ARE YOU A CURRENT US FOODS EMPLOYEE? PLEASE APPLY DIRECTLY THROUGH OUR INTERNAL WORKDAY CAREER SITE
Join Our Community of Food People!
At US Foods®, innovation and technology is our superpower. By expanding our digital ecosystem and leading with a customer-first mindset, we’re delivering technology that empowers our customers and simplifies business. As we transform the digital landscape of the foodservice industry, we’re outpacing our competitors faster than ever before.
We believe diversity is the cornerstone of creativity and innovation—and we foster an open, inclusive, flexible work environment that supports our transformation.
The Lead Security Operations Analyst conducts, improves, and supplements the management of the day-to-day operations of US Foods’ security incident response program. This role provides advanced support over USFoods' 24x7x365 Tier 1 Security Operations Center (SOC) which is responsible for monitoring, investigating, and performing triage on the daily stream of security alerts gathered from USFoods' hybrid infrastructure. The Lead Security Analyst is responsible to respond to immediate security incidents escalated from the Tier 1 SOC, assessing business impact, and coordinating tactics for containing, mitigating, and eradicating them. The Lead Security Analyst receives, researches, analyzes, documents, and addresses all security incidents as they are received. This individual supports multiple security-related platforms and technologies, interfacing with others within the IT organization, as well as other internal business units and external customers/partners to escalate or remediate security incidents. Events will be generated from endpoints, networks, security information and event management (SIEM) systems, threat intelligence platforms, employees, third parties and other sources. The role requires the highest technical competence and expertise on emerging threats and adversarial techniques, as well as the ability to quickly understand complex environments. The role rotates week-long 24x7 On-Call support with fellow team members. Additionally, the Security Operations Analysts participates in the maintenance of security tools (firewalls, secure web gateway service, EDR, etc) firewall rules, SASE configuration, and Certificate management best practices to prevent certificate related outages.
Flexible Work Policy: The work for the Security Operations Analyst Lead position is completely 100% remote anywhere in the United States except Hawaii or United States Territories. This position may have the potential to travel up to 20% dependent on business needs.
RESPONSIBILITIES
• As an active member of the team, respond to monitoring, identify, and analyze forensics and Indicators of Compromise to plan response to security events while achieving SLAs.
• Participate in 24x7 On-Call rotations.
• Participate in incident response procedures, conduct investigations, execute threat containment and eradication tasks, coordinate recovery with IT groups, assess impact with business stakeholders and document incident details in CIRT reports.
• Develop and maintain SOC documentation, including monitoring dashboards, collect SOC performance metrics, generate incident reporting, response playbooks, processes and procedures, and other supporting operational material.
• Liaise with other teams within US Foods’ Information and Cyber Security team, including Governance Risk and Compliance, Security Engineering, Identity and Access Management, and Application & Cloud Security, as well as business functions to facilitate incident response and recovery.
• Leverage automation and orchestration solutions to automate repetitive tasks.
• Collaborate with third party vendors including 24x7 monitoring and incident response managed services.
• Participate in postmortem exercises with a focus on continuous improvement to drive efficiencies.
• Stay current with and remain knowledgeable about new threats. Analyze attacker tactics, techniques, and procedures (TTPs) from security events across a large heterogeneous network of security devices and end-user systems.
• Perform maintenance on security tools and platforms including, firewall policy changes, EDR/AV exceptions, Secure Web Gateway administration, and Microsoft365 security management.
• Participate in threat modeling collaboration with other members of the security team.
• Aid in threat and vulnerability research across event data collected by systems.
• Investigate and document events to aid incident responders, managers and other SOC team members on security issues and the emergence of new threats.
• Partner with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.
• Leverage knowledge in multiple security disciplines, such as Windows, Unix, Linux, data loss prevention (DLP), endpoint controls, databases, wireless security and data networking, to provide effective incident response in a complex heterogeneous environment.
• Maintain working knowledge of advanced threat detection as the industry evolves.
• Responsible for adding Firewall rules and providing validation of Firewall rules.
• Orchestration of Certificate Management best practices to ensure prevention of Certificate related outages.
• Track team's performance metrics and makes recommendations for improvement and growth.
• Manages On-Call rotations.
• Track and report on team's training performance against goals. Assess skills and makes recommendations to ensure skills growth.
• Support leadership - provide input to key decision making.
• Actively promotes a culture of continuous improvement. Identifies and promotes value stream improvements to positively impact SLA performance and efficiency.
• Ensure continuity of security operations management and maintain SLAs when security operations senior manager is not available.
RELATIONSHIPS
• Internal: Enterprise Architecture, Technology Strategy, Technology Governance, Business Continuity and Technology Product Teams. Security Engineering, Security Architecture, Threat & Vulnerability Management, and Leaders across the Innovation and Technology Team.
• External: Technology vendors, including software and service providers; relevant managed security services, and professional services vendors,
WORK ENVIRONMENT
• This role has been segmented as "Remote " meaning works remotely. Can live anywhere in continental US and Alaska. Travel as needed for business.
MINIMUM QUALIFICATIONS
• A minimum of 6 years of information security monitoring and response or related operations experience.
• Strong mentorship skills and demonstrated ability to teach and promote adoption of new skills and techniques.
• Metric oriented with a history of compiling reporting of team performance and providing leadership with insight and recommendations.
• Demonstrated success driving continuous improvement.
• Familiarity with threat hunting and adversary tactics and techniques (i.e., MITRE ATT&CK)
• Ability to read and understand system data including security event logs, system logs, application logs and device logs.
• Security configuration knowledge.
• Expert-level knowledge of collection and analysis methods in multiple tools utilized for data correlation.
• Experience working in a support or operations team in a 24x7x365 operational environment
• Experience working with a security information and event management (SIEM) systems, threat intelligence platforms, security automation and orchestration solutions, and other network and system monitoring tools. Microsoft 365 Defender preferred.
• Basic administration skills of SASE solutions/Zscaler.
• Expert-level knowledge in several skillsets such as networking and internet protocols, operating systems (*nix, Win), Active Directory, Cloud (SaaS and IaaS) and scripting (PowerShell, Python, *nix shells).
• Ability to learn new technologies and skills to stay abreast in evolving threats
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
Education
• Degree from an accredited college/university, institute, OR equivalent professional experience required
Related Experience/Requirements:
• Analytics and problem-solving mindset that balances strategic and tactical thinking.
• Maintains composure and sound decision-making under high pressure conditions.
• Highly organized and efficient.
• Strong written and verbal skills enabling effective communication with different levels of leadership.
• Change management experience.
• Equally effective in individual and team settings as required.
Certifications/Training
• CEH, GCIH, GCFA, GCFE, CSIRT, CISSP, and/or CISM (preferred but not required)
Compensation depends on relevant experience and/or education, specific skills, function, geographic location, and other factors as applicable by law. The expected base rate for this role is between $85,000 - $140,000.
This role will also receive annual incentive plan bonus.
Benefits for this role may include health insurance, pre-tax spending accounts, retirement benefits, paid time off, short-term and long-term disability, employee stock purchase plan, and life insurance. To review available benefits, please click here: https://www.usfoods.com/careers/benefits.html.
#LI-SK1
#Remote
***EOE Race/Color/Religion/Sex/Sexual Orientation/Gender Identity/National Origin/Protected Veteran/Disability Status***
