SpartanNash is a value-added wholesale grocery distributor — supplying more than 2,100 independent grocery retail locations throughout the United States — as well as a grocery retailer, with more than 155 corporate supermarkets in nine states. We also serve the military community through our MDV division; in addition to offering premier fresh produce distribution and fresh food processing through Caito Foods and third-party logistics through BRT.
At SpartanNash, relationships matter, and our Corporate team takes that sentiment to heart in the way we work as one totally aligned team, support and respect each other and share the highest standards of excellence. We’re always looking for the next great idea or a new way to approach a challenge, and we collaborate and innovate to achieve our goals.
A day in the life of the Security Operations Engineer Specialist is never the same but, in this role, you will be responsible for maintaining and advancing the enterprise-wide information security operations program to ensure that data, information assets and critical infrastructure are adequately protected. This role will support strategic direction, policy and process mapping for Information Security, leveraging quality and risk as key components to the overall program. This role is also responsible for the execution of the response process and coordination of relevant parties when an information security incident occurs.
What You’ll Do:
- Contributes to the development and implementation of a strong Information Security practice at SpartanNash.
- Oversight of the confidentiality, integrity, and availability of the data residing on or transmitted to/from/through enterprise workstations, servers, related systems in databases and data repositories.
- Oversees security monitoring practice and analysis of security alerts.
- Executes all investigations and provide on-going communication with stakeholders and senior management.
- Serving as the liaison between IT, other involved Valvoline departments (including Corporate Security), industry peers, government agencies (including law enforcement) and other specialists for any Cyber Security incidents.
- Organizing, participating in, and, if required, chair post-incident reviews for presentation to IT Senior Management
- Lead and/or support the design and execution of vulnerability assessments, penetration tests, and security audits.
- Handles and escalates security incidents as defined in the incident response procedures
- Facilitates and participates in eDiscovery and forensic investigations with outsourced vendors
- Establishes Information Security processes for the team
- Oversee the deployment, integration and initial configuration of all new security solutions and any enhancements to existing security solutions in accordance with Security Best Practices.
- Ensure that projects are completed on time and within the allocated budget
- Contribute to the design and deployment of information security awareness training for all coworkers to ensure consistently high levels of compliance with SpartanNash’s Information Security Program.
- Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new vulnerabilities, attacks and threat vectors.
Sound Like You? Here’s what you’ll need:
- Bachelor’s degree in Computer Science or related field
- 7 years’ experience in an IT Security Role.
- Recognized Technical certifications associated with Information Security.
- An industry-recognized certification such as CISSP, SANS/GIAC, Cisco CCCSP is preferred.
- In-depth experience in security incident management processes and tools
- Minimum of 2 years of demonstrated experience in liaising with middle and senior management of a large commercial enterprise
- Comprehensive understanding of enterprise IT application architecture and design across authentication/authorization, web, application, and database tiers
- Knowledge of NIST, CIS and CSA framework is mandatory
- Hands-on experience on 3 or more of the following:
- Vulnerability management - Rapid7/Tenable/Qualys
- SIEM - Logrhythm/Arcsight/Splunk
- Email Security - Proofpoint/O365 ATP/ETP
- Cloud Security - Azure ATP/Palo Alto Networks/Zscaler
- AAA/NAC technologies - Cisco ISE/Forescout
- WAF - F5/CloudFlare etc.
- Firewall Assurance - Skybox/Algosec
SpartanNash is proud to take care of the people who take care of our business through our robust and competitive Total Rewards benefits package. !
SpartanNash is a certified Military-Friendly employer. Veterans are encouraged to apply!
Equal Opportunity Employer – minorities/females/veterans/individuals with disabilities/sexual orientation/gender identity.
