Vacancy expired!
Publix Super Markets, Inc. is the largest privately-owned food retailer in the nation with more than 1,200 stores and more than 200,000 associates throughout the Southeast. We are associate-owned, proud of our family atmosphere, and consistently named as one of the best companies to work for in America. We are largely debt-free and renowned for our financial performance as well as our premier customer service. Publixs Information Services (I/S) department is located in Lakeland, Florida and Alpharetta, Georgia and employs over 1000 associates. I/S provides the information technology required for all Publix business units including retail stores and all office and warehouse environments. The Publix I/S mission is to maximize the value of information technology to Publix associates and customers.
- develop strong, scalable e-commerce fraud/ATO security monitoring and detection processes including effective web application security monitoring,
- create and improve existing processes and procedures for managing on-premise incident response, forensic investigations, and threat intelligence,
- streamline on-premise security processes and procedures with automation,
- provide security recommendations for optimal security configuration of systems such as web application firewalls, IDS/IPS, bot management, fraud prevention, online payment security, cloud platforms, and email security
- develop a holistic cloud security monitoring and incident response program for Azure, GCP and VMware,
- create security automation for response and remediation of security incidents of cloud infrastructure for Azure, GCP, and VMware,
- provide security oversight and experience with a strong understanding of hybrid public/private cloud services, Infrastructure as Code and DevSecOps toolsets.
- Experience and understanding of platforms including compute, storage, networking, containers, container orchestration, service mesh, monitoring/logging, and Continuous Integration/Continuous Deployment (CI/CD).
- work with other security teams to define and build the processes necessary to protect cloud infrastructure from common threat vectors including ransomware, OWASP vulnerabilities, and security & compliance misconfigurations.
- play a key role in ensuring our cloud capabilities meet PCI/SOX/HIPAA/PII compliance standards.
- Must have a bachelors degree in Management Information Systems, Computer Science, Information Security or other technical/analytical disciplines, or equivalent experience,
- 2 years of experience in IT security triaging incidents with security and analysis tools such as web application firewall, intrusion protection systems, Wireshark, Splunk, KAPE, volatility
- Must have 2 years of experience with enterprise security monitoring or DevSecOps on Azure, GCP, AWS, or VMWare private cloud technology.
- Demonstrated experience with Kubernetes (AKS), Docker, and/or Openshift.
- Understanding of automation, deployment orchestration, and security configuration management with at least one of the following: Terraform, Chef, Puppet, YAML, JSON, PowerShell, BASH, Go, or Python.
- Understanding of CI/CD pipelines, containers, container registries, and code repositories, and use of tools such as Jenkins, GitHub, Azure DevOps, etc.
- Knowledge of threat modeling, static/dynamic/interactive code analysis, fuzzing, software composition analysis, secrets management, and related tools.
- Experience with compliance and regulatory security requirements (SOX, PCI, HIPAA).
- Understanding of Agile methodologies.
- continued education including additional or advanced degrees in analytical, technical, or business discipline,
- 3 years of experience in enterprise security monitoring and incident response or DevSecOpsworking with Azure, GCP, VMware private cloud technology,
- strong interpersonal and leadership skills including experience in organizing, planning, and executing large scale, cross functional efforts,
- experience in project management and leading projects to completion,
- strong understanding of common web-based communication and security protocols,
- strong understanding of the OWASP top ten security risks and common mitigation techniques,
- one or more of the following certifications:
- Cloud+
- Microsoft Certified Azure Security Engineer Associate
- Microsoft Certified Azure Solutions Architect Expert
- Microsoft Certified: Security Operations Analyst Associate
- Certified Cloud Security Professional (CCSP)
- VMware Certified Technical Associate (VCTA),
- VMware Certified Professional (VCP),
- VMware Certified Advanced Professional (VCAP)
- Palo Alto Networks Certified Network Security Engineer (PCNSE),
- Prisma Certified Cloud Security Engineer (PCCSE),
- Palo Alto Networks Certified Network Security Administrator (PCNSA),
- Palo Alto Networks Certified Security Automation Engineer (PCSAE)
- GIAC Cloud Security Automation (GCSA)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Network Forensic Analyst (GNFA)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Forensic Examiner (GCFE)
Vacancy expired!