Cyber Security Operations Engineer III

Primary Purpose Of Job:

The CSOC Operations Engineer III position is a technical leader responsible for the tactical execution of incident response, threat detection and continuous improvement of solutions which defend and protect QuikTrip’s computer systems, information, and networks from intentional or unintentional access, modification, or destruction. This position is responsible for technical leadership in the design, planning, documenting and support of projects and cyber security solutions for QuikTrip. This position needs to intently focus on prioritization and always seek the improvement of processes and tools, providing recommendations to engineering and architecture teams. A successful CSOC Operations Engineer III will have a multidisciplinary background beyond cyber security, with advanced knowledge in fields such as client and server systems, networking, and application development. This position will also be responsible for ensuring systems and processes are following regulatory requirements, such as PCI-DSS, HIPAA and SOX. This position is responsible for the mentorship of other IT staff and performs third level support for incidents and issues.

Major Functions:

Cyber Security Incident Response – 15% of total job

• Lead Cyber Security Incident Response as an incident owner, direct incident response activities, provide real-time decision making and communicate with the incident commander.
• Function as a threat hunter, working proactively to seek out weaknesses and stealthy attackers, conducting penetration tests and reviewing vulnerability assessments.
• Continuously develop and improve security technologies, focusing on the development of automation and orchestration capabilities as it relates to incident response.
• Coordinate documentation of activities during an incident and provide status updates to the incident commander during the life cycle of the incident. Participate in post-mortem collections and after-action reviews to identify and remediate gaps in processes and technologies.
• Participate in regular table-top sessions with the CSIRT and E-CSIRT teams to evaluate readiness, address changes in QuikTrip, external cyber security threats and impact. Participate in after action reviews to identify and remediate gaps in process or technologies.

Cyber Security Infrastructure Operations – 60% of total job

• Serve as an escalation point for all cyber security infrastructure operational issues during business hours and on-call for junior members of the team.
• Provide third tier support and subject matter expertise for all QuikTrip cyber security technologies and solutions.
• Work with the CSOC Principal and Lead to provide the team with tactical direction of operational technology capabilities focused on continuous improvement.
• Guide Security Engineering with necessary support as needed during IT projects with Cyber Security needs. Ensure project transitions meet CSOC operational standards for needed functionality, prevention, monitoring, detection, and response.

Cyber Security Threat Operations – 15% of total job

• Perform third tier analysis of exploits such as malware, network intrusions, and unauthorized use to help determine attack-surface, patient zero, and possible pivot-points for escalation.
• Provide technical leadership to the team and guidance in investigating escalated notable/suspicious events and the latest investigation techniques, containment and mitigation methods, evidence handling standards, threat intelligence, playbook development and case documentation best practices.
• Stay current on monitoring, detection, prevention, analysis, and investigation techniques/tools and adversary techniques, to implement recommendations for improving cyber security event processes, procedures and tooling.
• Participate in regular technical table-top sessions with the cyber security teams to evaluate readiness, address changes in QuikTrip, external cyber security threats and impact. Participate in after action reviews to identify and remediate gaps in process or technologies.

Technical Leadership – 10% of total job

• Provide leadership and mentoring to IT staff in the following manner.
• Coordinate or lead necessary training to develop staff.
• Ensure that appropriate technology is implemented in the appropriate manner.
• Provide timely and effective communication of changes to processes and technologies.
• Maintain technical competence and relevance on existing and emerging cyber security, infrastructure, and automation technologies.
• Conceive, define, develop, and deploy tools/processes which help automate QT’s cyber security technologies to produce higher business value.
• Help develop cyber security awareness content and provide education on security policies and practices both internal and external to the group.
• Routinely evaluate documentation provided by Security Engineering staff to ensure complete coverage of required diagrams, support articles, and other necessary documentation.

Position In Organization:

Reports to : Cyber Security Operations Lead

Relationships:

Inside the Company : All QuikTrip personnel.

Outside the Company : Hardware and software vendors, personnel in other companies involved in supporting cyber security tools or for triage of incidents

Position Specifications:

Required Experience : Minimum of 8 years of progressive experience with cyber security technology design, administration or incident response in large, complex environments, particularly in multi-region retail. Advanced expertise in cryptography, network defense, endpoint protection, forensics, data protection, and incident response. Advanced understanding of data center technologies and concepts including services, security, infrastructure design, disaster recovery practices. Advanced level troubleshooting of IT systems. In depth knowledge of compliance standards such as HIPAA, PCI, and SOX. Experience mentoring, training, and developing other IT staff.

Desired Experience : Advanced experience in all aspects of cyber security technologies and knowledge in supporting and building large, complex cyber security environments. Experience planning and implementing a technical backlog to drive continuous improvement of technology and practices.

Additional Criteria: This position will require shift work that could include weekends and nights as dictated by support needs. On call 24/7. Must have knowledge of many areas and be able to switch between them rapidly. Must be able to work under pressure and provide guidance to Information Technology and business users during a crisis. This position will require ability to maintain absolute confidentiality of information or events due to the sensitivity of their natures.

Starting Salary: $119,300-$149,100