Information Security Senior SOC Analyst

Job Description Job Title: Information Security Senior SOC Analyst Location: Corporate Department: Information Technology Job Summary: The Senior SOC Analyst leads the detection, response and remediation of cyber related attacks on the Wawa enterprise. This role is well versed in the areas of incident response and forensics and participates in complex incident response activities. This role integrates new projects and technologies from a logging and incident response perspective and works with Wawa's managed security service provider (MSSP) to onboard new event sources and use cases. This role assists in design and implementation of Incident Response related technologies such as DLP, DNS, IPS, proxy, SIEM, and related endpoint, mobile and cloud controls. Principal Duties: Respond to and perform incident investigations for all severity level incidents (critical, high, medium, low) while working with IT and business areas. Maintain skills and capabilities required to maintain, process, and develop intelligence products that are actionable to internal InfoSec functions, Wawa Cyber Security stakeholders, and the Wawa business areas. Employ multiple analytical frameworks to drive Cybersecurity Maturity model lifecycle against threats that are of interest to the InfoSec organization. Lead the detection, response, mitigation, and reporting of real or potential cyber threats to the Wawa organization and assist in the automation of these processes. Perform threat intelligence collection, analysis, and actionable intelligence extraction from the numerous cyber threat intelligence sources that are available externally and internally to the Wawa InfoSec organization. Develop detection and alert criteria and work directly with Operational Support Team to drive monitoring and defense improvements. Assist as needed with forensic analysis of network packet captures, DNS, proxy, malware, host-based security and application logs, as well as logs from various types of security sensors. Perform root cause analysis of security incidents for further enhancement of overall InfoSec defenses. Recommend a course of action on each incident/hunt, as well as create and manage the tactical team’s daily activities. Provide metrics to measure the effectiveness of the incident response program at request of Security leadership and SOC lead. Participate in incident response operations and development of standard operating procedures, run books and related templates. Recommend process improvements. Participate in development and execution of annual internal tabletop exercise. Participates in all tabletop exercises. Update incident response plan and procedures as well as SOC runbooks. Maintain and develop the Security Information and Event Monitoring (SIEM) platform. This includes the integration of standard and non-standard logs into SIEM solution while revising and developing processes to strengthen security operations. Assist in overseeing and providing feedback for third party managed security service provider(s). Lead performance of testing to validate effectiveness of security monitoring and alerting. Conduct static and dynamic malware analysis to support InfoSec defenses and understanding of threat actor TTPs. Serve as a primary POC for all critical incident response activities such as host triage and retrieval, malware analysis, remote system analysis, and remediation efforts. Create the necessary interpersonal networks among information security and line-of-business staff, compliance, audit, physical security, legal, and HR to ensure alignment. Maintain external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, threats, and cybersecurity risks. Act as technical consultant for internal business teams and the IT department to plan, implement and support of new and existing technologies. Serve as an expert in technical field of knowledge. Provide information security expertise and guidance on IT and business-related projects as required by the business. Participate in IT and security related projects. Collaborate with the enterprise architecture and engagement teams to ensure that information security requirements are built into architectures and new technology projects. Maintain working knowledge of Payment Card Industry (PCI) Data Security Standard compliance by keeping apprised of changes to the standard, evaluating new systems for impact and supporting annual PCI audit. Support audit and assessment process for IT including annual PCI audit, IT general controls review and any other audits or assessments of security and general IT controls. Support forensic investigations and data acquisition supporting legal holds. Lead incident identification, assessment, quantification, reporting, communication, and mitigation. Monitor for external threats, assessing risk to the environment and driving proactive risk mitigation and response activities. Report common and repeated problems (trend analysis) to SOC Team lead and propose process and technical improvements. Essential Functions: Excellent written and verbal communication skills, interpersonal and collaborative skills. Up-to-date knowledge of methodologies and trends in both information security and IT. Poise and ability to act calmly and competently in high-pressure, high-stress situations. Must be a critical thinker with strong problem-solving skills. Ability to participate in multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives. Ability to lead moderate internal Incident Response related tools and technology projects with small dependencies on external IT teams. High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity. High degree of initiative, dependability and ability to work with little supervision while being resilient to change. Maintain a working environment conducive to positive morale and teamwork. Ability to be on-call 24x7x365 rotation for information security incidents. Ability to mentor and influence others. Respond to SIEM, DLP, Endpoint Security, email, HR Separation, Production Calendar tasks, internal tickets and requests during on call rotation. Basic Requirements: Minimum of 5 years of experience in a combination of incident response, information security and IT. Understanding of relevant legal and regulatory requirements, such as: Payment Card Industry Data Security Standard. Degree in technology-related field preferred, or equivalent work- or education-related experience. Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Forensic Investigator (CFI), Certified Forensic Examiner (CFE), Certified Hacking Forensic Investigation (CHFI), GFCA Certified Forensic Analyst (GIAC) or other similar credentials. Moderate knowledge of incident response standards such as NIST 80-61, Computer Security Incident Handling Guide and ISO/IEC 27035:2016, information security incident management Moderate knowledge of information security concepts and technologies such as: networking, network segmentation, vulnerability scanners, firewalls, IPS\IDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, cloud services, mobile devices, etc. Wawa will provide reasonable accommodation to complete an application upon request, consistent with applicable law. If you require an accommodation, please contact our Associate Service Center at asc@wawa.com or 1-800-444-9292. Wawa, Inc. is an equal opportunity employer. Wawa maintains a work environment in which Associates are treated fairly and with respect and in which discrimination of any kind will not be tolerated. In accordance with federal, state and local laws, we recruit, hire, promote and evaluate all applicants and Associates without regard to race, color, religion, sex, age, national origin, ancestry, familial status, marital status, sexual orientation or preference, gender identity or expression, citizenship status, disability, veteran or military status, genetic information, domestic or sexual violence victim status or any other characteristic protected by applicable law. Unlawful discrimination will not be a factor in any employment decision. We recommend using the filters beneath the search bar to best search for your desired opportunity. Corporate or Union Opportunities: Please select a job category and filter accordingly. Store Operations Opportunities: Please use the distance and location filter to view opportunities near you. For more questions about navigating your Workday Home and/or Wawa’s hiring process, please click here. Wawa is an associate-owned, privately held organization with more than 950 stores and 40,000 associates who have a shared purpose of “Fulfilling Lives, Every Day,” for our customers, communities and each other. Wawa has evolved into a one-stop convenience retailer offering fresh food, beverages and fuel in Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Florida and Washington D.C. In our journey to achieve “boundless convenience,” Wawa offers its own brand of elevated customer service that’s achieved through continued food service innovation, new store growth and digital experiences. Whether you join us as a part-time associate, store leader or corporate associate, you’ll be a part of a team that has a shared mission to put our core values first in everything we do. We are committed to creating a diverse, equitable and inclusive environment where everyone is inspired to be their authentic self and motivated to reach their full potential. We provide a workplace that ensures people of diverse backgrounds and experiences are represented, respected and feel valued for what they bring to the team. For Technical Issues please email: recruitingsupport@wawa.com.