Information Security Engineer

Job Summary

Plans, coordinates, designs, and implements enterprise information security solutions to ensure Company assets are secure and adhere to security best practices. Performs research and guides the Information Security team on enhancement suggestions, security standards, and existing or potential measures to eliminate/mitigate risk to the enterprise while improving the effectiveness and efficiency of the team.

Essential Duties and Responsibilities

• Understands, interprets, and applies security standards, frameworks, compliance requirements, and comprehensive architecture principals to recommend solutions that meet regulatory, business continuity, and security scalable needs.
• Provides subject matter expertise on security architecture, authentication, and system security.
• Serves as security lead and subject matter expert (SME) on business projects to gather security requirements needed to design, build, document, support, and knowledge transfer security permissions, roles, rules, and configuration to ensure adherence to company and security standards.
• Works with external vendors to plan and deploy solutions, resolve issues, and implement enhancements.
• Researches, plans, designs, and builds solutions that will advance security, such as multi-factor authentication, passwordless authentication, zero trust networking, cloud security architecture, PKI, authorization tokens, identity governance, and data automation.
• Works to implement technical capabilities with application integrations to enhance security risk posture. These implementations include identity, Privileged Access, and Data Governance solutions.
• Builds new APIs (Application Programming Interfaces), services, and frameworks.
• Analyzes security systems and seeks improvements on a continuous basis.
• Fosters a continuous learning mindset to stay updated on emerging threats and technologies.  Reports existing or possible threats to systems and company assets and researches recommendations to eliminate, remediate, or mitigate them.
• Provides leadership and assists in developing security best practices, documenting security standards, and making decisions regarding enterprise security.

Essential Duties and Responsibilities

• Develops and maintains detailed and accurate documentation.
• Builds expertly planned and detailed project plans to be used to communicate key milestones, deliverables, and progress visibility for management.
• Educates business community and promotes security awareness on standards and procedures necessary to protect Company assets.
• Teaches, develops and mentors new and existing team members, providing technical expertise and assistance to other IT and business operations teams.
• Responds to after business hour phone calls and resolves problems as needed.

Knowledge, Skills and Abilities

• Recognized expert in multiple information security specialty areas with cross-functional experience.
• Mastery knowledge of Microsoft Office applications including Excel, Access, Word, Outlook and PowerPoint.
• Mastery ability to demonstrate strong meeting facilitation, verbal and written communication skills, lead productive discussions and drive consensus working with technical and non-technical stakeholders to communicate complex security concepts. 
• Mastery in the preparation of reports and business correspondence.
• Mastery skills in developing to show information in presentation or diagram form.
• Advanced working knowledge of application security provisioning and governance technologies, authentication protocols (i.e. OAuth, SAML), cloud security services, LDAP (Lightweight Directory Access Protocol), and domain structures.
• Advanced knowledge of SAP reporting and transactional applications.
• Advanced knowledge and understanding of relevant regulatory requirements and security frameworks, such as HIPPA, PCI DSS, NIST and ISO.
• Advanced technical aptitude to quickly learn new technologies, systems, methods and processes.
• Advanced ability to analyze complex technical information.
• Advanced ability to research information, establish facts and draw valid conclusions.

Knowledge, Skills and Abilities

• Advanced aptitude to comprehend and interpret information.
• Excellent analytical and problem-solving skills, with the ability to think strategically and act tactically.
• Ability to maintain confidentiality regarding sensitive information.
• Ability to work on-call and flexible schedules including nights, weekends and holidays.
• Proven track record of working independently, prioritizing tasks, and managing multiple projects simultaneously.
• Self-motivated, detail oriented and able to work in a rapidly changing environment.

Education, Experience, and Qualifications

• Bachelor’s Degree in Computer Science, Information Security, or other technology field.
• Relevant professional Security and Project Management certifications, such as PMP, CISSP, CISM, CEH, GIAC, or other related certifications are highly desirable.
• Minimum of eight years of experience in Information Security with progressive experience in designing and implementing security solutions and a minimum of ten years within Information Technology or an equivalent combination of experience and/or higher education (2X the experience listed above if non-degreed) required.
• Proven experience as an Information Security Engineer or similar role in a corporate environment, preferably within the retail or grocery industry.

Physical Demands

• Continuously required to use close vision, distance vision, depth perception or the ability to focus.
• Frequently required to talk and hear.
• Frequently required to use fine finger movements (ex. sorting and typing).
• Frequently required to sit for long periods of time.
• Occasionally required to use hands for reaching, touching or handling.
• Occasionally required to push, pull, maneuver or lift objects up to 40 lbs.
• Occasionally required to bend, kneel or squat.
• Occasionally required to stand or walk.

Work Context and Environment

• Work is generally performed in an office environment.
• Quiet to moderate noise level.