SpartanNash is a value-added wholesale grocery distributor — supplying more than 2,100 independent grocery retail locations throughout the United States — as well as a grocery retailer, with more than 155 corporate supermarkets in nine states. We also serve the military community through our MDV division; in addition to offering premier fresh produce distribution and fresh food processing through Caito Foods and third-party logistics through BRT.
At SpartanNash, relationships matter, and our Corporate team takes that sentiment to heart in the way we work as one totally aligned team, support and respect each other and share the highest standards of excellence. We’re always looking for the next great idea or a new way to approach a challenge, and we collaborate and innovate to achieve our goals.
A day in the life of the Security Engineer Specialist is never the same but, in this role, you will be responsible to lead or participate in the development, design, implementation and maintenance of the Company's security technology, systems and information assets. Participate in the development of, and implement, security procedures and technologies to ensure system security and compliance. Act as a key point of contact and advise team on complex technical issues and resolution of such.
What You’ll Do:
- Lead or participate in the development, design, implementation and maintenance of the Company's security technology, systems and information assets to protect against unauthorized access, modification, or destruction of the Company assets; evaluate and oversee potential security risks and work with internal IT teams, external vendors and cross-functional business partners as necessary.
- Develop, implement and/or maintain a centralized Threat Intelligence, Data Loss Prevention and Monitoring system, an Incident Response system and playbooks to include forensics to safeguard information and data, coordinate with various IT and business areas accordingly.
- Oversee and/or perform vulnerability scanning assessments for devices to verify compliance requirements. Research and provide technical direction to support security technologies including data/security hardware platforms and software systems, IPS/IDS, vulnerability management, security metrics and incident response performance.
- Participate in the development of, and implement, security procedures and technologies (i.e., firewalls, proxies, web security, etc.) to enhance information security through system/network monitoring, access control and security evaluations and to ensure compliance with regulations such as HIPPA, PCI, SOX, etc. Conduct comprehensive vulnerability systems assessments to meet compliance objectives.
- Develop custom software solutions for security system operation, monitoring and support as appropriate. Develop and maintain documentation of information security procedurals and configurations. Assist in the specification of standards for new and existing security systems, software and hardware configuration and installation.
- Develop and maintain security procedure documentation and troubleshooting documentation, user documentation for systems installed and/or created, and technical standards, procedures and techniques to ensure maximum system availability and performance levels, and/or specifications for security systems, software and hardware configuration and installation.
- Responsible to assess the business impact of issues and act as a key point of contact and advise team on complex technical issues and resolution of such. Identify issues, determine the appropriate resolution working cross-functionally as necessary, and partner with other IT areas to ensure resolution of security issues in a timely manner.
- Participate in PCI and SOX external audits and internal control testing and maintain department compliance documentation. Work with internal and external auditors as required related to security compliance audits.
- Plan and implement timely upgrades, maintenance fixes and vendor-supplied patches for assigned systems hardware or software. Conduct research in support of procurement or development efforts as assigned.
- Recommend and execute modifications to improve efficiency, reliability and performance of infrastructure systems. Participate in Disaster Recovery planning and practices as required.
- Prepare and conduct presentations to IT management and discuss IT technology issues and solutions in a non-technical manner while ensuring understanding by targeted audience.
- Responsible to respond to system issues on a 7x24 basis and participate in an on-call rotation. Provide guidance, mentoring and training for less experienced Security Analysts/Security Engineers.
- Maintain current knowledge of legal regulations, industry trends and best IT Security practices; make recommendations to improve current programs and processes and to ensure company legal compliance.
- The above statements are intended to describe the general nature and levels of work being performed as assigned for this job. This is not intended to be an exhaustive list of all responsibilities, duties and requirements; additional responsibilities may be assigned as needed.
Sound Like You? Here’s what you’ll need:
- Bachelor's Degree (Required) Information Systems Security, Computer Science or related field or equivalent combination of education and/or experience
- Seven years cyber security/Information Technology security experience.
- Certified Information Systems Security Professional (CISSP) certification or Global Information Assurance Certification (GIAC) certification preferred.
- Demonstrated knowledge of operating systems, communications protocols, and security concepts, best practices and procedures. In-depth knowledge of compliance regulations (i.e., SOX, PCI, and HIPAA) required.
- Must have knowledge of data network concepts, protocols, practices, and procedures, and strong knowledge of network management and security. Experience with security subsystems (e.g. firewalls, VPN servers. IDS/IPS, etc.). Must have working knowledge of all IT security areas (e.g. servers, desktops, voice, Internet, and web technologies, etc.) and experience in administration and configuration of log management tools/SIEM.
- Strong working knowledge of PC, server and network technologies.
- Excellent written and verbal communications skills; ability to communicate IT related information in a non-technical manner. Excellent analytical, problem solving, troubleshooting, decision-making and project management skills. Excellent organization, prioritization and attention to detail skills.
- Ability to lead projects and provide work direction to others. Must be able to work independently and in team settings.
- Must participate in an on-call rotation.
Equal Opportunity Employer – minorities/females/veterans/individuals with disabilities/sexual orientation/gender identity.