IT Security Engineer

About Us Join us at WinCo Foods, where we're more than just a grocery retailer - we're a growing family of over 140 supermarkets in 10 states with over 22,000 employee owners. Our purpose is to make the lives of our customers and employee owners better by offering the lowest possible prices to feed their families. Currently, WinCo is the second largest Employee-Owned company in the United States. With more than 500 millionaire employee-owners in our Employee Stock Ownership Plan (ESOP). Our benefits, including top-tier medical plans and tuition support set us apart. In your role, you'll be instrumental in making a real impact in the communities we serve, embodying our purpose every day. Overview Job Summary Design, implement and support information security solutions for WinCo Food’s technology environment. Actively monitor current threats and counter-measures, recommend and implement improvements to security architecture and security technology. Ensure ongoing regulatory compliance and the protection of WinCo Food’s payment systems, computer systems, network devices and sensitive data. Collaborate with cross-functional teams to cultivate WinCo Food’s security culture. Consistently provide friendly and engaging customer service to internal and external customers. Perform related work. Typical Duties and Responsibilities Maintain an atmosphere of friendly, enthusiastic customer service with an emphasis on taking care of the customer. Provide exceptional customer service by telephone, email, and in person. Work with other Information Technology (IT) teams to ensure logical and physical security of all systems and data. Identify security gaps or weaknesses, and recommend solutions to reduce risk to the company. Lead initiatives to implement new security solutions. Identify vendors, evaluate tools and implement the solution(s). Establish vulnerability-scanning procedures and work with the necessary teams to prioritize and install patches and security fixes based upon risk and impact. Act as the subject matter expert for IT Security on company technology projects lead by other teams. Develop security protection goals, objectives and metrics consistent with enterprise best practices. Produce periodic reports on security metrics and incidents. Perform log and event analysis of systems and security technologies to identify anomalies and suspicious activity. Develop monitoring and alerting for security technologies including IDS/IPS, firewall, vulnerability scanning, security logging and event management. Respond to security incidents and coordinate response, containment, forensics and mitigation. Conduct information security investigations and threat assessments. Perform maintenance, configuration and support of IDS/IPS, firewall, web proxy, vulnerability scanning, SIEM, and other security technologies. Promote security awareness across the organization through end-user training, knowledge transfer, and documentation of threats and vulnerabilities. Actively research and communicate current threats and attack vectors to IT management. Develop, document and update IT security procedures and policies. Perform on‑call support for security events. Perform other projects and duties as needed and assigned. Requirements Education: Associates degree in IT, Computer Science, or related field AND five (5) years of IT Security or Engineering experience OR equivalent combination (seven (7) years) of education, training, and/or experience demonstrating considerable knowledge of IT security. Experience: At least five (5) years direct experience working in an enterprise technology environment in a security or engineering role. Demonstrating technical working knowledge of design considerations for Firewall, LAN, WAN, WLAN, VPN, Windows Server, Active Directory, DMZs, Certificate (PKI) Infrastructure, Unix/Linux, Virtual Infrastructure, and network protocols. Implementing and managing enterprise security solutions such as antivirus, encryption methodologies, IPS/IDS, Web Content Filtering, Identity and Access Management, email security, and monitoring and alerting. Demonstrating familiarity with security tools used for penetration testing, vulnerability scanning and forensics. Implementing security best practices related to networks, servers, end‑user devices and sensitive information. Hands‑on with log aggregation or SIEM technologies including implementation and support. Understanding of cyber security concepts, principles and industry‑recognized security frameworks such as ISO 27002, NIST, CIS CSC, etc. Hands‑on hardware and software troubleshooting. Demonstrating knowledge of applicable data privacy practices and laws. Exhibiting excellent customer service skills, working well with others and demonstrating professionalism and courtesy in all customer interactions. Working in a team‑oriented, collaborative environment. Ability to: Consistently provide friendly and engaging customer service to internal and external customers. Demonstrate strong organizational skills, initiative and self‑direction to effectively manage time and perform tasks to meet timelines and work quality expectations. Effectively prioritize and execute tasks in a high‑pressure environment. Continually assess WinCo’s security posture, and design and implement solutions for gaps. Learn and apply new/emerging technologies and best practices. Conduct research into IT security issues, products and solutions. Demonstrate strong analytical and problem‑solving abilities while always maintaining attention to detail. Exhibit strong written and oral communication skills. Be highly motivated with a passion for IT Security. Communicate complex, technical, information and ideas to all levels of audiences. Demonstrate excellent interpersonal skills. Be on call to respond to security incidents, including evenings, weekends and holidays as required. Travel up to 10% of the time. Machines and Equipment Operated: Office machines (computer terminal, copier/scanner, fax machine, telephone etc.). Preferred Education, Experience and/or Credentials: Five (5) years direct experience working with enterprise security tools, including at least 3 years of implementing and managing enterprise security tools. Experience with open‑source operating systems and security related tools. One or more industry recognized security certification, such as CISSP, GIAC, Security+, etc. One or more industry recognized technology certification, such as MSCE, CCNA, CCNP, etc. Working knowledge of PCI DSS compliance framework. The above statements are intended to describe the general nature of work performed by the employees assigned to this job. All employees must comply with Company policies and applicable laws. The responsibilities, duties and qualifications required of personnel may vary. EEO/Inclusivity As the WinCo Foods community continues to grow, our variety of perspectives and wide range of experiences are essential to our strategy and success. We are committed cultivating and celebrating an inclusive environment in which all employees are valued and respected. #J-18808-Ljbffr