Job Listings

SPS Commerce is hiring a Senior Security Engineer to ensure our development, infrastructure, and business practices have security defined, integrated, and implemented according to the SPS security incident monitoring program, and threat and vulnerability management best practices. You will work closely with cross-functional teams to ensure the effectiveness of our security tools and technologies. The ideal candidate will possess experience in information security, a strong understanding of various security tools, and proficiency in scripting and automation.   Based in our office in downtown Minneapolis, our hybrid work model provides the best of both worlds.  We #succeedtogether through in person collaboration, balanced with remote work to provide flexibility.  Our team is typically in the office 1 day per week.   Why join SPS?   We solve retail supply chain problems by cutting through inefficiency with innovation and automation. At SPS we empower retailers, suppliers, distributors, grocers, and logistics partners to work better together with our people, our process, and our tech products. We have the world’s largest retail network, and we don’t just lead the industry, we are the industry.   At SPS, we believe every employee makes a difference. We ensure employees have the tools, resources, and training to explore new ideas and execute them. Our success comes from playing as a team and always playing to win. Careers don’t just grow here, they’re made here.   What is the day-to-day like? In this role you will have primarily responsibility as our security tools engineer.  You will maintain all of our security platforms, keeping them up and running and ensuring the operate as intended.  Your responsibility will be day-to-day management of the tools, keeping them efficient and identifying gaps so the team can work on driving improvements.  - Design, deploy, and maintain security tools such as CrowdStrike and Rapid7 to enhance the organization's security posture. - Configure and manage SIEM (Security Information and Event Management) systems to monitor, detect, and respond to security incidents effectively. - Collaborate with internal teams to identify security requirements and implement solutions that meet business needs while adhering to industry best practices. - Develop and maintain custom scripts and automation tools, particularly using Python, to streamline security processes and enhance efficiency. - Conduct regular assessments of security tools and technologies to ensure they remain effective and aligned with evolving security threats. - Provide technical expertise and support to troubleshoot security tool-related issues and address vulnerabilities in a timely manner. - Stay updated on emerging security trends, vulnerabilities, and threat actors to proactively enhance the organization's security defenses. - Devise reasonable, risk-based security controls to monitor and protect SPS and align with our business objectives. - Guide daily security operations functions like (but not limited to): vulnerability scanning, threat monitoring, code scanning, etc. - Help implement the security program strategic plan that improves program maturity and compliance. - Create or write automation to orchestrate security-related processes – leveraging COTS and custom code. - Perform security testing (incorporating methodologies like pen testing, red-teaming, SAST, DAST, etc.) of infrastructure and applications as needed. - Effectively communicate results of security program findings to a broad and diverse set of stakeholders across the company - Participate in development and evaluation of security toolsets to develop SecOps capability. - Support and/or lead periodic internal and external security assessments, third-party assessments and due diligence initiatives. - Develop, manage, and consult on the technical architecture for enterprise security controls. - Partner with business and technology operations groups to maintain the security threat monitoring infrastructure and tools (perimeter controls, intrusion detection / protection devices, vulnerability scanning tools, security event correlation tools, content surveillance and filtering devices). What experience and skills do you need? - 5 years of experience with bachelor’s degree in related business or technical areas; or 8 years of experience without a degree. - Equivalent work experiences include security engineering/architecture experience and designing and implementing standards, specifications, and procedures. - Experience in providing technical security guidance to technical and non-technical audiences. - Experience with compliance standards from SOC 2, SOX, ISO-27001, HIPAA, and PCI-DSS - Working knowledge of development operations practices – accountable for driving the integration of security into development operations and existing continuous delivery / continuous improvement business processes - Strong proficiency in security tools such as CrowdStrike and Rapid7 - Experience with SIEM platforms, including configuration, management, and customization. - Proficiency in scripting and automation, with a focus on Python. - Familiarity with CI/CD pipelines and integration of security tools into the development lifecycle. - Excellent