Cloud Security Ops Analyst

About ConocoPhillips ConocoPhillips is one of the world’s largest independent exploration and production companies, based on proved reserves and production of liquids and natural gas. We operate in 13 countries and are guided by our SPIRIT values: safety, people, integrity, responsibility, innovation, and teamwork. Job Summary The Cloud Security Ops Analyst is responsible for the design, implementation, and maintenance of security policies for cloud-based platforms and services, and for supporting and enhancing the cloud security policy platform. This role ensures that cloud environments comply with regulatory requirements, industry standards, and best practices for information security. The analyst collaborates with cross‑functional teams (IT Security, Cloud Architecture, Cloud Engineering, and Release Engineering) to identify risks, develop mitigation strategies, and enable secure cloud adoption across the organization, while also managing and optimizing the policy platform to facilitate seamless policy deployment and enforcement. Delivering a secure, agile cloud computing environment is foundational for our Digital Strategy and central to achieving the modernization of our Digital Foundation. Responsibilities Design automated security and compliance controls in collaboration with Cloud Architecture, Engineering, Security Engineering, and IT Security. Review new incoming cloud services for shift‑left and guard‑right security controls to be implemented. Periodically review existing cloud services to adjust, create, or retire controls. Monitor, report, and assign actions to responsible teams as outcomes of cloud security scans from Wiz, Azure Security Center, Amazon GuardDuty, Cloud Custodian, etc. Troubleshoot, diagnose, and fix issues with existing security controls in conjunction with respective teams. Stay current on security issues impacting cloud services, assess impact to customers of existing services, and identify use cases for new security solutions. Manage the review of identified security exceptions/deviations in conjunction with Cloud Architecture. Provide guidance and training to staff on cloud security best practices and policy adherence. Enable the advancement of the cloud vision and strategy for ConocoPhillips. Key Relationships Digital Hosting Teams, including Engineering & Automation, Architecture & Security. IT Security Team, including Security Architecture, Security Operations, IT Governance. Business & Technical Capability Teams, including Release Engineering, Capability Owners, Product Managers and Product Owners. Success Profile Drives Performance: Delivers positive results through realistic planning to accomplish goals. Partners Collaboratively: Builds positive relationships based on trust and seeks collaboration across organizational boundaries to achieve goals. Leads Change: Drives thoughtful and pragmatic change, inspires innovative thinking and continuous improvement, and models adaptability through resourcefulness, flexibility, and positivity. Takes Accountability: Takes ownership of actions and follows through on commitments by holding others accountable and standing up for what is right. Required Qualifications Legally authorized to work in the United States. 3 or more years of Information Technology experience. 1 or more years of experience with major cloud providers, either Azure or AWS. 1 or more years of experience with IT security controls, their design, implementation, or operation. Willing and able (with or without reasonable accommodation) to work in a distributed/remote team environment where members may be in different physical locations and time zones. Preferred Qualifications Bachelor’s degree or higher in Information Security, Computer Science, Information Technology, Management Information Systems, or a related technical field. Relevant certifications (e.g., CCSP, CISSP, AWS Certified Security Specialty) are highly desirable. Experience in securing IT systems in cloud-based architectures and corporate environments. Experience implementing CI/CD and automation. Understanding of IT development practices and languages. Familiarity with regulatory frameworks (e.g., GDPR, HIPAA, PCI DSS) and cloud security standards (e.g., NIST, ISO/IEC 27017). Hands‑on experience supporting or administering a cloud security policy platform. Experience with cloud security tools (Wiz, etc.), monitoring solutions, risk assessment methodologies, and cloud security policy platforms. Ability to analyze complex technical concepts and translate them into effective policies and procedures. Experience with audits against security controls. Good analytical skills and problem‑solving ability. Very good communication, listening, and teaching skills. Ability to work with limited direction. Project management experience in cloud security initiatives. Benefits Overview Medical, dental, vision, mental health support, and wellness programs. Competitive base pay, annual performance bonuses, and retirement savings plans. Paid time off, paid parental leave, and family support resources. Access to training, mentoring, and internal career mobility tools. Peer‑nominated awards, inclusive culture, and employee resource groups. EEO Statement In the US, ConocoPhillips is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, veteran status, gender identity or expression, genetic information, or any other legally protected status. #J-18808-Ljbffr