Analyst, Cybersecurity Threats & Risks

Description

Enterprise Products Partners L.P. is one of the largest publicly traded partnerships and a leading North American provider of midstream energy services to producers and consumers of natural gas, NGLs, crude oil, refined products and petrochemicals. Our services include: natural gas gathering, treating, processing, transportation and storage; NGL transportation, fractionation, storage and import and export terminals; crude oil gathering, transportation, storage and terminals; petrochemical and refined products transportation, storage and terminals; and a marine transportation business that operates primarily on the United States inland and Intracoastal Waterway systems. The partnership's assets include approximately 50,000 miles of pipelines; 260 million barrels of storage capacity for NGLs, crude oil, refined products and petrochemicals; and 14 billion cubic feet of natural gas storage capacity.


Implement and support leading technologies as a member of Enterprise Products' IT team. Gain valuable experience with exposure to challenging and dynamic projects in all aspects of our business. Join our highly experienced network of professionals and connect with our creative team.

The Cybersecurity Threats & Risk Analyst will work within the IT Security & Compliance organization to identify, analyze, and help mitigate cybersecurity risks and threats affecting the organization's systems, data, and operations. The ideal candidate will be responsible for assessing cyber risk and monitoring threat actor activity by analyzing security events, vulnerability data, threat intelligence, and security control effectiveness across infrastructure, applications, cloud, endpoint, and data environments. This person will work closely with cyber engineering, cyber architecture, cyber operations, and risk management teams to support detection, investigation, and response efforts, while contributing to a broader understanding of the organization's risk posture and threat landscape. They will also collaborate with IT and business teams to support remediation efforts, improve security visibility, and strengthen day-to-day security operations.


Other responsibilities include, but are not limited to:

• Participate in cyber risk and threat analysis activities, including risk assessments, threat monitoring, threat modeling, vulnerability analysis, and evaluation of security control effectiveness.
• Analyze security alerts, threat intelligence, vulnerability data, and logs to identify potential threats, control gaps, and emerging risks.
• Document risk findings, threat activity, investigation results, and remediation recommendations in accordance with established risk management standards.
• Support threat investigations and incident response efforts through analysis, evidence collection, and impact assessment.
• Conduct and support vulnerability and threat assessments, including tracking risks and validating remediation efforts.
• Assist with third-party and vendor risk assessments by reviewing documentation and identifying potential risk exposures.
• Develop and document assessment procedures, test cases, and validation steps used to evaluate security controls.
• Support the validation and maintenance of security and risk tools (e.g., SIEM, vulnerability scanners, threat intelligence, GRC tools).
• Identify opportunities to improve threat visibility, risk detection, and analytical workflows.
• Perform root cause analysis for security incidents, control failures, or recurring threat patterns.
• Adhere to change management, incident handling, and security governance policies.
• Monitor environments during significant changes or maintenance activities for potential risk or threat impact.
• Prepare risk and threat summaries for review by senior analysts, managers, and cross-functional teams.
• Collaborate closely with cyber engineering, architecture, and operations teams to support remediation and control improvements.

Qualifications

The successful candidate will meet the following qualifications:

• A college or technical school degree is preferred.
• Experience working in enterprise IT or security environments with diverse technologies and integrations.
• Foundational knowledge and experience in cyber risk and threat analysis concepts, threat detection and vulnerability assessments, as well as common security controls across infrastructure, applications, cloud, endpoint, and data environments.
• Working knowledge of security tools and platforms such as SIEM, vulnerability scanners, threat intelligence platforms, or GRC tools.
• Understanding of common threat frameworks and methodologies (e.g., NIST, MITRE ATT&CK).
• 2-5 years of applicable professional experience that substantially includes the following:
• Cyber threat analysis, vulnerability assessment, or security operations support.
• Reviewing and analyzing security alerts, logs, and threat intelligence.
• Documenting risk findings, investigations, and remediation recommendations.
• Experience supporting incident response, investigations, or post-incident analysis is preferred.
• Experience assisting with third-party or vendor risk assessments is preferred.
• Strong analytical and problem-solving skills, with attention to detail and the ability to identify patterns and anomalies.
• Ability to clearly document findings and communicate technical information to senior analysts and cross-functional partners.
• Self-motivated and able to work with limited supervision while following established procedures.
• Strong organization and time management skills, with the ability to manage multiple tasks and priorities.
• Willingness and ability to learn new tools, technologies, and threat techniques as the threat landscape evolves.
• Ability to work and contribute effectively in a team environment to support overall security and risk management objectives.
• Relevant cybersecurity certifications are preferred (e.g., Security+, CySA+, GSEC, GCIH, or similar).