Senior Security Engineer

SPS Commerce is hiring a Senior Security Engineer to ensure our development, infrastructure, and business practices have security defined, integrated, and implemented according to the SPS security incident monitoring program, and threat and vulnerability management best practices. You will work closely with cross-functional teams to ensure the effectiveness of our security tools and technologies. The ideal candidate will possess experience in information security, a strong understanding of various security tools, and proficiency in scripting and automation.

Based in our office in downtown Minneapolis, our hybrid work model provides the best of both worlds.  We #succeedtogether through in person collaboration, balanced with remote work to provide flexibility.  Our team is typically in the office 1 day per week.

Why join SPS?

We solve retail supply chain problems by cutting through inefficiency with innovation and automation. At SPS we empower retailers, suppliers, distributors, grocers, and logistics partners to work better together with our people, our process, and our tech products. We have the world’s largest retail network, and we don’t just lead the industry, we are the industry.

At SPS, we believe every employee makes a difference. We ensure employees have the tools, resources, and training to explore new ideas and execute them. Our success comes from playing as a team and always playing to win. Careers don’t just grow here, they’re made here.

What is the day-to-day like?

In this role you will have primarily responsibility as our security tools engineer.  You will maintain all of our security platforms, keeping them up and running and ensuring the operate as intended.  Your responsibility will be day-to-day management of the tools, keeping them efficient and identifying gaps so the team can work on driving improvements. 

• Design, deploy, and maintain security tools such as CrowdStrike and Rapid7 to enhance the organization's security posture.
• Configure and manage SIEM (Security Information and Event Management) systems to monitor, detect, and respond to security incidents effectively.
• Collaborate with internal teams to identify security requirements and implement solutions that meet business needs while adhering to industry best practices.
• Develop and maintain custom scripts and automation tools, particularly using Python, to streamline security processes and enhance efficiency.
• Conduct regular assessments of security tools and technologies to ensure they remain effective and aligned with evolving security threats.
• Provide technical expertise and support to troubleshoot security tool-related issues and address vulnerabilities in a timely manner.
• Stay updated on emerging security trends, vulnerabilities, and threat actors to proactively enhance the organization's security defenses.
• Devise reasonable, risk-based security controls to monitor and protect SPS and align with our business objectives.
• Guide daily security operations functions like (but not limited to): vulnerability scanning, threat monitoring, code scanning, etc.
• Help implement the security program strategic plan that improves program maturity and compliance.
• Create or write automation to orchestrate security-related processes – leveraging COTS and custom code.
• Perform security testing (incorporating methodologies like pen testing, red-teaming, SAST, DAST, etc.) of infrastructure and applications as needed.
• Effectively communicate results of security program findings to a broad and diverse set of stakeholders across the company
• Participate in development and evaluation of security toolsets to develop SecOps capability.
• Support and/or lead periodic internal and external security assessments, third-party assessments and due diligence initiatives.
• Develop, manage, and consult on the technical architecture for enterprise security controls.
• Partner with business and technology operations groups to maintain the security threat monitoring infrastructure and tools (perimeter controls, intrusion detection / protection devices, vulnerability scanning tools, security event correlation tools, content surveillance and filtering devices).

What experience and skills do you need?

• 5 years of experience with bachelor’s degree in related business or technical areas; or 8 years of experience without a degree.
• Equivalent work experiences include security engineering/architecture experience and designing and implementing standards, specifications, and procedures.
• Experience in providing technical security guidance to technical and non-technical audiences.
• Experience with compliance standards from SOC 2, SOX, ISO-27001, HIPAA, and PCI-DSS
• Working knowledge of development operations practices – accountable for driving the integration of security into development operations and existing continuous delivery / continuous improvement business processes
• Strong proficiency in security tools such as CrowdStrike and Rapid7
• Experience with SIEM platforms, including configuration, management, and customization.
• Proficiency in scripting and automation, with a focus on Python.
• Familiarity with CI/CD pipelines and integration of security tools into the development lifecycle.
• Excellent problem-solving skills and the ability to troubleshoot complex technical issues.
• Strong communication skills and the ability to collaborate effectively with cross-functional teams.

What experience is preferred?

• System configuration and architecture experience
• Strong knowledge of industry accepted information security best practices, standards, and policies such as NIST CSF, OWASP, CIS, STIG, MITRE ATT@CK, etc.
• Proven ability to manage information security service and operation through effective management of resources.
• Demonstrated experience and understanding of business security and compliance requirements and ability to translate into well-engineered & integrated business solutions.
• Demonstrated ability to take initiative and accountability for achieving results.
• Driven to understand & appropriately respond to customers' business needs.
• Certifications & Licenses: One or more industry certification - CISSP, CISM, CISA, CCFE, GIAC, CCIE, CCSP, ABCP, MBCP, ISA, PCIP, CEH
• Actively participates and contributes to the security community.

SPS Commerce offers a comprehensive package of benefits including health, dental, vision, disability, and life insurance, paid time-off, 401(k), health and flexible spending accounts, stock purchase plan and more.

** EOE including disability / veteran **