Senior IT Security Analyst

Publix Super Markets, Inc. is the largest privately-owned food retailer in the nation with more than 1,200 stores and more than 200,000 associates throughout the Southeast. We are associate-owned, proud of our family atmosphere, and consistently named as one of the best companies to work for in America. We are largely debt-free and renowned for our financial performance as well as our premier customer service. Publixs Information Services (I/S) department is located in Lakeland, Florida and Alpharetta, Georgia and employs over 1000 associates. I/S provides the information technology required for all Publix business units including retail stores and all office and warehouse environments. The Publix I/S mission is to maximize the value of information technology to Publix associates and customers. The job responsibilities for this position are:

• develop strong, scalable e-commerce fraud, cloud and on-premise security monitoring and detection processes including effective web application security monitoring,
• create and improve existing processes and procedures for managing incident response, forensic investigations, and threat intelligence,
• streamline processes and procedures with automation,
• provide security recommendations for optimal security configuration of systems such as web application firewalls, IDS/IPS, bot management, fraud prevention, online payment security, cloud platforms, and email security,
• coordinate with other teams and functional areas to identify fraud and security gaps for our e-commerce platforms, provide recommendations for mitigation.

• must have a bachelors degree in Management Information Systems, Computer Science, Business, or other technical/analytical disciplines, or equivalent experience,
• must have at least 4 years of experience in IT security triaging incidents with security and analysis tools such as web application firewall, intrusion protection systems, Wireshark, Splunk, KAPE, volatility
• must have basic knowledge of at least one of the following: PCI-DSS, SOX, HIPAA requirements
• must have excellent written and verbal communication skills with the ability to relate to all levels of Publix associates,
• must have the ability to resolve complex business and technical issues by making decisions using sound business judgment,
• must have excellent customer service skills and commitment to teamwork,
• must be flexible and able to handle stressful situations in a professional manner,
• must demonstrate ability to work under minimal supervision,
• must have strong analytical, problem-solving, and conceptual skills,
• must have a high degree of confidentiality, maturity, self-motivation, commitment, and integrity and,
• must show enthusiasm, initiative, attention to detail, punctuality, pride in work, and a commitment to Publix and our Mission.

• continued education including additional or advanced degrees in analytical, technical, or business discipline,
• 5 years of experience in IT security triaging security incidents using security tools such as web application firewall, bot prevention, cloud security monitoring and detection, forensic acquisition and analysis
• strong interpersonal and leadership skills including experience in organizing, planning, and executing large scale, cross functional efforts,
• strong understanding of common web-based communication and security protocols,
• strong understanding of the OWASP top ten security risks and common mitigation techniques,
• experience identifying evolving trends in web traffic,
• automation and scripting skills using PowerShell, Python, bash or other,
• one or more of the following certifications:
  • Security +
  • Certified Ethical Hacker (CEH)
  • GIAC Security Essentials Cyber-defense (GSEC)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Microsoft Certified Systems Engineer (MCSE)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Network Forensic Analyst (GNFA)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Battlefield Forensics and Acquisition (GBFA)
  • GIAC Certified Forensic Examiner (GCFE)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Cyber Threat Intelligence (GCTI)
  • GIAC Reverse Engineering Malware (GREM)
  • GIAC Cloud Security Automation (GCSA)
  • GIAC Continuous Monitoring Certification (GMON)
  • GIAC Certified Detection Analyst (GCDA)
  • GIAC Defending Advanced Threats (GDAT)
  • Microsoft Certified Azure Security Engineer Associate
  • Microsoft Certified Azure Solutions Architect Expert
  • Microsoft Certified: Security Operations Analyst Associate
  • Certified Cloud Security Professional (CCSP)