Staff Infosec Engineer

About the Role

As a member of the InfoSec Cyber Defense team, you will play a crucial role in safeguarding our organization against cyber threats, fostering a culture of security awareness, and acting as a key escalation point for the Security Operations team. You will be responsible for identifying, analyzing, and responding to security incidents while collaborating with cross-functional teams to enhance our overall security posture.

What You'll Do

Cyber Threat Intelligence:

• Monitor, assess, and report on emerging cyber threats and vulnerabilities that may impact the organization.
• Analyze threat intelligence data to identify potential risks, attack vectors, and threat actors.
• Develop actionable intelligence reports and recommendations to inform security strategies and incident response activities.

Security Awareness:

• Design and implement security awareness programs to educate employees on best practices, potential threats, and secure behavior.
• Conduct regular security training sessions and simulations to ensure all staff understand their role in maintaining a secure environment.
• Evaluate the effectiveness of security awareness initiatives and make continuous improvements based on feedback and emerging threats.

Incident Response and Escalation:

• Serve as a primary escalation point for the Security Operations team to investigate and respond to security incidents.
• Perform in-depth analysis of incidents, determine root causes, and develop remediation plans.
• Collaborate with internal teams, including IT, Legal, and Compliance, to manage and mitigate security incidents effectively.

Fraud Prevention and Asset Protection:

• Support fraud prevention efforts by identifying, analyzing, and mitigating threats to financial and customer data.
• Work closely with the Asset Protection team to align cybersecurity efforts with physical security practices.
• Develop and maintain processes to detect and respond to fraud attempts and other malicious activities.

Policy and Procedure Development:

• Assist in the creation and maintenance of security policies, procedures, and standards.
• Ensure that all security measures comply with industry regulations and company standards.

Continuous Improvement:

• Stay current on the latest security trends, tools, and techniques to strengthen the organization’s security posture.
• Participate in post-incident reviews to identify gaps and develop lessons learned for future improvements.

Who You Are

• Bachelor's degree in Computer Science, Information Security, Criminal Justice, or a related field, or equivalent experience.
• Proven experience in cybersecurity, cyber threat intelligence, or a similar role, preferably within a large organization.
• Strong knowledge of security principles, threats, vulnerabilities, and incident response.
• Experience in fraud prevention, asset protection, or a related field.
• Ability to analyze complex security data and provide actionable recommendations.
• Strong communication skills, with the ability to convey technical information to both technical and non-technical audiences.
• Excellent problem-solving and decision-making skills, with a proactive approach to identifying and addressing security risks.

Preferred Qualifications:

• Experience in a retail environment or understanding of the retail industry.
• Relevant certifications (e.g., Security+, CISSP, CISM, CISA) are a plus.
• Experience working in a Security Operations Center (SOC) or similar high-pressure environment.