|Published||September 3, 2022|
Location: Sheetz Corporate - Altoona, PA
The Sheetz Application Security team is responsible for assessing the security of software and systems developed by Sheetz engineers. AppSec Analysts leverage threat models for each application to evaluate risks and to assist in their remediation or mitigation through collaboration with the development and operations teams. Team members conduct these efforts via industry standard tooling across static and dynamic assessment, in accordance with OWASP frameworks. The application team is also responsible for various compliance checks, including secure development training, SDLC security, and facilitation of penetration testing. To accomplish these goals, AppSec Analysts work in frequent collaboration with our development teams and managers throughout Sheetz IT.
PRIMARY PURPOSE OF THIS POSITION:
The IT Security Analyst I will assist in the design, implementation, and enforcement of security policies that protect systems and data from security risks. Tasks may include involvement in the implementation of new security solutions; participation in the creation / maintenance of policies, standards, baselines, guidelines, and procedures; and conducting vulnerability audits and assessments.
ESSENTIAL FUNCTIONS: (other duties may be assigned)
* Support the implementation of a risk and policy framework including distribution and maintenance of information security and related policies, as assigned by more senior RISC personnel. Implementation should support the department's accountability in setting risk and security policies, standards, guidelines, processes and procedures
* Maintain up-to-date basic knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors
* Assist with the deployment integration, and intial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with industry and company standards.
* Support activities on projects and work streams as assigned
* Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (e.g. security tools) or not (e.g. workstations, servers)
* Monitor all in-place security solutions for efficient and appropriate operations.
* Participate in the design and execution of vulnerability assessments, penetration tests, and security audits.
* Act as initial contact point for end users / other IT staff for in-place security solutions
* Research and write security, risk, and compliance reports indicating the existence of, and effectiveness of, information technology related controls
* Support the design of elements of the information security management system (ISMS) that provides a standard, formal, and continuous approach consistent with NIST and ISO.
* Provide evening and weekend "on call / issue" support as needed. Sheetz is open 24,7,365 and as such, our internal and externa, customers may require support at any time.
REQUIREMENTS: (Equivalent combinations of education, licenses, certifications and/or experience may be considered)
* A four-year degree in Computer Science, Engineering, or related field required.
* No previous experience required
* Prior internship within RISC preferred
* Maintain a continuous personal professional development program; this level requires CISSP certification and commitment to pursue additional training or certifications in risk, security, governance, compliance (e.g., CISSP-ISSEP, CISSP-ISSAP, CISSP-ISSMP, GICSP, GMOB, GCIH, CRCMP, CISA, CGEIT, CRISC, CRMA, CORP, advanced degree)
Tools & Equipment
* General Office Equipment
Sheetz, Inc. is a fast-growing, family-owned, food/convenience company that has been in business since 1952. Sheetz has over 600 locations in Pennsylvania, Ohio, Virginia, West Virginia, Maryland and North Carolina.
Our mission at Sheetz has been to meet the needs of customers on the go. Of course, things have changed over those nearly 70 years. Life is faster and busier, and customers expect us to be there when they need us most. One thing that hasn't changed is our commitment to our customers, our employees and the communities in which we operate. Sheetz donates millions of dollars every year to the charities it holds dear.