Job Title:  Cyber Security Operations Engineer III

Primary Purpose of Job:

The CSOC Operations Engineer III position is a technical leader responsible for the tactical execution of incident response, threat detection and continuous improvement of solutions which defend and protect QuikTrip’s computer systems, information, and networks from intentional or unintentional access, modification, or destruction. This position is responsible for technical leadership in the design, planning, documenting and support of projects and cyber security solutions for QuikTrip. This position needs to intently focus on prioritization and always seek the improvement of processes and tools, providing recommendations to engineering and architecture teams. A successful CSOC Operations Engineer III will have a multidisciplinary background beyond cyber security, with advanced knowledge in fields such as client and server systems, networking, and application development. This position will also be responsible for ensuring systems and processes follow regulatory requirements, such as PCI-DSS, HIPAA and SOX. This position is responsible for the mentorship of other IT staff and performs third level support for incidents and issues.

Major Functions:

Cyber Security Incident Response – 15% of total job

• Lead Cyber Security Incident Response as an incident owner, direct incident response activities, provide real-time decision making and communicate with the incident commander.
• Function as a threat hunter, working proactively to seek out weaknesses and stealthy attackers, conducting penetration tests and reviewing vulnerability assessments.
• Continuously develop and improve security technologies, focusing on the development of automation and orchestration capabilities as it relates to incident response.
• Coordinate documentation of activities during an incident and provide status updates to the incident commander during the life cycle of the incident. Participate in post-mortem collections and after-action reviews to identify and remediate gaps in processes and technologies.
• Participate in regular table-top sessions with the CSIRT and E-CSIRT teams to evaluate readiness, address changes in QuikTrip, external cyber security threats and impact. Participate in after action reviews to identify and remediate gaps in process or technologies.

Cyber Security Infrastructure Operations – 60% of total job

• Serve as an escalation point for all cyber security infrastructure operational issues during business hours and on-call for junior members of the team.
• Provide third tier support and subject matter expertise for all QuikTrip cyber security technologies and solutions.
• Work with the CSOC Principal and Manager to provide the team with tactical direction of operational technology capabilities focused on continuous improvement.
• Guide Security Engineering with necessary support as needed during IT projects with Cyber Security needs. Ensure project transitions meet CSOC operational standards for needed functionality, prevention, monitoring, detection, and response.

Cyber Security Threat Operations – 15% of total job

• Perform third tier analysis of exploits such as malware, network intrusions, and unauthorized use to help determine attack-surface, patient zero, and possible pivot-points for escalation.
• Provide technical leadership to the team and guidance in investigating escalated notable/suspicious events and the latest investigation techniques, containment and mitigation methods, evidence handling standards, threat intelligence, playbook development and case documentation best practices.
• Participate in the Cyber Security Risk Scoring process to include scoring risks, providing remediation or compensating control guidance and risk remediation/mitigation validation.
• Stay current on monitoring, detection, prevention, analysis, and investigation techniques/tools and adversary techniques, to implement recommendations for improving cyber security event processes, procedures and tooling.
• Participate in regular technical table-top sessions with the cyber security teams to evaluate readiness, address changes in QuikTrip, external cyber security threats and impact. Participate in after action reviews to identify and remediate gaps in process or technologies.

Technical Leadership – 10% of total job

• Provide leadership and mentoring to IT staff in the following manner.
  • Coordinate or lead necessary training to develop staff.
  • Ensure that appropriate technology is implemented in the appropriate manner.
  • Provide timely and effective communication of changes to processes and technologies.
• Maintain technical competence and relevance on existing and emerging cyber security, infrastructure, and automation technologies.
• Conceive, define, develop, and deploy tools/processes which help automate QT’s cyber security technologies to produce higher business value.
• Help develop cyber security awareness content and provide education on security policies and practices both internal and external to the group.
• Routinely evaluate documentation provided by Security Engineering staff to ensure complete coverage of required diagrams, support articles, and other necessary documentation.

Position in Organization:

Reports to: Cyber Security Operations Manager

Relationship:

Inside the Company: All QuikTrip personnel

Outside the Company: Hardware and software vendors, personnel in other companies involved in supporting cyber security tools or for triage of incidents.

Position Specification:

The required specifications (education, experience, and skills) are those that the employee must have to hold the position.  Applicants applying for this position must possess the required specifications in order to be considered for the job.  The desired specifications are those that are not required for the employee to hold the position but the employee should try to obtain the desired education, experience, and/or skills to be effective and successful in the position.

Required education: Bachelors in relevant field or the equivalent combination of education and experience.

Desired education: Bachelor’s degree in Cyber Security or a degree in a technology related field. Multiple industry certifications in Security, Systems Administration, and/or Networking, such as CISSP, GDSA, CCNP Security, or PCNSE.

Required education: Minimum of 8 years of progressive experience with cyber security technology design, administration or incident response in large, complex environments, particularly in multi-region retail. Advanced expertise in cryptography, network defense, endpoint protection, forensics, data protection, and incident response. Advanced understanding of data center technologies and concepts including services, security, infrastructure design, disaster recovery practices. Advanced level troubleshooting of IT systems. In depth knowledge of compliance standards such as HIPAA, PCI, and SOX. Experience mentoring, training, and developing other IT staff.

Desired education: Advanced experience in all aspects of cyber security technologies and knowledge in supporting and building large, complex cyber security environments. Experience planning and implementing a technical backlog to drive continuous improvement of technology and practices.

Required education: Advanced knowledge of multiple cyber security technologies, including next generation firewalls, IDS/IPS, network access control, email and web security, digital forensics, endpoint detection and response, vulnerability scanning and analysis, data protection, credential vaulting, certificate management, Multi-Factor, access brokering, SIEM, public cloud compliance and Cybersecurity automation and orchestration technologies. Advanced experience in planning and tracking the execution of large and complex projects or other efforts. Experience in scripting or software development. The ability to communicate effectively to both business and IT staff in a professional manner.

Desired education: Working experience with Active Directory and Microsoft and/or Linux OS, networking, identity and access management, wireless networking and security, penetration testing, incident response, and application security methodologies. Understanding of encryption systems and methodology. Advanced experience in software development or secure coding techniques.

Additional Criteria:

This position will require shift work that could include weekends and nights as dictated by support needs. On call 24/7. Must have knowledge of many areas and be able to switch between them rapidly. Must be able to work under pressure and provide guidance to Information Technology and business users during a crisis. This position will require ability to maintain absolute confidentiality of information or events due to the sensitivity of their natures.

Starting Salary: $122,900-$153,600

Benefits:  Employee Benefits – QuikTrip