Job Description

About Us

Join us at WinCo Foods, where we're more than just a grocery retailer - we're a growing family of over 140 supermarkets in 10 states with over 22,000 employee owners. Our purpose is to make the lives of our customers and employee owners better by offering the lowest possible prices to feed their families. Currently, WinCo is the second largest Employee-Owned company in the United States. With more than 500 millionaire employee-owners in our Employee Stock Ownership Plan (ESOP). Our benefits, including top-tier medical plans and tuition support set us apart. In your role, you'll be instrumental in making a real impact in the communities we serve, embodying our purpose every day.

The Cloud Security Engineer is a technical leader responsible for designing, implementing, and continuously enhancing the security of our cloud infrastructure and SaaS ecosystem. This role collaborates with IT and business teams to embed security across cloud and SaaS deployments, proactively identifying risks, and driving strategic security improvements. The ideal candidate has deep knowledge of cloud and SaaS security, strong security engineering expertise, and leadership capabilities for complex cross-domain projects.

Typical Duties and Responsibilities

Cloud Security

• Lead the security design and implementation of cloud architectures (AWS, Azure, and/or GCP)
• Develop and maintain cloud security strategies, standards, and reference architectures
• Review and approve cloud deployment designs to ensure compliance with security best practices
• Evaluate and recommend emerging cloud security technologies and improvements
• Implement and manage Cloud Security Posture Management (CSPM), and other cloud security solutions, to monitor cloud configurations and prevent/detect malicious behavior.
• Align controls with applicable compliance frameworks (CIS, NIST, SOC 2, ISO 27001, etc.)

SaaS Security

• Define and maintain SaaS security standards and reference architectures, integrated with overall security posture
• Implement and manage SaaS Security Posture Management (SSPM) solution to continuously monitor and enforce secure configurations
• Ensure strong identity and access management (IAM) for SaaS — enforce SSO, MFA, provisioning and deprovisioning workflows
• Provide standards and guidelines for securing SaaS integrations and third-party connections.

Secure Configuration, Governance and Compliance

• Lead cloud and SaaS security assessments, configuration audits, and remediation planning when misconfigurations or drift are detected
• Monitor cloud infrastructure and SaaS platforms for suspicious activity, risky configuration changes, unauthorized access, and abnormal user behavior
• Develop and maintain cloud and SaaS detections, alerts, and incident response workflows
• Perform investigations of cloud and SaaS related threats or incidents; conduct root-cause analysis and implement preventative measures to prevent recurrence
• Identify, evaluate, and prioritize risks across cloud and SaaS environments — covering vulnerabilities, misconfigurations, and penetration test or audit findings.
• Collaborate with business and IT stakeholders to define mitigation strategies and risk treatment plans
• Perform other duties as assigned or needed.

Required Education/Experience/Skills

• Bachelors in a technology related discipline or demonstrated equivalent experience.
• At least 6 years Cloud Security, Cyber Security or Cloud Engineering experience.
• Applying knowledge of a variety of information security tools and concepts.
• Design and Engineering of Endpoint Security, Identity Management, or other security related concepts.
• Applying proficiency in 2 or more of the following (or similar): Cloud/SaaS Security, SIEM, EDR, Web Security, Firewall, Email Security, NDR, Password Management, Privileged Access Management, PCI Compliance, Identity Management, GRC, Vulnerability Management, Single Sign On, MFA, BCP, DR.
• Exhibiting strong analytical and problem-solving skills with keen attention to detail.
• Be on-call to trouble-shoot emergencies and respond to security incidents.
• Implementing and managing security tools or best practices for server, endpoint, cloud, network or other systems.
• Displaying thought leadership to solve for complex security problems.

Preferred Qualifications

• Retail grocery experience
• Cloud security certifications
• Vendor certifications in cloud or SaaS security solutions
• Security+
• CISSP

The above statements are intended to describe the general nature of work performed by the employee assigned to this job. All employees must comply with Company policies and applicable laws. The responsibilities, duties, and qualifications required of personnel may vary. #Indeed

EEO/Inclusivity

Applicants must be authorized to work for any employer in the U.S. on a full-time basis. We are unable to sponsor or take over sponsorship of an employment Visa at this time.

As WinCo Foods continues to grow, our diversity—from our variety of perspectives and wide range of experiences—is essential to our strategy and success. We are committed to continue to cultivate and celebrate an inclusive environment in which all employees are valued and respected regardless of their race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.