Senior Info Security Engineer

Based in St. Louis, Core & Main is a leader in advancing reliable infrastructure with local service, nationwide. As a specialty distributor with a focus on water, wastewater, storm drainage and fire protection products and related services, Core & Main provides solutions to municipalities, private water companies and professional contractors across municipal, non-residential and residential end markets, nationwide. With over 370 locations across the U.S., the company provides its customers local expertise backed by a national supply chain. Core & Main's 5,700 associates are committed to helping their communities thrive with safe and reliable infrastructure. Visit coreandmain.com to learn more.

Job Summary

Responsible for day-to-day efforts on Information security risk management for Core & Main, focusing on detailed technology issues.

Major Tasks, Responsibilities and Key Accountabilities

• Conducts independent test and evaluation of new and existing systems. Performs testing to include system security testing, vulnerability scanning, security configuration reviews of desktop/laptop images, writing test plans, test cases/scripts, status reports and test summary reports.
• Identifies security vulnerabilities and develops algorithms and methods for detecting and preventing host and network based attacks.
• Performs advanced analysis and/or reverse engineering of suspect source code and makes the appropriate changes to security event detection systems.
• Implements the appropriate processes and tools to deliver sound investigations as well as analyze log files for activities surrounding security events.
• Initiates security response procedures when a problem is detected and methodically creates and updates security standard documentation. Develops attack and defense methodologies for high risk computer networks. Writes scripts and develop software utilities to automate security analysis efforts.
• Performs a wide range of technical operations related to the location, retrieval, processing, review, analysis, and production of electronic data for discovery, audit, or investigation.
• Performs quality checks on all data collected, copies final data deliverables to various media, and documents the procedures used in the collection process.
• Maintains procedures and devices in compliance with SOX compliance, PCI regulations and other regulatory authorities as required. Provides data to internal or external auditors for security and compliance audits. Serves as a liaison between the legal team, outside counsel, IT personnel, and internal organization.
  

Nature and Scope

• Identifies key barriers/core problems and applies problem solving skills in order to deal creatively with complex situations. Troubleshoots and resolves complex problems. Makes decisions under conditions of uncertainty, sometimes with incomplete information, that produce effective end results.
• Independently performs assignments with instruction limited to the results expected. Determines and develops an approach to solutions. Receives technical guidance only on unusual or complex problems or issues.
• May oversee the completion of projects and assignments, including planning, assigning, monitoring and reviewing progress and accuracy of work, evaluating results, etc. Contributes to employees' professional development but does not have hiring or firing authority.
  

Work Environment

• Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable.
• Typically requires overnight travel less than 5% to 20% of the time.
• Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.
  

Minimum Qualifications

• Must be a minimum of 18 years of age or older
• Must pass pre-employment assessment(s) if applicable
  

Education and Experience

• Typically requires BS/BA in a related discipline. Generally 5-8 years of experience in a related field; certification is required in some areas OR MS/MA and generally 3-5 years of experience in a related field. Certification is required in some areas.
  

Preferred Qualifications

• Strong understanding of network security principles and technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), VPNs, and network segmentation
• Experience with cloud-based network security solutions
• Expertise in privileged access management (PAM), including PAM tools and methodologies, such as least privilege, Just-in-Time (JIT) access, and role-based access control (RBAC)
• Proficiency in SIEM technologies and the ability to analyze security logs to identify and respond to potential threats
• Familiarity with IT governance, risk, and compliance (GRC) frameworks, such as NIST Cybersecurity Framework and ISO 27001
• 5+ years of experience in information security, with a focus on network security
• CISSP certification (or equivalent) preferred
• CCSP certification (or equivalent) preferred

#LI-REMOTE

Core & Main is an Equal Employment Opportunity employer. Employment at Core & Main is based solely on a person's merit and qualifications directly related to professional competence. Core & Main does not discriminate against any employee or applicant on the basis of race, creed, color, religion, national origin, nationality, ancestry, age, disability, veteran status, pregnancy or related condition (including breastfeeding), affectional or sexual orientation, gender identity or expression, marital status, status with regard to public assistance, citizenship, or any other basis protected by law.

None of the questions in this application are intended to elicit information regarding any protected characteristics, nor imply any limitation, illegal preferences or discrimination based upon non-job-related information or protected characteristics.

For more information, please click here or visit https://www.eeoc.gov