Job Description

Company Description

Pilot Company is the 10th largest privately held company in North America with more than 28,000 team members. As the industry-leading network of travel centers, we have more than 950 retail and fueling locations in 44 states and six Canadian provinces. Our energy and logistics division is a top supplier of fuel, employing one of the largest tanker fleets and providing critical services to oil operations in our nation's busiest basins. Pilot Company supports a growing portfolio of brands with expertise in supply chain and retail operations, logistics and transportation, technology and digital innovation, construction, maintenance, human resources, finance, sales and marketing.

 

Founded in 1958, we are proud to be family owned and consider our team members to be part of the family. Our founding values, people-first culture and commitment to giving back remains true to us today. Whether we are serving guests, a fellow team member, or a trucking company, we are dedicated fueling people and keeping North America moving.

 

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

Job Description

The purpose of this job is to maintain and monitor application security systems and procedures to safeguard the company’s information systems, networks and databases and to ensure compliance with security standards.

1. Support application risk assessments in collaboration with other team members
2. Conduct code reviews, including interpretation of the results of SAST and DAST scans, and share issues with team for remediation
3. Assist in investigating network intrusion protection systems (NIPS), host intrusion protection systems (HIPS), and perimeter security alerts in collaboration with senior team members
4. Perform initial investigation and follow up on incident reports with senior team members
5. Respond to security and malware protection alerts and security-related incidents under supervision of senior team members
6. Analyze and investigate output from various security devices and share information about issues with the security team
7. Apply established and ad hoc processes and techniques to identify, validate, prioritize, and track security risks under supervision of senior team members
8. Review, triage, and prioritize control output
9. Promote information security policies, standards, guidelines, and procedures
10. Perform application security reviews and penetration testing under supervision of senior team members
11. Communicate security weaknesses, exploits, and vulnerabilities to the business and technical teams using both technical and non-technical terms
12. Maintain own knowledge by researching and mastering new concepts, technologies, and solutions toward ongoing tasks and deliverables
13. Model behaviors that support the company’s common purpose; ensure guests and team members are supported at the highest level
14. Ensure all activities are in compliance with rules, regulations, policies, and procedures
15. Complete other duties as assigned

Qualifications

* Bachelor’s degree in computer science, information systems or related field, or equivalent work experience required
* Minimum one year’s experience in information or application security required
* GSEC, GISF, or Security+ Certification preferred
* Minimum one year’s experience using one or more programming and scripting languages, i.e., HTML5, Java, Python, Ruby, Perl, Bash, PowerShell
* Intermediate Microsoft Office skills required; advanced skills preferred
* Knowledge of key aspects of combined application and network penetration, AppSec, wireless security, and vulnerability management
* Knowledge of security controls such as Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), International Organization for Standard-ization (ISO), National Institute of Standards and Technology (NIST)
* Knowledge of security attack methodologies, tools, and processes
* Up-to-date knowledge of security threats and defenses against threats
* Knowledge of penetration tools (e.g., Kali, Burp Suite, Qualys Guard, Cenzic, Metasploit, OWASP ZED, sqlmap, nosqlmap, WPScan, Nessus, NMAP)
* Familiarity with Cloud technology (e.g., AWS platform and services, Google Big Query/GCE/GCS)
* Strong written and verbal communication skills
* Ability to develop effective working relationships
* Strong organizational skills with ability to handle competing priorities and plan accordingly to meet deadlines
* Ability to maintain focus and rapidly develop new skill proficiency
* Ability to work under pressure in a fast-paced, dynamic environment with limited supervision, both individually and with a team
* Results-focused and a strong problem solver
* Desire to research and master new concepts and technologies

Additional Information
All your information will be kept confidential according to EEO guidelines.

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online