Company Overview

Dollar General Corporation has been delivering value to shoppers for more than 80 years. Dollar General helps shoppers Save time. Save money. Every day.® by offering products that are frequently used and replenished, such as food, snacks, health and beauty aids, cleaning supplies, basic apparel, housewares and seasonal items at everyday low prices in convenient neighborhood locations. Dollar General operates more than 18,000 stores in 47 states, and we're still growing. Learn more about Dollar General at www.dollargeneral.com.

Job Details

GENERAL SUMMARY:

Responsible for working with the information security management team to administer the Company's information security programs, maintain Sarbanes-Oxley, HIPAA, and PCI DSS compliance programs, and designing, implementing, supporting a variety of security systems and applications. The Sr. Engineer will also lead a variety of projects while being responsible, both independently and as a team member, for recommending, designing, implementing, administering, etc. pragmatic information security controls that meet dynamic tactical and strategic information security objectives.

DUTIES and ESSENTIAL JOB FUNCTIONS:

• Designs, implements, administers, and supports multiple information security platforms, systems, and applications. Supports a variety of technologies in a hands-on manner.
• Performs internal security risk assessments, security risk assessments of third party business partners, and detailed security risk assessments of various technologies. Examples include: directory services, database platforms, client and server operating systems, programming languages, web services, firewalls, remote access technologies, messaging platforms, encryption solutions, wireless technologies, internally-hosted applications, externally-hosted applications, cloud services, etc.
• Maintains knowledge of current and emerging security, compliance, and technical developments. Identifies current and potential future vulnerabilities and collaborates with others to identify, recommend, and develop risk remediation plans, and to track remediation outcomes and timelines.
• Supports defined Company operating principles via effective, pragmatic information security controls. Analyzes, defines, implements, and administers efficient business processes related to information security programs. Represents the information security function through pragmatic consultation and participation in a defined SDLC.
• W0rks with the information security management team to administer, maintain, and continuously improve SOX, HIPAA, PCI DSS, and internal controls compliance programs, investigate known or suspected security incidents, support internal and external audits, and assist in the development and implementation of audit response Management Action Plans.
• Uses project management best practices to initiate, manage, and close projects, often simultaneously across a variety of projects. Creates and maintains documents related to projects and information security.
• Mentor and cross-train department team members; lead meetings; build and maintain strong partnerships with multiple departments; coordinate with vendor/support teams.
• Promotes security best practices via awareness, example, and compliance with policies and regulatory requirements.

Qualifications

KNOWLEDGE and SKILLS:

• Familiar with and ability to apply time-proven, generally accepted information security methodologies, concepts and techniques.
• Strong understanding of current and developing security technologies and trends.
• Strong, effective written and oral communication skills that enables effective communications to multiple audiences.
• Strong understanding of pragmatic implementation of information security controls, holistic defense-in-depth strategies, and protocols used to interconnect networks, and publish application resources.
• Strong understanding of PCI, HIPAA, and SOX regulatory requirements.
• Development/analysis proficiency in one or more scripting languages.
• Ability to learn and retain skills required to adapt to evolving business and technical needs.
• Ability to appropriately influence and motivate others.
• Ability to occasionally work during non-standard shifts, in an on-call capacity, and be available for occasional travel (up to 5%).

WORK EXPERIENCE and/or EDUCATION:

• College degree or equivalent experience in information security.
• Minimum six years of information security generalist experience (broad and deep in data, application, system, and network security domains) with complex technical initiatives. Active CISSP, CISA, or CISM certification preferred.
• Hands-on SME/lead experience with design, implementation, and administration of three or more of the following technologies:
  1. Next generation firewalls
  2. Endpoint security
  3. Security information and event management (SIEM)
  4. Vulnerability scanning
  5. Secure remote access (VPN)
  6. Multifactor authentication
  7. Data loss prevention (DLP)
  8. Privileged user management (PUM)
  9. Web application firewalling
  10. Governance risk and compliance (GRC)
• Experience identifying and addressing security risks associated with host and network operating systems; enterprise services (e.g. directory services, email, content management and collaboration, web publishing, database, network routing and switching, and virtualization); client-server, thin-client, and web-based applications; enterprise applications (e.g. ERP); cloud services; and storage platforms.

Dollar General Corporation is an equal opportunity employer.

---