Join us at WinCo Foods, where we're more than just a grocery retailer - we're a growing family of over 140 supermarkets in 10 states with over 22,000 employee owners. Our purpose is to make the lives of our customers and employee owners better by offering the lowest possible prices to feed their families. Currently, WinCo is the second largest Employee-Owned company in the United States. With more than 500 millionaire employee-owners in our Employee Stock Ownership Plan (ESOP). Our benefits, including top-tier medical plans and tuition support set us apart. In your role, you'll be instrumental in making a real impact in the communities we serve, embodying our purpose every day.

Job Summary

Design, implement and maintain security measures to protect WinCo Foods’ cloud environments and cloud applications (SaaS) from cyber security threats.  Work with existing security tooling to extend those protections to SaaS and cloud environments.  Identify, install and configure new security tools to expand security coverage in WinCo’s cloud environments. Proactively evaluate the security posture and configuration, and manage remediations of vulnerabilities and misconfigurations.  Respond to threat alerts and anomalous activity across cloud environments and SaaS.

 Typical Duties and Responsibilities

• Maintain an atmosphere of friendly, enthusiastic customer service with an emphasis on taking care of the customer. Provide exceptional customer service by telephone, email, and in person.
• Identify security gaps or weaknesses, and recommend solutions to reduce risk to the company.
• Work with other Information Technology (IT) teams to ensure logical and physical security of all systems and data.
• Lead initiatives to implement new security solutions. Identify vendors, evaluate tools and implement the solution(s).
• Establish vulnerability-scanning procedures and work with the necessary teams to prioritize and install patches and security fixes based upon risk and impact.
• Act as the subject matter expert for IT Security on company technology projects lead by other teams.
• Develop security protection goals, objectives and metrics consistent with enterprise best practices.
• Produce periodic reports on security metrics and incidents.
• Perform log and event analysis of systems and security technologies to identify anomalies and suspicious activity.
• Develop monitoring and alerting for security technologies including IDS/IPS, firewall, vulnerability scanning, security logging and event management.
• Respond to security incidents and coordinate response, containment, forensics and mitigation.
• Conduct information security investigations and threat assessments.
• Perform maintenance, configuration and support of IDS/IPS, firewall, web proxy, vulnerability scanning, SIEM, and other security technologies.
• Promote security awareness across the organization through end-user training, knowledge transfer, and documentation of threats and vulnerabilities.
• Actively research and communicate current threats and attack vectors to IT management.
• Develop, document and update IT security procedures and policies.
• Perform on-call support for security events.
• Perform other projects and duties as needed and assigned.

Requirements

Education:

• Associates degree in IT, Computer Science, or related field AND five (5) years of IT Security or Engineering experience OR equivalent combination (seven (7) years) of education, training, and/or experience demonstrating considerable knowledge of IT security.

 Experience:

• At least five (5) years direct experience working in an enterprise technology environment in a security or engineering role.
• Demonstrating technical working knowledge of design considerations for Firewall, LAN, WAN, WLAN, VPN, Windows Server, Active Directory, DMZs, Certificate (PKI) Infrastructure, Unix/Linux, Virtual Infrastructure, and network protocols.
• Implementing and managing enterprise security solutions such as antivirus, encryption methodologies, IPS/IDS, Web Content Filtering, Identity and Access Management, email security, and monitoring and alerting.
• Demonstrating familiarity with security tools used for penetration testing, vulnerability scanning and forensics.
• Implementing security best practices related to networks, servers, end-user devices and sensitive information.
• Hands-on with log aggregation or SIEM technologies including implementation and support.
• Understanding of cyber security concepts, principles and industry-recognized security frameworks such as ISO 27002, NIST, CIS CSC, etc.
• Hands-on hardware and software troubleshooting.
• Demonstrating knowledge of applicable data privacy practices and laws.
• Exhibiting excellent customer service skills, working well with others and demonstrating professionalism and courtesy in all customer interactions.
• Designing and implementing security measures across popular cloud platforms (such as GCP, AWS, and/or Azure)
• Assessing security gaps and risks on cloud platforms and SaaS implementations
• Providing security best practice and implementation recommendations for new cloud applications
• Aligning security design with common security frameworks
• Working in a team-oriented, collaborative environment.

 Ability to:

• Consistently provide friendly and engaging customer service to internal and external customers.
• Demonstrate strong organizational skills, initiative and self-direction to effectively manage time and perform tasks to meet timelines and work quality expectations.
• Effectively prioritize and execute tasks in a high-pressure environment.
• Continually assess WinCo’s security posture, and design and implement solutions for gaps.
• Learn and apply new/emerging technologies and best practices.
• Conduct research into IT security issues, products and solutions.
• Demonstrate strong analytical and problem-solving abilities while always maintaining attention to detail.
• Exhibit strong written and oral communication skills.
• Be highly motivated with a passion for IT Security.
• Communicate complex, technical, information and ideas to all levels of audiences.
• Demonstrate excellent interpersonal skills.
• Be on call to respond to security incidents, including evenings, weekends and holidays as required.
• Travel up to 10% of the time.

 Machines and Equipment Operated:

• Office machines (computer terminal, copier/scanner, fax machine, telephone etc.).

 Preferred Education, Experience and/or Credentials:

• Five (5) years direct experience working with enterprise security tools, including at least 3 years of implementing and managing enterprise security tools.
• Experience with open-source operating systems and security related tools.
• One or more industry recognized security certification, such as CISSP, GIAC, Security+, etc.
• One or more industry recognized technology certification, such as MSCE, CCNA, CCNP, etc.
• Working knowledge of PCI DSS compliance framework.

The above statements are intended to describe the general nature of work performed by the employees assigned to this job.  All employees must comply with Company policies and applicable laws.  The responsibilities, duties and qualifications required of personnel may vary. 

As the WinCo Foods community continues to grow, our variety of perspectives and wide range of experiences are essential to our strategy and success. We are committed cultivating and celebrating an inclusive environment in which all employees are valued and respected.