Sr IT Security Engineer – Cyber Threat and Vulnerability Job

  • US - MA - Westborough-Home Office
  • 4 days ago

Company Name: BJ's Wholesale Club, Inc.

Location: Westborough-Home Office, MA, US - 01581

Job Duration: 2021-06-10 to 2021-07-10


BJ’s Wholesale Club was the first retailer to introduce the warehouse club concept in the northeastern United States. Today, we’re a multibillion dollar operation with more than 200 clubs in 17 states from Maine to Florida.

While our Members know us for helping them save up to 25% off grocery prices every day, our Team Members  love us for providing a supportive and engaging workplace that’s committed to developing great talent.

If you’re a motivated and enthusiastic person who enjoys working collaboratively and is committed to providing great service for our Members, we want to hear from you. BJ’s offers a fast-paced, team environment with great training opportunities and competitive salary and benefits packages to help you  succeed.

Senior IT Security Engineer – Cyber Threat and Vulnerability 


*we will consider remote candidates for this opportunity


  Job Summary 

We are looking for a highly passionate, proactive and technical individual to join our Cyber Threat and Vulnerability Management Team.  This is a senior individual contributor role within the Threat Operations Team of BJS Information Security, responsible for delivering and optimizing vulnerability detection and threat response processes.   This is not a SOC role and does not entail shift work 


Major Tasks, Responsibilities, and Key Accountabilities 

Vulnerability Management 

  • Oversee the vulnerability management program, including scanning and analysis, working closely with peers in infrastructure and applications to ensure closed-loop remediation process and comprehensive consistent scanning 
  • Devise and track meaningful metrics and trends pertaining to the vulnerabilities and remediation efforts 
  • Drive continuous improvement and strategy in the vulnerability management process and technology ecosystem 
  • Lead, facilitate, and track monthly/ad-hoc meetings with numerous IT, security groups, and executives 
  • Ability to recommend customized assessment action plans when newly identified threats from either intelligence feeds, mainstream media, or internal logging occur 
  • Provide priorities and force ranked vulnerabilities to internal teams to ensure efficiencies and quickest remediation paths 
  • Ensure vulnerability intelligence is gathered and adjusted over time for high awareness of new threats 
  • Work with business areas, compliance, and audit for customized reporting 
  • Critical thinking and enhancing vulnerability severity scores by factoring in our Security Ecosystem, Architecture, and mitigating controls to result in residual risk ratings 
  • Incorporate vulnerability management into the overall Threat Operations and Security Function workflows  
  • General 
  • Assist with off-hours and on-call escalation as needed 
  • Create and manage technical documentation, policies, and procedures 
  • Maintain a strong awareness and understanding of the current threat landscape 
  • Research emerging security threats and potential impact 
  • Research emerging security tools to meet organizational needs 


  • Minimum 3 years hands-on technical experience delivering vulnerability management and threat response processes 
  • Bachelors Degree strongly preferred
  • Self-starter who can work independently in accordance with a strategic direction, while working as part of a small team. 
  • Ability to multi-task and adjust priorities in a dynamic evolving environment 
  • Possess a strong background in major operating systems and cloud platforms   
  • Experience with PCI and familiarity with other compliance regulations and security frameworks, including SOX, HIPAA, NIST, and MITRE 
  • Ability to communicate effectively with others using spoken and written English 
  • Experience with IDS, IPS, Sand-boxing technologies, email security, URL filtering, and Endpoint security controls preferred 

Previous hands-on experience with any of the following highly desired: Tenable, IBM QRADAR, Proofpoint, Crowdstrike EDR, Netskope, Metasploit, and Tripwire 

BJ’s Wholesale Club is committed to a policy of equal employment opportunity for all qualified team members and applicants for employment without regard to race, religion, color, sex, sexual orientation, age, ancestry, national origin, physical and/or mental disability, genetic information, atypical cellular or blood trait, marital and/or familial status, pregnancy, gender identity and expression, military or veteran status, or any other characteristics protected by applicable law.