterns, trends, and events in threat actor TTPs and campaigns and make recommendations to CSOC and Vulnerability Management teams for proactive threat mitigation.
  • Utilize threat intelligence platform(s) to understand adversary tools, techniques, procedures, threat actors and campaigns.
  • Support and execute initial research and discovery analysis to form threat hunt hypothesis and desired outcomes. 
  • Orchestrates threat hunts in coordination with the CSOC to prove hunt hypothesis and determine if existing detection tools capabilities were evaded.
  • Provide hands on intelligence support during Incident Response activities.



  • 4+ years’ combined experience in one or more of the following areas; cyber threat intelligence, incident response, security operations teams, or malware analysis.
  • Experience in performing threat research and analysis to collect intelligence on the threat landscape, using sources such as open-source security intelligence.
  • Experience in Cyber Threat Intelligence and experience conducting threat modeling and familiarity with the intelligence cycle.



  • Excellent written and verbal communication skills and experience working on remote teams.
  • Strong understanding of security operations: perimeter defense, forensics, incident response, kill chain analysis, risk assessment and security metrics.
  • Knowledge and ability to identify threat actor attack methods and track their developments.
  • Demonstrate knowledge of tactics, techniques and procedures associated with malicious Insider threat activity, i.e., fraud, theft, sabotage, espionage, etc.
  • Must be highly analytical, articulate, excellent communication and strong presentation skills with the ability to present threats/risks to non-technical audiences (in a business context).
  • Proven ability to effectively communicate findings and mitigation strategies to stakeholders and develop comprehensive and accurate reports and presentations for both technical and executive audiences.
  • Advanced knowledge of TCP/IP networking, and network services such as DNS, SMTP, DHCP, etc.
  • In-depth understanding of authentication protocols, applied cryptography, key management, PKI and SSL/TLS.
  • Teamwork and ability to promote a working environment that increases collaboration, predictability, transparency and promotes a culture of experimentation, innovation, and taking risks.
  • Understanding security fundamentals and common vulnerabilities such OWASP Top Ten and CIS Critical Security Controls.


About Marathon Petroleum Corporation


Marathon Petroleum Corporation is a leading, integrated, downstream energy company headquartered in Findlay, Ohio. The company operates the nation’s largest refining system with more than 3 million barrels per day of crude oil capacity across 16 refineries. Marathon Petroleum's marketing system includes branded locations across the United States, including Marathon branded outlets. Speedway LLC, a Marathon Petroleum subsidiary, owns and operates retail convenience stores across the United States. MPC also owns the general partner and majority limited partner interest in MPLX LP, a midstream company which owns and operates gathering, processing, and fractionation assets, as well as crude oil and light product transportation and logistics infrastructure.

Travel Expected: Up to 10%


Marathon Petroleum Company LP is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without discrimination on the basis of race, color, religion, creed, sex, gender (including pregnancy, childbirth, breastfeeding or related medical conditions), sexual orientation, gender identity, gender expression, age, mental or physical disability, medical condition or AIDS/HIV status, ancestry, national origin, genetic information, military, veteran status, marital status, citizenship  or any other status protected by applicable federal, state, or local laws.  If you would like more information about your EEO rights as an applicant, click here.

If you need a reasonable accommodation for any part of the application process at Marathon Petroleum LP, please contact our Human Resources Department at Please specify the reasonable accommodation you are requesting, along with the job posting number in which you may be interested. A Human Resources representative will review your request and contact you to discuss a reasonable accommodation.

Equal Opportunity Employer: Veteran / Disability

Marathon Petroleum Company LP participates in the E-Verify program in some states in which it operates (including AL, AZ, GA, MS, NC, SC, TN, and UT). For more information before proceeding, please see details in English or Spanish. Right to Work Statement English or Spanish.

To view benefit information for Marathon Petroleum Corporation please visit

Nearest Major Market: San Antonio

Job Segment: Cyber Security, Open Source, Security, Technology