Vacatures zoeken

Security Analyst I

Vallarta Supermarkets • Los Angeles, CA, US • 2d geleden

Security Analyst I (Onsite)

Location: Los Angeles, CA

Department: Analytics / Operations

Reports To: Infrastructure Manager

About Vallarta Supermarkets

Vallarta Supermarkets is a proud family-founded grocery chain rooted in authentic Mexican heritage and vibrant Latin culture. What began as a single neighborhood market has grown into one of the fastest-growing supermarket chains in California, bringing fresh foods, traditional flavors, and warm hospitality to the communities we serve. As we continue our rapid expansion, we remain committed to celebrating culture, creating opportunity, and treating every customer and

team member like family.

Vallarta Supermarkets is seeking a hands‑on IT Security Analyst to help protect and strengthen the security of our enterprise IT environment, spanning corporate offices, retail locations, and supporting infrastructure. This role is embedded within IT Operations and works closely with infrastructure and systems teams to detect, respond to, and prevent security threats affecting business‑critical systems.

The ideal candidate will bring strong technical expertise, sound judgment under pressure, and a passion for protecting systems, sensitive data, and users from evolving cyber risks. This role plays a critical part in safeguarding business continuity across our retail operations.

Base Salary: $110,000 – $120,000/year

The Security Analyst will play a key role in:

Monitoring and responding to security incidents
Managing and optimizing tools such as SIEM and XDR solutions
Improving visibility across enterprise environments
Maintaining and enhancing security controls
Identifying and closing security gaps

This position requires initiative, strong technical judgment, attention to detail, and ownership of both investigations and security tooling, along with consistent follow-through and high-quality documentation practices.

Key Responsibilities

Monitor, analyze, and respond to security alerts and events across endpoint, network, identity, and infrastructure security controls.
Investigate suspected security incidents, determine scope and impact, perform root‑cause analysis, and coordinate remediation activities with IT and infrastructure teams.
Own the documentation of incidents, investigations, findings, and remediation actions, ensuring records are accurate, complete, and suitable for operational review and audit purposes.
Assist with the evaluation, deployment, configuration, and ongoing operation of security monitoring, logging, and detection capabilities to improve visibility across on‑premises and cloud‑connected systems.
Perform proactive threat‑hunting and security reviews to identify suspicious behavior, misconfigurations, or control gaps within Windows systems, directory services, endpoints, networks, and virtualization platforms.
Conduct vulnerability assessments, track remediation efforts, and verify the effectiveness of corrective actions.
Configure, maintain, and tune security technologies such as firewalls, endpoint protection, network detection tools, and email or messaging security controls.
Support identity and access management processes, including access reviews, privilege management, and secure account lifecycle practices.
Participate in system hardening, patch management, and baseline security improvement initiatives in coordination with infrastructure operations.
Contribute to the development, maintenance, and improvement of security policies, standards, procedures, and operational runbooks.
Support audits and compliance initiatives (e.g., ISO 27001, NIST, SOC 2, PCI-DSS).
Participate in security awareness training and phishing simulation campaigns.
Support security awareness initiatives and provide guidance to IT staff and employees on secure technology usage and incident reporting.
Participate in security incident response activities outside of normal business hours as needed to support timely investigation and containment of security events.

Qualifications

2-4 years of hands‑on experience in IT security, infrastructure operations, or a closely related technical role.
Solid understanding of Windows operating systems, directory services, networking fundamentals, and common enterprise attack techniques.
Experience investigating security incidents or operational issues and following them through to resolution.
Familiarity with endpoint, network, identity, and infrastructure security controls in an enterprise environment.
Demonstrated ability to analyze information from multiple data sources and make sound decisions under time pressure.
Proven habit of producing clear, accurate technical documentation and maintaining investigation or change records as part of daily work.
Strong written and verbal communication skills, with the ability to explain technical findings to both technical and non‑technical audiences.

Preferred Qualifications

Experience deploying, configuring, managing and operating SIEM, XDR and similar IT security tools and solutions.
Exposure to vulnerability management, system hardening, or baseline security frameworks.
Scripting or automation experience (e.g., PowerShell or similar) to support investigation, data collection, or operational efficiency.
Familiarity with retail, distributed, or multi‑site IT environments.
Industry certifications such as Security+, CySA+, GSEC, or equivalent practical experience.

Key Competencies

Strong sense of ownership and accountability for assigned security investigations and improvement initiatives.
Attention to detail and commitment to accuracy in both technical work and documentation.
Ability to work effectively in environments with competing priorities and limited structure.
Willingness to accept feedback, adjust approaches, and continuously improve technical and operational practices.
Collaborative mindset when working with infrastructure, operations, and leadership teams.

Communication & Interpersonal Effectiveness

The Security Analyst must effectively communicate complex security concepts, risks, and mitigation strategies to diverse audiences, including corporate leadership, retail operations teams, store personnel, IT staff, vendors, and external partners.

This includes the ability to:

Translate technical findings into clear, actionable business language
Communicate risks, incidents, and remediation steps to non-technical stakeholders
Prepare reports, incident documentation, and executive summaries
Deliver presentations, training sessions, and awareness briefings
Collaborate cross-functionally with Loss Prevention, Facilities, HR, Legal, Operations, and leadership teams
Engage professionally with individuals from diverse cultural and professional backgrounds
Produce clear, structured documentation that supports operational review and audit readiness

Physical Demands & Work Environment (California Compliant)

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position, in accordance with applicable California and federal law.

While performing the duties of this job, the employee is regularly required to:

Sit, stand, and walk for extended periods of time
Move between corporate offices, retail locations, data centers, and security areas
Bend, kneel, crouch, stoop, and reach to access network closets, POS systems, IDF/MDF rooms, security hardware, and under-desk or ceiling-mounted equipment
Climb stairs and occasionally use step stools or ladders to access equipment
Use hands and fingers to handle, install, configure, and secure technical devices and cabling
Lift and/or move equipment weighing up to 40 pounds unassisted and up to 75 pounds with assistance
Carry laptops, diagnostic equipment, security appliances, monitors, and related peripherals between locations

Work Environment Conditions

The role may involve working in:

Corporate office settings
Retail store floors during operational hours
Stockrooms, back-of-house areas, and equipment closets
Data centers or telecommunications rooms

Work conditions may include:

Exposure to cords, cables, and equipment creating potential trip, slip, and fall hazards
Limited-space or confined technical areas
Moderate noise levels in retail or server environments
Occasional after-hours or emergency response work during cybersecurity incidents
Travel between retail locations within the region
Employees are expected to comply with all workplace safety, information security, and corporate policies and procedures.

Communication & Interpersonal Effectiveness

The Cybersecurity Security Analyst must effectively communicate complex security concepts, risks, and mitigation strategies to diverse populations, including corporate leadership, retail operations teams, store personnel, IT staff, third-party vendors, and external partners.

This includes the ability to:

Translate technical cybersecurity findings into clear, actionable business language
Communicate security risks, incidents, and remediation steps to non-technical audiences
Prepare written reports, incident documentation, and executive summaries
Deliver presentations, training sessions, and awareness briefings (in person and virtual)
Collaborate cross-functionally with Loss Prevention, Facilities, HR, Legal, Operations, and executive leadership
Engage respectfully and professionally with individuals from diverse cultural, educational, and professional backgrounds
Produce clear written documentation, investigation summaries, and technical records that can be reviewed and understood by others.

The successful candidate will demonstrate cultural competency, discretion, professionalism, and the ability to communicate effectively during high-pressure or incident response situations.