Giant Eagle Supermarkets

About Giant Eagle Supermarkets


Job Category:

Information Technology


United States

Postal Code:


Approximate Salary:

Not Specified

Position Type:

Full Time

Analyst, Information Security

Giant Eagle Supermarkets - Pittsburgh, Pennsylvania

Posted: 12/11/2018

About Us

Giant Eagle Inc., ranked 36 on Forbes magazine's largest private corporations list, is one of the nation's largest food retailers and distributors with approximately \\$9.5 billion in annual sales. Founded in 1931, Giant Eagle, Inc. has grown to be the number one supermarket retailer in the region with more than 420 stores throughout western Pennsylvania, north central Ohio, northern West Virginia, Maryland and Indiana.

Giant Eagle was previously named America's Second Harvest Regional Retailer of the Year for its support of local food banks, and also actively supports numerous community events, the United Way, Children's Hospital, Race For The Cure and other non-profit organizations. The company also has created education initiatives such as Apples For The Students, which has provided millions of dollars in computer equipment, software and other classroom learning tools for local schools and the Be A Smart Shopper school nutrition program. Further information can be found at

Position Summary

The Associate Information Security Analyst is responsible for information security operations such as event log monitoring, incident response, IDS/IPS maintenance, SIEM report maintenance and review and similar operational areas of enterprise information security. The Associate Information Security Analyst is also tasked with monitoring and advisement of emerging security threats as it applies to the enterprise.

Job Responsibilities

  • Perform network and application vulnerabilty assessments and associated reporting and remediation instructions. Perform technical risk assessments for enterprise systems and report gaps and remediation actions. Analysis includes automated testing using standard tools as well as manual testing and interrogation of web based applications.
  • Maintain Intrustion Prevention System and passive Intrustion Detection Systems. Perform signature updates and reviews and tuning of sensors. Report and escalate intrustion attempts and suspicious or anomalous network traffic.
  • Configure SIEM (Security Information and Event Management) platforms to include obtaining data from endpoints and network devices and generating reports. Analyze reports for security related incidents and escalate appropriately.
  • Perform regulatory compliance audits including SOX, PCI, HIPAA. Report findings and advise on remediation efforts. Assist in preparing business application owners prior to external audits.
  • Assist with advisement and interpretation of emerging regulations and legal requirements. Research, monitor and advise to emerging security threats and developments that affect business systems or network infrastructure.
  • Monitor and advise on security related updates for endpoint applications, server applications, as well as vendor supplied or proprietary security patches. Responsible for coordination with various teams to ensure patches are deployed in a timely manner based on risk assessment to the organization.
  • Design and maintain various cryptographic solutions including x.509 based certificate cryptography, PGP/GPG PKI infrastructure, TLS/SSL tunneling solutions, endpoint encryption, and other cryptographic solutions on mulitple platforms, both at rest and in motion.
  • Perform penetration testing on multiple platforms and network environments including wireless (RF), wired, physical, social, and the like following frameworks such as the OSSTMM and ISSAF.
  • Review firewall rules and access control lists for appropriate access; may include port and protocol analysis to best determine scope of access rules.
  • Assist in creating and maintaining information security policies, including technical and administrative policies.
  • Availability for 24/7 rotational support.
  • Conduct research on new security technologies and products, both open source and vendor proprietary.
  • Little or no financial or budgetary responsibility Amount of Budgetary Responsibility: \\$0
  • None

Education and Training Required

  • Bachelors Degree Computer Science, Engineering, or equivalent

Experience Required

  • 3 to 5 years

Experience Desired

  • Three years+ experience with open source security software and information security specific tools.
  • Experienced unix shell scripting and Windows powershell knowledge.
  • Experience in blind (black box) application testing, network testing, and penetration testing.
  • Familiarity with audit process and standards (ISO, NIST, SOC-1/2, SAS 70 and others).
  • Experience with analyzing and securing .NET applications.
  • Deep comprehension of protocol specific TCP/UDP communications.
  • Experienced in host security hardening multiple platforms including AIX, Linux, Macintosh, Windows and mobile devices.
  • Incident response experience including chain of evidence practices and analysis using proprietary and open source forensics tools.
  • Strong technical skills and capacity to learn emerging technologies.

Competencies Required

  • Adaptability
  • Customer Focused
  • Gets Things Done
  • Interpersonal Skills
  • Problem Solving
  • Respect for Self and Others
  • Analytical
  • Composure
  • Computer Skills
  • Conflict Resolution
  • Continuous Learner
  • Creative
  • Numeric Computation/Reporting
  • Open to Feedback
  • Presentation & Verbal Communic
  • Project Management
  • Technical (specific to job)
  • Written Communication

Work Environment

  • Normal office environment
  • Work from Home

Physical requirements

Equipment Used

  • Calculator
  • Computer
  • Copier
  • Telephone

Apply Now