- Our Mission: Touching lives for the better
- Our Vision: Touching lives by being the first choice for bargain-minded consumers in the U.S.
About the Team:
Our IT team’s mission is to push the boundaries of technology with the intention of going above and beyond to aid stores and customers and deliver timely solutions to benefit all members of Grocery Outlet. Our team consists of problem solvers and go-getters who are dedicated to being service-oriented and solving important problems.
About the Role:
Grocery Outlet is seeking an Information Security Manager to design, implement, and maintain robust security systems that protect Grocery Outlet’s digital infrastructure and data. You will be responsible for identifying vulnerabilities, developing security protocols, configuring security tools, responding to security incidents while ensuring compliance with SOX and CPPA/CPRA.
Responsibilities Include:
Security Operations (80%)
- Provide technical leadership and oversight to security operations activities and initiatives
- Install and maintain security products: Data loss prevention (DLP), Vulnerability Management, Cloud Security, Identity and Access Management, Web Application Firewall (WAF), Static Application Security Testing (SAST), etc.
- Review and respond to security findings and alerts generated by the Managed Security Services Provider (MSSP), covering system events, log files, and alerts across operating systems, networking equipment, DLP, EDR, and cloud environments.
- Ensure proper configuration and tuning of CrowdStrike to align with the environment creating and managing custom dashboards for ongoing visibility and reporting.
- Analyze network security alerts and events, packet captures and network flows and flow rates
- Create and maintain systems configuration baselines
- Perform enterprise patch management and vulnerability remediation
- Program and write scripts
- Research new threats, attack techniques and methods
- Conduct various assessments including: new technology impact assessments, design requirement assessments and security lifecycle & business impact assessments
Security Engineering (10%)
- Provide technical leadership and oversight to security engineering activities and initiatives, evaluating new security products and solutions
- With guidance of the compliance team, assist with SOX compliance efforts, including audit support and access provisioning
Threat Intel (10%)
- Gather and record key indicators and information about threat campaigns and infrastructure
- Provide intelligence support during incident response and forensic security investigations
- Process and enrich information to ensure timely, actionable, high confidence IOC's are ingested and shareable
- Conduct technical analysis based upon industry accepted threat intelligence analytical frameworks, tools, and standards
Environments, Tools, and Programming Languages
Cloud Environments: Google Cloud Platform (GCP), Microsoft Azure, AWS
Programming Languages: Python, PowerShell, Java
Security Tools: Data Loss Prevention (DLP), CrowdStrike, Cloudflare
About The Pay:
- Base Salary Range: $130,000 - $160,000 Annually
- Annual Bonus Program
- Equity
- 401(k) Profit Sharing
- Final compensation will be determined based upon experience and skills and may vary based on location.
About You:
- 5 - 7 years in cybersecurity roles with hands-on experience in security operations, security architecture, incident response, and risk assessment.
- Proficiency with security tools (SIEM, firewalls, vulnerability scanners), cloud platforms (GCP/AWS/Azure)
- Knowledge of security frameworks like NIST and CIS
- Bachelors degree in Cybersecurity, Computer Science, or related field. Master’s degree or equivalent experience preferred.
- CISSP, CISM, CISA or relevant cloud security certifications
- Strong analytical and problem-solving abilities, excellent communication skills, and ability to work effectively under pressure during security incidents. Must be detail oriented with collaborative mindset cross cross-functional work
Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws.For further information, please review the Know Your Rights notice from the Department of Labor.