Our Information Technology division consists of more than 200 professionals and continues to grow responsibly. The IT Information Security Department is looking to add an Information Security Engineer. The individual in this position will be responsible for supporting the day-to-day security operations, including a broad suite of information security technology and processes. They would be accountable for the availability and integrity of the Company’s monitoring and compliance with IT security policy and the investigation and reporting of security incidents. In addition, this individual will ensure applications, infrastructure and endpoint security components are designed and implemented to the highest standards.
Essential Duties and Responsibilities:
- Analyzes vulnerability scan results and prioritizes vulnerabilities; collaborates with IT partners to mitigate risks to an acceptable level.
- Implements systems for identifying security risks and breaches; implements risk mitigation measures; and collaborates with IT stakeholders on the topic of risk management.
- Analyzes security on applications and services hosted in the public cloud, discovering and addressing security issues and quickly reacting to new threat scenarios within a SecDevOps environment.
- Determines security tool requirements, selection, implementation, and SOP creation and maintenance in collaboration with IT Architecture.
- Implements security strategies that align with standards, procedures and IT strategy.
- Analyzes event anomalies including but not limited to, firewalls, proxy systems, logging, and other security devices; recommends and implements changes to secure Company information.
- Performs threat analytics, partners with external stakeholders, including but not limited to, security organizations, retail benchmarking groups and law enforcements; recommends preventive measures to mitigate data breaches.
- Determines security requirements; review existing and future systems to ensure design and implementation comply with established security standards including public cloud based host systems.
- Creates and maintains security standards and processes, including but not limited to, evolving environments, physical, virtual and hosted; in collaboration with Enterprise Architecture team.
- Identify high-risk architecture and systems; documents reoccurring processes required to maintain posture; analyzes and recommends system enhancements to mitigate risk in collaboration with stakeholders.
- Mentors, coaches and trains Information Security and IT Security Operations teams.
- Stays current on the latest industry technologies, trends and strategies.
- Completes work in a timely and accurate manner while providing appropriate customer service.
- Other duties as assigned.
- This position requires a minimum of 8 years progressively responsible information security experience.
- Corporate retail experience is preferred.
- Minimum of 5 years hands-on experience with security tools including, but not limited to, reverse proxies, intrusion prevention, malware detection, and vulnerability management is required.
- Proven expertise with any combination of the following is essential: secure coding, threat modeling, identity management and authentication, cryptography, penetration testing, authentication and security protocols, system administration and network security is necessary.
- An understanding of Web services and experience with multiple program languages (such as, JSON, Java, C++, Ruby, Python, Perl, etc.) is preferred.
- Expert knowledge of TCP/IP, common protocols and standards is necessary.
- Demonstrated experience analyzing large data sets and unstructured data for the purpose of identifying trends and anomalies indicative malicious activity as well as demonstrated capability to learn and develop new techniques is crucial.
- Proven ability to manage productive relationships with vendors and internal stakeholders is necessary.
- Ability to proactively educate stakeholders on security best practices is essential.
- Expert ability to communicate across all levels of the organization, present complex ideas concisely and clearly articulate technical ideas to a non-technical audience both verbally and in writing is necessary.
- Proficiency with Microsoft office, including skills with Word, Excel, PowerPoint and Visio is required.
- Ability to identify complex problems, review information to develop and evaluate options then recommend solutions is essential.
- Expert collaboration, influencing and negotiation skills are required.
- The ability to work efficiently and accurately under pressure, meet deadlines, present a professional demeanor and work well independently is essential.
- Troubleshooting and organizational skills with a can-do attitude and the ability to adjust to changing requirements are essential.
- Proven customer service skills including the ability to manage and respond to different customer situations while maintaining a positive and friendly attitude is essential.
- Maintaining confidentiality, treating others with respect and upholding Company values are key attributes.
This position requires a Bachelor’s Degree in Computer Science, Engineering, Criminal Law or other related field, or equivalent work experience. Security certifications such as GIAC, GSEC, GCED, or CISSP are required.