Security Engineer

Grainger

(Lake Forest, Illinois)

Full Time

Job Posting Details

About Grainger

Grainger is a business-to-business distributor of products used to maintain, repair or operate facilities. Millions of businesses and institutions worldwide rely on Grainger for pumps, motors, hand tools, janitorial supplies, fasteners and much more. These customers represent a broad collection of industries including healthcare, manufacturing, government and hospitality.

Summary

This individual is responsible for design, development and delivery of new security solutions, providing escalation support to the dedicated Security Operations Center. The individual will facilitate and gather requirements from our customers and provide security solutions to meet their needs while aligning with Grainger strategies, policies, standards, guidelines, and procedures.

Responsibilities

* Collaborate with other teams as necessary to ensure customer service levels are met.
* Design and development of Security Solutions to protect Grainger IT assets worldwide.
* Provides expert advice into the conceptual design and execution of the enterprise wide security solutions. (Windows, UNIX, Network, Web, TCP/IP, etc.).
* Understanding of Cloud solution best practices and integration techniques.
* Facilitate the gathering of security requirements/specifications specific to Remote Connectivity (intra and intercompany), Internet facing solutions, eCommerce, Mobility, etc.
* Proactively protect the integrity and confidentiality of Information Assets in all systems and environments.
* Provide Level III Support for escalated tickets from SOC and other engineering teams.
* Engineer solutions to ensure Payment Card Industry (PCI-DSS) and Sarbanes-Oxley (SOX) Compliance.
* Partner and execute changes in the Security Landscape based on results from analysis received from Internal Controls & Compliance, Internal Audit, External Audit and other functions as deemed appropriate.
* Participate in projects as required; analyze, design, develop and implement security solutions which protect the information assets while enabling business functionality.
* Provide subject matter expertise for Architecture, Planning and Roadmap sessions.
* Researches, evaluates, designs, tests, recommends and plans the implementation of new or updated information security technologies.
* Document solutions engineered to be handed off to tier 1 and 2 support organizations.
* Assist in forensic investigations using standard tools and procedures to provide data to Legal, HR and Management.
* Assist in IT and Application penetration testing using standard tools and procedures.
* Perform Root Cause analysis on incidents engaging proper SMEs for assistance.
* Follow SDLC processes and procedures with the ability to perform code review and analysis.
* Perform product and solution life cycle management ensuring capacity, integrity and availability of all systems.

Collaborate with other teams as necessary to ensure customer service levels are met.
Design and development of Security Solutions to protect Grainger IT assets worldwide.
Provides expert advice into the conceptual design and execution of the enterprise wide security solutions. (Windows, UNIX, Network, Web, TCP/IP, etc.).
Understanding of Cloud solution best practices and integration techniques.
Facilitate the gathering of security requirements/specifications specific to Remote Connectivity (intra and intercompany), Internet facing solutions, eCommerce, Mobility, etc.
Proactively protect the integrity and confidentiality of Information Assets in all systems and environments.
Provide Level III Support for escalated tickets from SOC and other engineering teams.
Engineer solutions to ensure Payment Card Industry (PCI-DSS) and Sarbanes-Oxley (SOX) Compliance.
Partner and execute changes in the Security Landscape based on results from analysis received from Internal Controls & Compliance, Internal Audit, External Audit and other functions as deemed appropriate.
Participate in projects as required; analyze, design, develop and implement security solutions which protect the information assets while enabling business functionality.
Provide subject matter expertise for Architecture, Planning and Roadmap sessions.
Researches, evaluates, designs, tests, recommends and plans the implementation of new or updated information security technologies.
Document solutions engineered to be handed off to tier 1 and 2 support organizations.
Assist in forensic investigations using standard tools and procedures to provide data to Legal, HR and Management.
Assist in IT and Application penetration testing using standard tools and procedures.
Perform Root Cause analysis on incidents engaging proper SMEs for assistance.
Follow SDLC processes and procedures with the ability to perform code review and analysis.
Perform product and solution life cycle management ensuring capacity, integrity and availability of all systems.

Ideal Candidate

* 3+ years of experience or training in Security solution design, implementation and troubleshooting across all computer platforms.
* 5 or more years required of combined IT and security work experience with a broad exposure to infrastructure/network and multi-platform environments.
* Experience and hands-on working knowledge with a variety of security tools including but not limited to Firewall, VPN, SEIM, IDS/IPS, HIDS, malware analysis and protection, content filtering, logical access controls, data loss prevention, content filtering technologies, application firewalls, vulnerability scanners, forensics software, and security incident response.
* CISSP is highly preferred.
* Good understanding of Risk and Compliance framework, regulatory compliance (Sarbanes-Oxley (SOX) and PCI-DSS).
* Highly self-motivated
* Strong attention to detail
* Ability to effectively prioritize and execute tasks in a complex environment
* Solid understanding of standard business processes including Change Management, Problem Management, Work Prioritization, Quality Assurance, and Continuous Improvement best practices, etc.
* Strong client relationship management skills.
* Very strong analytical and problem-solving skills.
* Strong verbal and written communication skills.
* Strong interpersonal and conflict management skills.

3+ years of experience or training in Security solution design, implementation and troubleshooting across all computer platforms.
5 or more years required of combined IT and security work experience with a broad exposure to infrastructure/network and multi-platform environments.
Experience and hands-on working knowledge with a variety of security tools including but not limited to Firewall, VPN, SEIM, IDS/IPS, HIDS, malware analysis and protection, content filtering, logical access controls, data loss prevention, content filtering technologies, application firewalls, vulnerability scanners, forensics software, and security incident response.
CISSP is highly preferred.
Good understanding of Risk and Compliance framework, regulatory compliance (Sarbanes-Oxley (SOX) and PCI-DSS).
Highly self-motivated
Strong attention to detail
Ability to effectively prioritize and execute tasks in a complex environment
Solid understanding of standard business processes including Change Management, Problem Management, Work Prioritization, Quality Assurance, and Continuous Improvement best practices, etc.
Strong client relationship management skills.
Very strong analytical and problem-solving skills.
Strong verbal and written communication skills.
Strong interpersonal and conflict management skills.