problem-solving skills and the ability to troubleshoot complex technical issues. - Strong communication skills and the ability to collaborate effectively with cross-functional teams. What experience is preferred? - System configuration and architecture experience - Strong knowledge of industry accepted information security best practices, standards, and policies such as NIST CSF, OWASP, CIS, STIG, MITRE ATT@CK, etc. - Proven ability to manage information security service and operation through effective management of resources. - Demonstrated experience and understanding of business security and compliance requirements and ability to translate into well-engineered & integrated business solutions. - Demonstrated ability to take initiative and accountability for achieving results. - Driven to understand & appropriately respond to customers' business needs. - Certifications & Licenses: One or more industry certification - CISSP, CISM, CISA, CCFE, GIAC, CCIE, CCSP, ABCP, MBCP, ISA, PCIP, CEH - Actively participates and contributes to the security community. SPS Commerce offers a comprehensive package of benefits including health, dental, vision, disability, and life insurance, paid time-off, 401(k), health and flexible spending accounts, stock purchase plan and more.   ** EOE including disability / veteran **  

The Associate Security Analyst II will maintain the confidentiality, integrity and availability of sensitive Company information. The position may also be assigned responsibilities within a diverse set of security subject areas, such as: HIPAA and/or Sarbanes-Oxley (SOX) compliance, SOC2 and SOC1, ISO 27001, risk management including risk methodology and third-party vendor assessments, business resiliency preparedness, PII data protection, privacy, security awareness, and identity and access management. The Associate Security Analyst II will frequently collaborate with others, work independently with limited direction, or in large groups, and communicate facts and results to peers, leaders, and management. This role will leverage knowledge of security standards, processes, procedures and solutions and support security functions.     Does this sound like you? - You have a process improvement mindset and take pleasure in seeing how your contribution impacts the goals of the organization. - You are a self-starter who proactively identifies risks and have the tenacity to see remediation through completion. - You like working in a fast-paced and technology adept environment on a team that values positivity and collaboration. - You are a life long learner who enjoys rolling up their sleeves and solving problems.   Why join SPS?   We solve retail supply chain problems by cutting through inefficiency with innovation and automation. At SPS we empower retailers, suppliers, distributors, grocers, and logistics partners to work better together with our people, our process, and our tech products. We have the world’s largest retail network, and we don’t just lead the industry, we are the industry. At SPS, we believe every employee makes a difference. We ensure employees have the tools, resources, and training to explore new ideas and execute them. Our success comes from playing as a team and always playing to win. Careers don’t just grow here, they’re made here.   What is the day-to-day like?   - Collaborate with stakeholders across the organization to understand processes, procedures, applications, and technologies - Identify opportunities for alignment and continuous improvement in support of company and security objectives - Work directly with internal and external stakeholders to effectively communicate information on SPS security controls - Contribute to application and technology compliance with corporate and regulatory policies/standards & industry best practices - Leverage security standards, processes, procedures and solutions to build and mature security controls - Participate in project work; perform security specific project tasks; lead work streams - Coordinate the activities of others within nature and scope of IT Security   What experience and skills do you need? - Bachelor’s degree in related business or technical area, or an equivalency of education and work experience - Strong communication and time management skills, ability to learn quickly - Experience identifying problems and resolving them - Familiarity and use of assessment tools, risk management tools and methods   Nice to haves? - Prior participation in or responsibility for audits and assessments - Experience with some common security frameworks such as ISO 27001, SOC 1 & 2, NIST CSF, CIS, HITRUST, NIST 800-53/171, CMMC, PCI, etc. - Experience working with vendors, auditors, assessors, 3rd party partners, affiliate and subsidiary organizations - Experience working with technology and software; strong business acumen - Network, system or application design, implementation or support - System administration with experience across multiple platforms and applications   SPS Commerce offers a comprehensive package of benefits including health, dental, vision, disability, and life insurance, paid time-off, 401(k), health and flexible spending accounts, stock purchase plan and more.   ** EOE including disability / veteran **