Information Security Operations Engineer Endpoint

Job Description

Job Title:  Information Security Operations Engineer

Location: Corporate

Department: Information Technology

Job Summary:  The Information Security Operations Engineer assists in the design, implementation and highest level tier support of various endpoint and cloud technologies in the Wawa enterprise. This role will have functional knowledge in the areas of threat detection/prevention, endpoint detection and response (EDR), host intrusion prevention, data loss prevention, application allowlisting, sandboxing, Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR), Secure Email Gateway (SEG), and cloud services.

Principal Duties:

• Assist in building and deploying new tools and platforms that help automate, streamline and scale security operations on-premises and within AWS/M365 cloud environments.
• Provide continuous monitoring, maintenance and support of new and existing security toolsets and systems to endure resilience, reliability and scalability.
• Consult with Risk and Compliance team to review security toolset policies are effective at mitigating current industry threats.
• Assist with tuning alerts in SIEM, SOAR and Endpoint tools.
• Assist with validating alerting use cases in SIEM.
• Assist with use case creation including reporting and automation.
• Work with Threat Intel team to ensure alerting for external threats.
• Test and pilot endpoint products for production readiness.
• Monitor security tool infrastructure for vulnerabilities and bug fixes and develop plan to remediate.
• Assist in development of metrics to provide to IT and IS leadership.
• Provide up to date diagrams and support procedures for tier 1 and 2.
• Act as highest tier escalation point for security requests and operational incidents.
• Assist in security incidents from identification through containment, eradication, recovery, and reporting.
• Maintain the necessary interpersonal networks among information security and IT to perform job function.
• Maintain external networks consisting of industry peers, vendors and other relevant parties to address common trends, findings, threats, and cybersecurity risks.
• Maintain foundational knowledge of Payment Card Industry (PCI) Data Security Standard compliance by keeping apprised of changes to the standard, evaluating new systems for impact and supporting annual PCI audit.
• Support audit and assessment process for IT including annual PCI audit, IT general controls review and any other audits or assessments of security and general IT controls.

Essential Functions:

• Excellent written and verbal communication skills, interpersonal and collaborative skills.
• Up-to-date knowledge of methodologies and trends in both information security and IT.
• Must be a critical thinker, with strong problem-solving skills.
• Ability to participate in small internal Endpoint Protection related tools and technology projects with dependencies on external IT teams.
• High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
• High degree of initiative, dependability and ability to work with little supervision while being resilient to change.
• Maintain a working environment conducive to positive morale and teamwork.
• Ability to be on-call 24x7x365 rotation for information security incidents.
• Ability to complete assigned tasks and procedures in support of IS team.

Basic Requirements:

• Minimum of 3 years experience in a combination of incident response, information security and IT.
• Development experience with scripting languages such as Python, JavaScript and/or PowerShell preferred.
• Degree in technology-related field preferred, or equivalent work- or education-related experience.
• Professional security or information technology certification is desirable, such as CISSP, Splunk Core Certified User, Network+ and Security+.
• Foundational knowledge of incident response standards such as NIST 800-61 Rev 3, Computer Security Incident Handling Guide, ISO/IEC 27035:2023, and information security incident management
• Foundational knowledge of information security concepts and technologies such as: networking, network segmentation, vulnerability scanners, firewalls, IPS\IDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, cloud services, mobile devices, etc.
• Technical experience with multiple security controls and tools including SIEM, SOAR, EDR, SEG, network monitoring, HIPS, cloud security tools and DLP.

Wawa will provide reasonable accommodation to complete an application upon request, consistent with applicable law. If you require an accommodation, please contact our Associate Service Center at asc@wawa.com.

Wawa, Inc. is an equal opportunity employer. Wawa maintains a work environment in which Associates are treated fairly and with respect and in which discrimination of any kind will not be tolerated. In accordance with federal, state and local laws, we recruit, hire, promote and evaluate all applicants and Associates without regard to race, color, religion, sex, age, national origin, ancestry, familial status, marital status, sexual orientation or preference, gender identity or expression, citizenship status, disability, veteran or military status, genetic information, domestic or sexual violence victim status or any other characteristic protected by applicable law. Unlawful discrimination will not be a factor in any employment decision.