|Published||August 29, 2023|
Location: Sheetz Corporate - PITTSBURGH, PA
PRIMARY PURPOSE OF THIS POSITION:
Design, implement, and enforce security policies that protect systems and data from security risks. Responsible for the identification, investigation, and resolution of security events detected by those systems. Tasks may include involvement in the implementation of new security solutions; participation in the creation / maintenance of policies, standards, baselines, guidelines, and procedures; and conducting vulnerability audits and assessments.
ESSENTIAL FUNCTIONS: (other duties may be assigned)
- Support / Execute the implementation of a risk and policy framework via CI/CD pipelines to support the department's accountability in setting risk and security policies, standards, guidelines, processes, and procedures.
- Maintain up-to-date in-depth knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
- Recommend additional security solutions, or enhancements to existing security solutions to improve overall enterprise security.
- Perform the deployment integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with industry and company standards.
- Research the use of new or existing tooling or processes to advance the CI/CD ecosystem, the integration of new technologies or processes into existing pipelines and make recommendations for the purchase of software and hardware solutions for the creation and maintenance of first class CICD pipelines.
- Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (e.g., security tools) or not (e.g., workstations, servers)
- Participate / advise in the design and execution of vulnerability assessments, penetration tests, and security audits.
- Provide call escalation for in-place security solutions to CI/CD pipelines.
- Collaborate with core business partners and other security teams to improve controls via creation of process design which meet the evolving business needs for customer experience and efficiency.
- Provide risk consulting and/or training to business and technical partners to improve the effectiveness of risk management across the enterprise.
REQUIREMENTS: (Equivalent combinations of education, licenses, certifications and/or experience may be considered)
- Bachelor's degree in Computer Science, Engineering or related field required.
- Minimum 3 years' cyber security experience required
- Previous experience with automated application security testing tools required
- Previous coding experience beyond simple scripts is required
- Minimum 1 year experience in IP, TCP/IP, and other network administration protocols preferred
- Minimum 1 year working experience of Windows and Linux systems preferred
- Maintain a continuous personal professional development program; this level requires CISSP certification and commitment to pursue additional training or certifications in risk, security, governance, compliance (e.g., CISSP-ISSEP, CISSP-ISSAP, CISSP-ISSMP, GICSP, GMOB, GCIH, CRCMP, CISA, CGEIT, CRISC, CRMA, CORP, advanced degree)
Tools & Equipment
- General Office Equipment
Sheetz, Inc. is a fast-growing, family-owned, food/convenience company that has been in business since 1952. Sheetz has over 600 locations in Pennsylvania, Ohio, Virginia, West Virginia, Maryland and North Carolina.
Our mission at Sheetz has been to meet the needs of customers on the go. Of course, things have changed over those nearly 70 years. Life is faster and busier, and customers expect us to be there when they need us most. One thing that hasn't changed is our commitment to our customers, our employees and the communities in which we operate. Sheetz donates millions of dollars every year to the charities it holds dear.
If you are a current employee, click here to apply