|Company||Grocery Outlet Inc.|
|Location||Emeryville, CA, USA|
|Preferred GIAC Certifications||GSEC,GCIH,GCCC|
|Contact Name||Corporate Recruiting|
Who we are:
Grocery Outlet (www.groceryoutlet.com) is the leading extreme value retailer in the United States, serving bargain seeking customers since 1946. The Grocery Outlet Bargain Market brand currently includes over 325 independently operated stores in California, Nevada, Oregon, Idaho, Washington and Pennsylvania. Recently publicly traded (NASDAQ:GO), Grocery Outlet generates annual revenues exceeding $2 Billion and employs almost 1000 people across the U.S. Headquartered in Emeryville, California, Grocery Outlet has been family operated for over 70 years and has a rich history of putting customers and employees first.
About the role:
Our Information Security Engineer will play a key role in helping establish our security team at Grocery Outlet by focusing on enhancing the security posture of our corporate infrastructure and the organization. We are looking for an individual who can balance technical and business risk to meet goals and compliance requirements.
Day-to-day responsibilities include:
Partner with various teams on technology initiatives to improve security of our systems and operations.
Document policies, processes and controls
Support audit preparation through review of requirements, evidence collection, and engagement with third-party auditors
Provide recommendations and remediation plans
Evaluate and enforce IT controls, security policies, industry best practices that relate to compliance.
Facilitate scheduled vulnerability scanning, patch management and reporting.
Manage a diverse set of security platforms and generate reports for senior leadership consideration.
Operate SIEM and other intelligence systems to monitor the environment for actionable events.
Manage security tools and services for authentication, authorization and other security services.
Participate in monthly, quarterly and annual security and compliance audits by providing evidence and improving the process through tools and automation.
Respond to security incidents and perform remediation and cleanup.
Participate in the security team on-call rotation.
Other duties as assigned.
BS in Computer Science, Information Systems, Math, Physics, or equivalent real-world experience.
3+ years’ experience in Active Directory administration, networking and operating system (OSX, Windows, Linux, mobile platforms) administration, hardening and security fundamentals.
3+ years’ experience implementing and following security frameworks or compliance standards, such as PCI-DSS, CIS Controls, NIST, COBIT, etc..
Certifications or training that demonstrate a commitment to continued professional information security advancement are expected, but not required.
Working knowledge and experience with security such as vulnerability management services, incident response, event monitoring systems, threat management, and others.
Strong CLI and scripting language experience (Python, PowerShell, etc..)
Strong knowledge of DNS, network protocols, firewalls, VPNs, web application firewalls, email security, IPS/IDS, SIEM, DLP, cryptography, application whitelisting and endpoint protection.
Ability to engage and collaborate with employees to leverage security to help the organization succeed.
Excellent verbal and written communication and collaboration skills, including the ability to discuss technical topics with technical and non-technical audiences.
Critical skills and characteristics: Self-starter, strong team collaboration, ability to maintain a trusted role and interface with customers, leadership, sense of accountability, independent decision making ability and overall project coordination skills, relationship building, analytical problem solving and risk identification/mitigation
Experience writing policies and procedures in support of compliance frameworks.
General knowledge of all security and ISO27001 domains.