Job Description
Job Title: Information Security SOC Analyst
Location: Corporate
Department: Information Technology
Job Summary: The SOC Analyst assists in the detection, response and remediation of cyber related attacks on the Wawa enterprise. Provide thorough results which are documented and correlated. Works with Wawa's managed security service provider (MSSP) and internal SIEM engineers to develop supporting SOPs. Utilizes technologies such as DLP, DNS, firewall, IPS, proxy, EDR, SIEM, SEG, WAF, security case management and related endpoint and cloud controls to complete incident response activities and threat hunting. This role supports the areas of incident response and forensics.
Principal Duties:
- Respond to and perform incident investigations for severity level incidents (critical, high, medium, low) and including phishing investigations while working with IT and business areas.
- Gain understanding and employ multiple analytical frameworks to drive Cybersecurity Maturity model lifecycle against threats that are of interest to the InfoSec organization.
- Provide support in the detection, response, mitigation, and reporting of real or potential cyber threats to the Wawa organization and assist in the automation of these processes.
- Interact with threat intelligence sources that are available externally and internally to the Wawa InfoSec organization.
- Assist in developing detection and alert criteria and work directly with Operational Support Team to drive monitoring and defense improvements.
- Recommend alert tuning to reduce false positives.
- Assist as needed with forensic analysis of network packet captures, DNS, proxy, malware, host-based security and application logs, as well as logs from various types of security sensors.
- Perform root cause analysis of security notables for further enhancement of overall InfoSec defenses.
- Provide metrics to measure the effectiveness of the incident response program at request of Security leadership and SOC lead.
- Participate in incident response operations and development of standard operating procedures, run books and related templates. Recommend process improvements.
- Participate in quarterly tabletop exercises.
- Update incident response plan and procedures as well as SOC runbooks.
- Assist in overseeing and providing feedback for third party managed security service provider(s).
- Participate in testing to validate effectiveness of security monitoring and alerting.
- Assist with the static and dynamic malware analysis to support InfoSec defenses and understanding of threat actor TTPs.
- Serve as a POC in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, and remediation efforts.
- Create the necessary interpersonal networks among information security and line-of-business staff, compliance, audit, physical security, legal, and HR to ensure alignment.
- Begin to develop and maintain external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, threats, and cybersecurity risks.
- Act as technical resource for internal business teams and the IT department to plan, implement and support of new and existing technologies. Serve as a resource in technical field of knowledge.
- Participate in IT and security related projects.
- Assist the enterprise architecture and engagement teams to ensure that information security requirements are built into architectures and new technology projects.
- Maintain working knowledge of Payment Card Industry (PCI) Data Security Standard compliance by keeping apprised of changes to the standard, evaluating new systems for impact and supporting annual PCI audit.
- Support audit and assessment process for IT including annual PCI audit, IT general controls review and any other audits or assessments of security and general IT controls.
- Support forensic investigations and data acquisition supporting legal holds.
- Assist in incident identification, assessment, quantification, reporting, communication, and mitigation.
- Monitor for external threats, assessing risk to the environment and driving proactive risk mitigation and response activities.
- Report common and repeated problems (trend analysis) to SOC Team lead and propose process and technical improvements.
- Provide peer review of ticket closures.
Essential Functions:
- Strong written and verbal communication skills, interpersonal and collaborative skills.
- Up-to-date knowledge of methodologies and trends in both information security and IT.
- Poise and ability to act calmly and competently in high-pressure, high-stress situations.
- Must be a critical thinker with strong problem-solving skills.
- Ability to participate in a project under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
- Ability to lead small internal Incident Response related tools and technology projects.
- High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
- High degree of initiative, dependability and ability to work with little supervision while being resilient to change.
- Maintain a working environment conducive to positive morale and teamwork.
- Ability to be on-call 24x7x365 rotation for information security incidents.
- Ability to train others.
- Respond to SIEM, DLP, email, HR Separation, phishing, internal ITSM tickets, new store validation, review WAF dashboard, and requests during on call rotation.
Basic Requirements:
- Minimum of 3 years of experience in a combination of incident response, information security and IT.
- Understanding of relevant legal and regulatory requirements, such as: Payment Card Industry Data Security Standard.
- Degree in technology-related field preferred, or equivalent work- or education-related experience.
- Professional security management certification is desirable, such as Certified Hacking Forensic Investigation (CHFI), CompTIA (CYSA+, A+, Net+ or Security+), GFCA Certified Forensic Analyst (GIAC) or other similar credentials.
- Foundational knowledge of incident response standards such as NIST 800-61r3, NIST CSF 2.0, Computer Security Incident Handling Guide and ISO/IEC 27035:2023, information security incident management
- Foundational knowledge of information security concepts and technologies such as: MITRE ATT&CK framework, AI, Emerging attacker techniques, networking, network segmentation, firewalls, IPS\IDS, network analyzers, data loss prevention, endpoint security solutions, endpoint event logs (Windows and *nix), security event management(SIEM), proxies, WAF, cloud services (AWS, M365, Azure, EntraAD), , etc.
Wawa will provide reasonable accommodation to complete an application upon request, consistent with applicable law. If you require an accommodation, please contact our Associate Service Center at [email protected].
Wawa, Inc. is an equal opportunity employer. Wawa maintains a work environment in which Associates are treated fairly and with respect and in which discrimination of any kind will not be tolerated. In accordance with federal, state and local laws, we recruit, hire, promote and evaluate all applicants and Associates without regard to race, color, religion, sex, age, national origin, ancestry, familial status, marital status, sexual orientation or preference, gender identity or expression, citizenship status, disability, veteran or military status, genetic information, domestic or sexual violence victim status or any other characteristic protected by applicable law. Unlawful discrimination will not be a factor in any employment decision.
