Information Security Threat Intelligence Analyst

Wawa

Media, PA Hybrid Jul 25
Apply now

The Information Security Threat Intelligence Analyst helps with research and preparation of threat intelligence from numerous internal and external sources to help identify risk to the organization.  This role will provide threat monitoring utilizing OSINT, deep/dark web sources, industry tools and MITRE ATT&CK framework to monitor cyber risks and provide actionable intelligence. The candidate will work with other team members to automate ingestion of threat intelligence sources and indicators of compromise (IOC) into SIEM, SOAR and other security products.

Principal Duties:

  • Monitor industry threats through existing security tools, open source intelligence (OSINT), media and vendor-provided tools, software and resources that could impact Wawa, Inc.
  • Collect threat data to understand the evolving threat landscape, adversarial tactics, techniques and procedures (TTPs) and possible areas of concern that could potentially impact Wawa and it’s partners.
  • Foundational knowledge and experience working with MITRE ATT&CK framework.
  • Automate threat intelligence collection from external sources using Wawa’s SOAR platform.
  • Perform deep/dark web searches for threats, leaked credentials and possible threats via unattributed network and/or third-party tools.
  • Assist in creating threat intelligence briefings for security and IT leadership.
  • Collaborate with intelligence-sharing partners such as RH-ISAC, Verizon, NJCCIC, Visa, Mastercard and Anomali.
  • Compare vulnerable versions of software against Wawa’s software inventory.
  • Create the necessary interpersonal networks among information security and IT to perform job function.
  • Maintain external networks consisting of industry peers, vendors and other relevant parties to address common trends, findings, threats, and cybersecurity risks.
  • Maintain foundational knowledge of Payment Card Industry (PCI) Data Security Standard compliance by keeping apprised of changes to the standard, evaluating new systems for impact and supporting annual PCI audit.
  • Support audit and assessment process for IT including annual PCI audit, IT general controls review and any other audits or assessments of security and general IT controls.

Essential Functions:

  • Excellent written and verbal communication skills, interpersonal and collaborative skills.
  • Up-to-date knowledge of methodologies and trends in both information security and IT.
  • Must be a critical thinker with strong problem-solving skills.
  • Ability to lead moderate internal Endpoint Protection-related tools and technology projects with dependencies on external IT teams.
  • Basic knowledge of AWS and Azure/O365.
  • High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
  • High degree of initiative, dependability and ability to work with little supervision while being resilient to change.
  • Maintain a working environment conducive to positive morale and teamwork.
  • Ability to be on-call 24x7x365 rotation for information security incidents.
  • Ability to mentor and influence others.

Basic Requirements:

  • Minimum of 3 years experience in incident response, information security and IT.
  • Minimum 1 year experience in threat intelligence or open-source intelligence (OSINT) preferred.
  • Development experience with scripting languages such as Python, JavaScript and/or PowerShell preferred.
  • Basic understanding of relevant legal and regulatory requirements such as the Payment Card Industry Data Security Standard (PCI DSS).
  • Degree in technology-related field preferred, or equivalent work- or education-related experience.
  • Professional information technology or security management certification is desirable, such as Network+ or Security+.
  • Foundational knowledge of incident response standards such as NIST 800-150, MITRE ATT&CK, and information security incident management
  • Foundational knowledge of information security concepts and technologies such as: networking, network segmentation, vulnerability scanners, firewalls, IPSIDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, cloud services, mobile devices, etc.
Retirement & Stock Options Benefits
  • 401k with company contribution
  • Company Equity
  • Financial Planning Services
Other
  • Access to Coaching (Health, Professional, Life)
  • Charitible Donation Matching Programs
  • Community Service Programs
  • Hybrid Work Options
  • Pet Insurance
  • Public Transportation Assistance
  • Relocation Assistance
Accessibility
  • Accessible Building
  • Accessible Devices
  • Accessible Work Environment
  • Job Modification
Perks & Discounts
  • Bring Your Own Device Reimbursement
  • Casual Dress
  • Cell Phone Reimbursement
  • Lunch Provided
  • Offsite Company Events
  • On Site Gym/Fitness
  • Special Discounts
Parental Benefits
  • Childcare Assistance Programs
  • Family Medical Leave
  • Nursing Room
PTO/Flexibility
  • Commitment to Work/Life Harmony
  • Flexible Work Schedule
  • Paid Holidays
  • Paid Sick Days
  • PTO
Health & Wellness
  • Dental Insurance
  • Employee Assistance Program (EAP)
  • FSA
  • Gym Reimbursement/Discounts
  • Health Insurance
  • HRA
  • HSA
  • Life Insurance
  • Long Term Disability
  • Mental Health Benefits
  • Onsite Gym
  • Short Term Disability
  • Vision Insurance
Professional Development
  • Employee Recognition Programs
  • Tuition Reimbursement
What types of technologists are you looking to hire? As we continue our digital transformation, we’re looking to hire an incredible team of technologists to build the back-end features and functionality of our platform, including: Senior software engineers Lead software engineers Platform engineers Platform architects Security engineers Risk and compliance Forensic analysts SCRUM masters   What is your tech stack? We are always exploring new technology and languages to see how they can benefit our platform. Right now we’re working with AWS, Java, Kubernetes and Golang on the back-end and ReactJS on the front-end. It can surprise people who only think of Wawa as a convenience store, but we’re very passionate and proactive about using the latest technology to build our digital experiences. There’s a lot of room for our tech team to try new things and bring them to the table.   Tell us about what it's like to work at Wawa HQ. Wawa is a people-first organization, which means we care about our people over everything else and treat them fairly. The culture is very supportive and collaborative — everyone works together. And, we really give you the opportunity to spread your wings. We have many people who have worked here for 15 to 40 years, which says a lot. You can go to the cafeteria and eat lunch next to the CEO. It’s the kind of place where everyone is happy to come to work on a Monday morning. And there’s coffee everywhere.   How does Wawa give back? Wawa proudly gives back through The Wawa Foundation, a 501 (c)(3) non-profit corporation focused on building stronger communities in three areas of health, hunger and everyday heroes. Since its inception in 2014, The Wawa Foundation has contributed more than $100 million to non-profit community organizations. Wawa and The Wawa Foundation are proud to support seven National Partners with in-store customer fundraising campaigns and provides its associates with year round volunteer and participation opportunities with waived registration and fundraising at community events such as JDRF One Walks, LLS Light the Night, Special Olympics Polar Plunges, among others. At Red Roof, our corporate campus, our associates support some mentoring programs directly including  a  Big Brother, Big Sister program called Beyond School Walls that brings kids into HQ to get on-the-job mentorship in a real world environment, as well as a partnership through Cristo Rey High School that also pairs high school students with job opportunities.  Our Product Development team hosts Future Food Scientist workshops giving middle schoolers from throughout our communities a closer look at careers in the food sciences.