Vacancy expired!
Publix Super Markets, Inc. is the largest privately-owned food retailer in the nation with more than 1,200 stores and more than 200,000 associates throughout the Southeast. We are associate-owned, proud of our family atmosphere, and consistently named as one of the best companies to work for in America. We are largely debt-free and renowned for our financial performance as well as our premier customer service. Publixs Information Services (I/S) department is located in Lakeland, Florida and Alpharetta, Georgia and employs over 1000 associates. I/S provides the information technology required for all Publix business units including retail stores and all office and warehouse environments. The Publix I/S mission is to maximize the value of information technology to Publix associates and customers. Publix is able to offer virtual/remote employment for this position in the following states: FL, GA, AL, TN, SC, NC, VA The job responsibilities for this position are:
- leading moderate to large size application, system, and network penetrationteststo verify that security defenses, standards, and best practices are properly and effectively implemented.
- preparing and documenting, and delivering the results of scans and teststo associates responsible for remediation
- planning,documenting,and tracking remediation activities
- responsible for providing security consultation to I/S and other Publix business areas typically on SOX, HIPAA, and PCI regulationsand highly sensitive systems and architectures
- performing penetration tests on new IT solutionsagainstsecurity best practices to determine gaps and suggest options for remediation
- responsible for development and documentation of requirements and design for moderate to large security solution components, including rules, dashboards, as well as scripts to facilitate penetration testing activities
- responsible for providing leadership and work prioritization for securitytabletopand purple teamingprojects
- responsible for maintaining personal business and technical knowledge to train others in IS
- responsible for planning activities within the Security Assurance Penetration Team
- must have a Bachelors Degree in Management Information Systems, Computer Science, or other technical/analytical disciplines, or equivalent experience,
- must have at least four years of experience in IT security in one or more of the following areas, enterprise network & host penetration assessments, network & host penetration tools and methods, remediation management
- Six or more years of experience in one or more of the following: Active Directory Penetration Testing, Red Team Operations, Purple Team assessments, Mobile and/or Web Application assessments, Phishing.
- Six or more years of experience in one or more of the following: Kali Linux, Cobalt Strike, Metasploit, Bloodhound, BurpSuite, Nessus.
- Experience in AWS or Azure penetration testing.
- Experience in MITRE ATT&CK Tactics and Techniques such as performing defense evasion techniques against modern AV/EDR solutions
- Experience in Command and Control (C2) infrastructure setup such as creating/registering domains, setting up redirectors, etc.
- Continued education including additional or advanced degrees in analytical, technical, or business discipline,
- six or more years of experience leading and performing vulnerability/remediation management, vulnerability assessments or penetration testing of mobile, web, and in-house systems and applications in a large distributed environment,
- six or more years of experience automating dashboards and reports to collect, organize, analyze, and distribute enterprise scanning tools data,
- strong interpersonal and leadership skills including experience in organizing, planning, and executing large scale, cross-functional efforts,
- strong understanding of Windows, Linux/Unix, and Cloud architectures including secure configuration of these operating systems and environments,
- strong understanding of networking infrastructure components and protocols including wireless, firewalls, and/or network-based intrusion detection/prevention,
- a strong understanding of ethical hacking methodologies, frameworks, and industry resources, e.g. OWASP, OSSTMM, NIST, SANS/CWE, to maintain, improve, and benchmark the Penetration Testing Program is desired
- One or more of the following certifications: GIAC Penetration Tester (GPEN), Offensive Security Certified Professional (OSCP), Certified Red Team Operator (CRTO), Offensive Security Experienced Penetration Tester (OSEP)
- Employee stock ownership plan that contributes Publix stock to associates each year at no cost
- An opportunity to purchase additional shares of our privately-held stock
- 401(k) retirement savings plan
- Group health plan (with prescription benefits)
- Group dental plan
- Group vision plan
- Sick pay
- Paid Parental Leave
- Long-term disability insurance
- Company-paid life insurance (with accidental death & dismemberment benefits)
- Tuition reimbursement
- Vacation pay
- Free hot lunches (buffet-style) at facilities with a cafeteria
- Paycheck direct deposit
- Credit union
- Access to over 50 discount offers including discounts on computer, vehicle and wireless purchases
- 6 paid holidays (associates can exchange the following holidays with their managers approval: New Years Day, Memorial Day, Fourth of July, and Labor Day).
Vacancy expired!