US Foods Lead Security Analyst in Rosemont, Illinois

Job Description:

Basic Purpose-

The Lead IT Security Analyst will be responsible for: vulnerability assessment; vulnerability management; enforcing security standards; security of custom applications, complying with requirements of external security audits & recommendations across the enterprise.



  • Collects, analyzes, validates, and prioritizes enterprise vulnerabilities identified by Scanning devices, penetration testing, vulnerability scanning tools, application security code scans;
  • Drives remediation, mitigation, and/or acceptance of risk for identified vulnerabilities;
  • Works with infrastructure, application, and security teams to address identified vulnerabilities;
  • Makes recommendations to resolve vulnerabilities based on security best practice relative to cost, impact, and risk level;
  • Works with application teams to ensure a secure application architecture and that secure development standards are being followed;
  • Performs analysis of security tool needs; contributes to design, integration, and installation of hardware / software;
  • Monitors security system logs (i.e., intrusion detection system, firewall system logs, etc.) and reports on discovered anomalies or problems (i.e. insufficient disk space, inappropriate access patterns, etc.);
  • Assists with security assessments for potential business partners;
  • Keeps fully abreast of trends and changing technologies related to information security fields;
  • Conducts violation / vulnerability report review; coordinates IT risk mitigation;
  • Investigates IT security violations, known vulnerabilities, and data breaches;
  • Performs vulnerability assessments; conducts compliance activities in response to internal and external audits;
  • Performs security research & vendor evaluations at the direction of the ITRM Security Architect; assists with testing and implementation of security solutions;
  • Maintains / enforces security policies and standards;
  • Acts as interface with and liaison to business and IT application owners; ensures applications, infrastructure components, and access are appropriately assessed;
  • Assists IT Security Architect with IT security reviews and signoffs for new systems development projects;
  • Executes security incident response procedures in accordance with threat levels;
  • Monitors the schedules for upgrading, repairing, modifying, or replacing IT security systems, devices, and applications; monitors eCommerce-related processes and equipment;
  • Communicates effectively (both written and verbal);
  • Learns new tools and technologies quickly;
  • Manages multiple priorities and follows a project plan to meet project deliverables;
  • Assists with firewall rule changes and exception;
  • Assists in managing web content filtering solution; adjusting user roles, updating white list URLs and black list URLs;
  • Assists in managing SSL certificates, signs certificates with our public CA providers as well as internal CA.

EOE Race/Color/Religion/Sex/Sexual Orientation/Gender Identity/National Origin/Protected Veteran/Disability Status



Required Qualifications:

  • 5 years of experience in information technology;
  • Recent direct experience working within an information security function;

Direct experience managing one or more of the following:

  • Vulnerability management (i.e., Qualys);
  • Application Security;
  • Firewalls;
  • Identity and Access Management;
  • Single Sign-on;
  • SSL & PKI;
  • Active Directory;
  • Oracle security products;
  • F5;
  • Fortinet NGFW a plus.

Preferred Qualifications:

  • Bachelor's Degree;
  • CISSP certification;
  • Experience working in an organization that provided exposure across multiple IT functional areas (i.e., infrastructure, networking, security, data management, and application development).

Primary Location: Rosemont-IL

Schedule: Full-time Shift: Day Job

Job Function: Systems Admin/Security

Job Level: Individual Contributor

Travel: Yes, 20 % of the Time