Cyber Security Operations Engineer Ii

The QuikTrip Information Technology department is now accepting applications for a Cyber Security Operations Engineer II to work in the Corporate Office in Tulsa, OK.

This position is responsible for the execution of incident response, threat detection and continuous improvement of solutions which defend and protect QuikTrip’s computer systems, information, and networks from intentional or unintentional access, modification or destruction. This position assists in the designs, plan, documentation and support of projects and Cyber Security solutions for QuikTrip. This position needs to intently focus on prioritization and always seek the improvement of processes and tools, providing recommendations to senior staff. A successful CSOC Operations Engineer II will have a multidisciplinary background beyond Cyber Security, with knowledge in fields such as client and server systems, networking, and application development. This position will also ensure systems and processes are following regulatory requirements, such as PCI-DSS, HIPAA and SOX. This position is responsible for providing second level support for Cyber Security issues and event response. This position will report to the Cyber Security Operations Lead.

The requirements for this position include:

• Associates in relevant field or the equivalent combination of education and experience.
• Minimum of 4 years of progressive experience with security technology design, administration or incident response in large, complex environments, particularly in multi-region retail.
• Experience in cryptography, network defense, endpoint protection, forensics, data protection, and incident response.
• Understanding of data center technologies and concepts including services, security, infrastructure design, disaster recovery practices.
• Experience troubleshooting of IT systems.
• Experience with compliance standards such as HIPAA, PCI, and SOX.
• Experience with next generation firewalls, IDS/IPS, network access control, email and web security, digital forensics, endpoint detection and response, vulnerability scanning and analysis, data protection, credential vaulting, certificate management, Multi-Factor, access brokering, SIEM, public cloud compliance and Cybersecurity automation and orchestration technologies.
• Experience in planning and tracking the execution of efforts.
• The ability to communicate effectively to both business and IT staff in a professional manner.

The hours for this position are Monday - Friday, 8:00 a.m. - 5:00 p.m. but may vary according to projects and deadlines. The minimum starting salary for this position can be up to $103,300-$129,200 per year, depending on related experience and qualifications.

More Job Description Details:

Major functions for this position:

1. Cyber Security Incident Response – 15% of total job

• a. Participate in Cyber Security Incident Response (CSIRT) as an incident responder, remediating serious attacks escalated from junior team members, assessing the scope of attack and affected systems, and collecting data for further analysis.
• b. Continuously develop and improve security technologies and processes, focusing on the improvement of automated and orchestrated capabilities.
• c. Ownership of documentation for active incidents, during an incident for the life cycle of the incident, and collection of post-mortem artifacts.

2. Cyber Security Infrastructure Operation – 70% of total job

• a. Provide second tier support, with advanced expertise of all QuikTrip Cyber Security technologies both during business hours and on-call.
• b. Develop, execute, and maintain a Preventative Maintenance and Management schedule for all Cyber Security appliances, hardware and software components.
• c. Provide guidance and support to the other operational infrastructure and application teams for problem management, service outages, service requests, and changes.
• d. Work directly with external vendors, carriers, and other IT operations personnel to configure security solutions and resolve support issues.
• e. Provide guidance and support to the other infrastructure and application teams for problem management, service outages, service requests, and changes.

3. Cyber Security Threat Operations – 15% of total job

• a. Perform second tier analysis of exploits such as malware, network intrusions, and unauthorized use to help determine attack-surface, patient zero, and possible pivot-points for escalation.
• b. Investigate notable/suspicious events from various operating systems, network platforms, application logs, cloud platforms, and Cyber Security tools.
• c. Identify, analyze and assist in responding to malicious activity, gather evidence for and assist in recommending which events should be declared as a Cyber Security incident.
• d. Maintain currency on monitoring, detection, prevention, analysis, and investigation techniques/tools, and adversary techniques, and make recommendations for improving Cyber Security event processes, procedures and tooling.
• e. Participate in regular table-top sessions with the Cyber Security team to determine appropriate actions required to address new developing security threats and potential customer impact.
• f. Work with senior analysts to maintain system baselines and configuration management expectations, including Cyber Security event monitoring policies in a timely manner.

Position in Organization:

• Reports to:Cyber Security Operations Lead
• Directly supervises: N/A
• Indirectly supervises: N/A

Relationships:

• Inside the Company: All QuikTrip personnel.
• Outside the Company: Hardware and software vendors, personnel in other companies involved in supporting Cyber Security tools or for triage of incidents.

Position Specifications: The specifications (education, experience, and skills) are those that the employee must have to hold the position. Applicants applying for this position must possess the required specifications in order to be considered for the job. The specifications are those that are not required for the employee to hold the position, but the employee should try to obtain the desired education, experience, and/or skills to be effective and successful in the position.

• 1. Required education: Associates in relevant field or the equivalent combination of education and experience.
• 2. Desired education: Bachelor’s degree in Cyber Security or a degree in a technology related field. Multiple industry certifications in Security, Systems Administration, and/or Networking, such as GDSA, PCNSE or PCSAE.
• 3. Required experience: Minimum of 4 years of progressive experience with security technology design, administration or incident response in large, complex environments, particularly in multi-region retail. Experience in cryptography, network defense, endpoint protection, forensics, data protection, and incident response. Understanding of data center technologies and concepts including services, security, infrastructure design, disaster recovery practices. Experience troubleshooting of IT systems. Experience with compliance standards such as HIPAA, PCI, and SOX.
• 4. Desired experience: Experience in all aspects of Cyber Security technologies and knowledge in threat management and support of large, complex Cyber Security environments. Experience in using a technical backlog to drive continuous improvement of technology and practices.
• 5. Required skills: Experience with next generation firewalls, IDS/IPS, network access control, email and web security, digital forensics, endpoint detection and response, vulnerability scanning and analysis, data protection, credential vaulting, certificate management, Multi-Factor, access brokering, SIEM, public cloud compliance and Cybersecurity automation and orchestration technologies. Experience in planning and tracking the execution of efforts. The ability to communicate effectively to both business and IT staff in a professional manner.
• 6. Desired skills: Working experience with Active Directory and Microsoft and/or Linux OS, networking, identity and access management, wireless networking and security, penetration testing, incident response, and application security methodologies. Understanding of encryption systems and methodology. Experience in scripting or software development or secure coding techniques.

Job Type: Full-time

Pay: $103,300.00 - $129,200.00 per year

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Employee assistance program
• Flexible spending account
• Health insurance
• Life insurance
• Parental leave
• Professional development assistance
• Referral program
• Relocation assistance
• Retirement plan
• Tuition reimbursement
• Vision insurance

Compensation package:

• Weekly pay

Experience level:

• 4 years

Schedule:

• 8 hour shift
• Monday to Friday

Education:

• Associate (Preferred)

Experience:

• Security Technology: 4 years (Required)

Ability to Relocate:

• Tulsa, OK 74134: Relocate before starting work (Required)

Work Location: In person