Cloud & Application Security Engineer (Virtual Position)

Company: US Foods
Location: Des Plaines
Posted on: March 19, 2023

Job Description:

ARE YOU A CURRENT US FOODS EMPLOYEE? PLEASE APPLY DIRECTLY THROUGH OUR INTERNAL WORKDAY CAREER SITE.
Join Our Community of Food People!
The Security Cloud & application Engineer is responsible for implementing, maintaining, monitoring, and managing secure solutions. The engineer delivers these solutions in accordance with the organization's architectural designs, best practices, and regulatory or compliance requirements. As risks change, the Security Engineer is responsible for recommending modifications and enhancements to ensure the organization is evolving with the threat landscape.
The Security Cloud & Application Engineer is expected to contribute to the development and implementation of strategies to protect computer systems, networks, and other digital assets contributing to the corporate security strategy with security leadership and other senior security staffers and technologists. In this position, you will work collaboratively with peers and stakeholders across the enterprise on implementations and management including IT infrastructure, application development, security operations, security audit and end users. With an emphasis on securing systems, applications, third-party connections, service providers and ancillary systems, business-to-business initiatives, third-party relationships, outsourced solutions, and vendors tasked with analyzing current security protocols to identify weaknesses or vulnerabilities that could be exploited by hackers. Considered a knowledgeable individual, the Security Cloud & Application Engineer is expected to implement, monitor, and manage secure solutions that address modern day issues. The Security Cloud & Application engineer supports continuous integration and continuous deployment (CI/CD) initiatives and is an integrated team member working with software developers, system engineers, cybersecurity engineers and systems administrators. At times, the Security Cloud & Application engineer acts as a liaison with business stakeholders to understand the strategy and execution outlook. The role is heavily security-focused and ingrained in the CI/CD pipeline automation to deliver security principles and validation at all times.
ESSENTIAL DUTIES AND RESPONSIBILITIES
--- Handle day-to-day security implementations, monitoring, operational support of hardware and software, applications, managed solutions, and service provider relationships
--- Engage in information security projects assisting in the delivery and support
--- Deliver projects on time, within budget and in accordance with service level agreements (SLAs)
--- Develop security test plans from architectural design. Identify deficiencies and make enhancements to ensure production is not impacted
--- Participate regularly in project and change management meetings
--- Partner with the business to ensure business needs are met while ensuring smooth rollout and implementation of security tools
--- Conduct performance testing to stress the limitations of security solutions while at the same time ensuring business innovation and day-to-day processes are not negatively impacted
--- Respond to and handle service and escalation tickets within SLA expectations
--- Assist with incident response and system stability issues as they occur. This may include involvement outside of regular work hours, and responsiveness is expected
--- Work in tandem with senior engineers, architects, the security operations center (SOC), incident responders (in cases of anomalous activity and host compromise), and technology infrastructure and development team members
--- Implement solutions observing compliance - Health Information Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), etc. - and privacy laws
--- Respond to and handle service and escalation tickets within SLA expectations
--- Perform other duties as assigned by manager
WORK ENVIRONMENT
This role has been segmented as ""Remote "" meaning works remotely. Can live anywhere in continental US and Alaska. Travel as needed for business.
MINIMUM QUALIFICATIONS
--- 5+ years' experience in cybersecurity, including compliance and risk management with a system and network security engineering background required.
--- Highly technical and analytical expertise, with a proven background (5+ years' IT experience in addition to cybersecurity) in technology design, implementation, and delivery required.
--- Skilled in meeting vulnerability and penetration testing requirements
--- Excellence in communicating business risk from cybersecurity issues
--- Record of accomplishment of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively
--- Highly trustworthy; leads by example
--- Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the secure software development lifecycle (SLDC).
--- Should be familiar with static and dynamic code analysis tools
--- Understanding of containers (e.g., Docker) and container orchestration (e.g., Docker Swarm, Kubernetes)
Education
--- Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent work experience.
Certifications/Training
--- CISSP, CISM and/or SANS, or Cisco-related certifications a plus
PREFERRED QUALIFICATIONS
--- Experience with Amazon Web Services (AWS) or Microsoft Azure
--- Scripting in Python, JavaScript, PowerShell, PHP, or Ruby
--- Experience in cloud computing technologies, including software, infrastructure, and platform-as-a-service, as well as public, private, and hybrid environments
--- DevOps background with experience in compliance obligations
--- Experience with one or more of the following: ISO 27001, NIST, PCI Data Security Standard (PCI DSS), HIPAA, Health Information Technology for Economic and Clinical Health (HITECH) Act, SOX, Center for Internet Security (CIS) standards or Service Organization Controls (SOC) 2
--- Working knowledge of Windows, Linux, Unix, and Cisco networking
--- Demonstrated experience with relevant technical security products, such as F5, DDoS and Cloud WAF, AWS/Azure Security Services
--- Ability to work independently and tactically, with effective decision-making skills
The following information is provided in accordance with certain state and local laws. Compensation depends on experience, geographic locations, and other factors permitted by law. In Colorado, the expected compensation for this role is between $94,600 and 126,200. In New York City, the expected compensation for this role is between $105,400 and 140,500 . In California, the expected compensation for this role is between $100,100 and 133,500 . In Washington, the expected compensation for this role is between $94,600 and 126,200 . This role is also eligible for Benefits for this role include health insurance, pre-tax spending accounts, retirement benefits, paid time off, short-term and long-term disability, employee stock purchase plan, and life insurance. To review available benefits, please click here: https://www.usfoods.com/careers/benefits.html .
EOE Race/Color/Religion/Sex/Sexual Orientation/Gender Identity/National Origin/Protected Veteran/Disability Status
US Foods is one of America's great food companies and a leading foodservice distributor, partnering with approximately 300,000 restaurants and foodservice operators to help their businesses succeed. With 28,000 employees and more than 70 locations, US Foods provides its customers with a broad and innovative food offering and a comprehensive suite of e-commerce, technology and business solutions. US Foods is headquartered in Rosemont, Ill., and generates more than $28 billion in annual revenue. Visit www.usfoods.com to learn more.
US Foods may collect personal information from you in connection with the application process. US Foods complies with the California Consumer Privacy Act of 2018, and its policy may be found here (https://www.usfoods.com/content/dam/usf/pdf/Policies/HR/USF_CCPA_policy.pdf) .
US Foods, Inc. is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other basis prohibited by applicable law.
EEO is the Law poster is available here (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf) .
EEO is the Law poster supplement is available here (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf) .
Pay Transparency policy statement is available here (https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf) .
US Foods is committed to working with and providing reasonable accommodation to individuals with disabilities. If reasonable accommodation is needed to participate in the interview process or to perform essential job functions, please contact our US Foods Application Accommodation Line at 866-960-5886. You will be prompted to leave a message. Please state the specifics of the assistance needed and your contact information. A member of our HR department will return your call within two business days.

Keywords: US Foods, Des Plaines , Cloud & Application Security Engineer (Virtual Position), Engineering , Des Plaines, Illinois