OVERVIEW
Design, implement, and enforce F5 Web Applications Firewall (WAF) security policies that protect systems and data from security risks. Responsible for the identification, investigation, and resolution of security events detected by those systems. Tasks may include involvement in the implementation of new security solutions; participation in the creation / maintenance of policies, standards, baselines, guidelines, and procedures; and conducting vulnerability audits and assessments.
RESPONSIBILITIES (other duties may be assigned)
1. Support / Execute the implementation of Application Security Program including distribution and maintenance of information security and related policies, as assigned by more senior RISC personnel. Implementation should support the department's accountability in setting risk and security policies, standards, guidelines, processes, and procedures.
2. Maintain up-to-date in-depth knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
3. Recommend additional security solutions, or enhancements to existing security solutions to improve overall enterprise security.
4. Perform the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with industry and company standards (e.g., NIST CSF, OWASP Top 10.).
5. Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (e.g., security tools) or not (e.g., workstations, servers)
6. Review logs and reports of all in-place devices. Interpret the implications of activity and devise plans for appropriate resolution.
7. Participate / advise in the design and execution of vulnerability assessments, penetration tests, and security audits.
8. Provide call escalation for all in-place security solutions.
9. Research and write security, risk, and compliance reports indicating the existence of, and effectiveness of, information technology related controls.
10. Evaluate new or modified systems, processes, and/or products vs internal security standards to identify risks that fall outside of Sheetz' risk tolerances.
11. Collaborate with core business partners and other security teams to improve controls via create process design which meet the evolving business needs for customer experience and efficiency.
12. Provide risk consulting and/or training to business and technical partners to improve the effectiveness of risk management across the enterprise.
13. Provide evening and weekend "on call / issue" support as needed. Sheetz is open 24,7,365 and as such, our internal and externa, customers may require support at any time.
QUALIFICATIONS
(Equivalent combinations of education, licenses, certifications and/or experience may be considered)
Education
•Bachelor's degree in Computer Science, Engineering or related field required.
Experience
•Minimum 3 years' experience in Web Application Firewall Administration, F5 Networks ASM, HTTP debugging/troubleshooting, and maintaining complete records of configuration, changes, and incidents required.
•Minimum 3 years' experience with TCP/IP, OSI Model, TLS/SSL, and other network administration protocols required.
•Previous experience with security operations preferred
•Previous exposure to NIST CSF Frameworks, OWASP Top 10, NIST 800-53, and scripting languages (Python, Bash) preferred.
Licenses/Certifications
•Maintain a continuous personal professional development program; this level requires CISSP certification and commitment to pursue additional training or certifications in risk, security, governance, compliance (e.g., CISSP-ISSEP, CISSP-ISSAP, CISSP-ISSMP, GICSP, GMOB, GCIH, CRCMP, CISA, CGEIT, CRISC, CRMA, CORP, advanced degree)
Tools & Equipment
•General office equipment
#J-18808-Ljbffr
