Our Partners thrive The H-E-B Way. As a Security Engineer, you would have a...
HEART FOR PEOPLE ... you have a passion for mentorship and guidance, and love for the direct person-to-person interactions that create strong bonds between teams
HEAD FOR BUSINESS ... you have an ownership mentality and a consistent track record of timely delivery of high-quality software
PASSION FOR RESULTS ... the ability to guide the discussion, remove roadblocks, and provide guardrails for your team as they identify challenges and propose solutions
Security Engineers design and implement best-of-class solutions to improve the security posture of H-E-B technical controls and processes. Security Engineers are Champions of Information Security at H-E-B and will provide consultative services and work with internal business team members and external vendors to collect requirements, design specifications, and create solutions that improve and are aligned with H-E-B's security strategy.
ROLE

• Assess existing security posture against industry best practices and control frameworks and propose solutions and improvements.
• Works with Information System Owners and Administrators to design, propose and implement security relevant standards, techniques and processes for H-E-B technologies.
• Works with H-E-B teams to educate and ensure understanding of H-E-B's technical implementation of security controls and solutions, and ensure gaps, dependencies and defects are identified and addressed.
• Works with H-E-B teams and external security solution vendors to scope, configure and validate solutions to support H-E-B's security posture.
• Leads and drives the software-defined infrastructure environment, configuration and build scripts, and security components of CI/CD collaborating with other H-E-B engineering teams.
• Owns products of H-E-B's information security stack and leads the planning, implementation, lifecycle and care for product security measures and controls.
• Defines, implements, and maintains corporate security policies and procedures and develops operational documentation and processes.
• Operates to safeguard the organization against malicious code, intrusion / unauthorized access, denial-of-service attacks, and attacks by malicious actors / hackers.
• Investigates intrusion attempts, security incidents, malware infections, exploit attempts and internet usage anomalies.
• Establishes plans and protocols to protect data and information systems against unauthorized access, modification, and/or destruction.
• Analyzes and investigates security alerts and helps execute threat responses.
• Researches emerging technologies participates in evaluating technologies that align with business goals, reduces costs, and improves reliability, scalability, and security.
• Champions information security amongst H-E-B partners, sharing and promoting security awareness and safe operating procedures.
• Completes projects and tasks associated with security monitoring, detection, incident response, and security program initiatives.
• Researches and remains up to date with emerging threats and solutions relevant to network security and its implementations. Maintains current knowledge of industry trends and standards in information security.
• Participates in team activities and team planning in regard to improving team skills, awareness and quality of work.
• Responsible for continued personal growth in the areas of technology, business knowledge, and H-E-B policies and platforms.
• Mentors team members.
• Develops and documents standards and best practices.
• Designs, develops, and documents network security architecture patterns as code.

REQUIRED

• Minimum of three (3) years of development and support experience with system and security solutions in medium to large enterprises.
• Understanding of security issues for desktop, virtual, cloud services, and network infrastructures.
• Experience in IT systems and security policies, standards, industry trends, and techniques.
• Experience with secure network protocols and encryption of communications between networked hosts.
• Experience working with hybrid cloud infrastructures.
• Working knowledge of information systems security standards/practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
• Working knowledge of Python, Golang, JavaScript, PowerShell, Perl, or *nix Shell scripting (multiple).
• Working knowledge of IaC platforms such as Terraform, AWS Cloud Formation, Azure ARM Templates, CDK integrations, Pulumi, or Bicep.
• Experience with published standards, guidance, and frameworks related to information security architecture, information security controls, and practical implementation techniques in an enterprise.
• Demonstrated experience designing, developing, configuring, implementing, and managing technical implementations and changes at enterprise scale with diverse solutions from multiple vendors.
• Working knowledge of security testing tools and techniques for mobile, native applications, web applications, distributed and database systems; SAST, DAST, IAST, Fuzzing, SCA, OSS, Containers, WAF application protection, RASP.
• Experience with PKI, digital certificates, secrets management and vaulting, and platform/OS security.
• Able to handle highly confidential information in a strictly professional manner.
• Demonstrate a logical and structured approach to time management and task prioritization.
• Demonstrate a high level of communication skills, verbal and written.
• Familiarity with Agile and other project management methodologies.
• Ability to work well under pressure and have great organizational and interpersonal skills.

RECOMMENDED

• A Bachelor's degree in Computer Science or Software Engineering.
• One or more professional security certifications such as CISSP, OSCP, OSCE, GCIH, CASP, AWS Security, or equivalent.
• Three (3) or more years experience in Information Security, IT Risk Management, or IT Compliance.
• Familiarity with PCI DSS, HIPAA, and other industry regulations
• Familiarity with File Integrity and DLP technologies.

*** Position locations open to San Antonio, Dallas, and Austin, TX areas
ISSEC3232