The SOC Analyst assists in the detection, response and remediation of cyber related attacks on the Wawa enterprise. This role support the areas of incident response and forensics and participates in incident response activities. Provide thorough results which are documented and correlated. Works with Wawa's managed security service provider (MSSP) to onboard new event sources and use cases. Utilizes technologies such as DLP, DNS, IPS, proxy, SIEM, and related endpoint, mobile and cloud controls to complete incident response activities and threat hunting.
Respond to and perform incident investigations for severity level incidents (high, medium, low) while working with IT and business areas.
Maintain skills and capabilities required to maintain, process, and develop intelligence products that are actionable to internal InfoSec functions, Wawa Cyber Security stakeholders, and the Wawa business areas.
Gain understanding and employ multiple analytical frameworks to drive Cybersecurity Maturity model lifecycle against threats that are of interest to the InfoSec organization.
Provide support in the detection, response, mitigation, and reporting of real or potential cyber threats to the Wawa organization and assist in the automation of these processes.
Perform threat intelligence collection, analysis, and actionable intelligence extraction from the numerous cyber threat intelligence sources that are available externally and internally to the Wawa InfoSec organization.
Assist in developing detection and alert criteria and work directly with Operational Support Team to drive monitoring and defense improvements.
Assist as needed with forensic analysis of network packet captures, DNS, proxy, malware, host-based security and application logs, as well as logs from various types of security sensors.
Perform root cause analysis of security incidents for further enhancement of overall InfoSec defenses.
Provide metrics to measure the effectiveness of the incident response program at request of Security leadership and SOC lead.
Participate in incident response operations and development of standard operating procedures, run books and related templates. Recommend process improvements.
Participate in all tabletop exercises.
Update incident response plan and procedures as well as SOC runbooks.
Provide support, maintenance and development of the Security Information and Event Monitoring (SIEM) platform. This includes the integration of standard and non-standard logs into SIEM solution while revising and developing processes to strengthen security operations.
Assist in overseeing and providing feedback for third party managed security service provider(s).
Participate in testing to validate effectiveness of security monitoring and alerting.
Assist with the static and dynamic malware analysis to support InfoSec defenses and understanding of threat actor TTPs.
Serve as a POC in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, and remediation efforts.
Create the necessary interpersonal networks among information security and line-of-business staff, compliance, audit, physical security, legal, and HR to ensure alignment.
Begin to develop and maintain external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, threats, and cybersecurity risks.
Act as technical resource for internal business teams and the IT department to plan, implement and support of new and existing technologies. Serve as an expert in technical field of knowledge.
Participate in IT and security related projects.
Assist the enterprise architecture and engagement teams to ensure that information security requirements are built into architectures and new technology projects.
Maintain working knowledge of Payment Card Industry (PCI) Data Security Standard compliance by keeping apprised of changes to the standard, evaluating new systems for impact and supporting annual PCI audit.
Support audit and assessment process for IT including annual PCI audit, IT general controls review and any other audits or assessments of security and general IT controls.
Support forensic investigations and data acquisition supporting legal holds.
Assist in incident identification, assessment, quantification, reporting, communication, and mitigation.
Monitor for external threats, assessing risk to the environment and driving proactive risk mitigation and response activities.
Report common and repeated problems (trend analysis) to SOC Team lead and propose process and technical improvements.
Strong written and verbal communication skills, interpersonal and collaborative skills.
Up-to-date knowledge of methodologies and trends in both information security and IT.
Poise and ability to act calmly and competently in high-pressure, high-stress situations.
Must be a critical thinker with strong problem-solving skills.
Ability to participate in a project under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
Ability to lead small internal Incident Response related tools and technology projects.
High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
High degree of initiative, dependability and ability to work with little supervision while being resilient to change.
Maintain a working environment conducive to positive morale and teamwork.
Ability to be on-call 24x7x365 rotation for information security incidents.
Ability to train others.
Respond to SIEM, DLP, Endpoint Security, email, HR Separation, Production Calendar tasks, internal tickets and requests during on call rotation.
Minimum of 3 years of experience in a combination of incident response, information security and IT.
Understanding of relevant legal and regulatory requirements, such as: Payment Card Industry Data Security Standard.
Degree in technology-related field preferred, or equivalent work- or education-related experience.
Professional security management certification is desirable, such as Certified Forensic Investigator (CFI), Certified Forensic Examiner (CFE), Certified Hacking Forensic Investigation (CHFI), GFCA Certified Forensic Analyst (GIAC) or other similar credentials.
Foundational knowledge of incident response standards such as NIST 80-61, Computer Security Incident Handling Guide and ISO/IEC 27035:2016, information security incident management
Foundational knowledge of information security concepts and technologies such as: networking, network segmentation, vulnerability scanners, firewalls, IPSIDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, cloud services, mobile devices, etc.
Retirement & Stock Options Benefits
401k with company contribution
Financial Planning Services
Access to Coaching (Health, Professional, Life)
Charitible Donation Matching Programs
Community Service Programs
Hybrid Work Options
Public Transportation Assistance
Accessible Work Environment
Perks & Discounts
Bring Your Own Device Reimbursement
Cell Phone Reimbursement
Offsite Company Events
On Site Gym/Fitness
Childcare Assistance Programs
Family Medical Leave
Commitment to Work/Life Harmony
Flexible Work Schedule
Paid Sick Days
Health & Wellness
Employee Assistance Program (EAP)
Long Term Disability
Mental Health Benefits
Short Term Disability
Employee Recognition Programs
What types of technologists are you looking to hire? As we continue our digital transformation, we’re looking to hire an incredible team of technologists to build the back-end features and functionality of our platform, including: ● Senior software engineers ● Lead software engineers ● Platform engineers ● Platform architects ● Security engineers ● Risk and compliance ● Forensic analysts ● SCRUM masters What is your tech stack? We are always exploring new technology and languages to see how they can benefit our platform. Right now we’re working with AWS, Java, Kubernetes and Golang on the back-end and ReactJS on the front-end. It can surprise people who only think of Wawa as a convenience store, but we’re very passionate and proactive about using the latest technology to build our digital experiences. There’s a lot of room for our tech team to try new things and bring them to the table. Tell us about what it's like to work at Wawa HQ. Wawa is a people-first organization, which means we care about our people over everything else and treat them fairly. The culture is very supportive and collaborative — everyone works together. And, we really give you the opportunity to spread your wings. We have many people who have worked here for 15 to 40 years, which says a lot. You can go to the cafeteria and eat lunch next to the CEO. It’s the kind of place where everyone is happy to come to work on a Monday morning. And there’s coffee everywhere. How does Wawa give back? Wawa proudly gives back through The Wawa Foundation, a 501 (c)(3) non-profit corporation focused on building stronger communities in three areas of health, hunger and everyday heroes. Since its inception in 2014, The Wawa Foundation has contributed more than $100 million to non-profit community organizations. Wawa and The Wawa Foundation are proud to support seven National Partners with in-store customer fundraising campaigns and provides its associates with year round volunteer and participation opportunities with waived registration and fundraising at community events such as JDRF One Walks, LLS Light the Night, Special Olympics Polar Plunges, among others. At Red Roof, our corporate campus, our associates support some mentoring programs directly including a Big Brother, Big Sister program called Beyond School Walls that brings kids into HQ to get on-the-job mentorship in a real world environment, as well as a partnership through Cristo Rey High School that also pairs high school students with job opportunities. Our Product Development team hosts Future Food Scientist workshops giving middle schoolers from throughout our communities a closer look at careers in the food sciences.