This site uses cookies. To find out more, see our Cookies Policy

System Security Engineer II in Roanoke, VA at Advance Auto Parts

Date Posted: 3/28/2019

Career Snapshot

  • Employee Type:
  • Location:
    Roanoke, VA
  • Career Type:
  • Experience:
    Not Specified
  • Date Posted:

Career Description

Job Description

Infrastructure Security Engineering establishes and maintains an effective security posture across the Advance Auto enterprise. ISE works to maintain network and system security and resiliance through the implementation of hardware, software, and security best practices.  ISE is responsible for the AAP's infrastructure security architecture, engineering and operations.

We are currently seeking for a System Security Engineer II. This a mid-level IT position directly supporting the enterprise environment in all day to day activities.  This role is an individual contributor who will work closely both within a team environment and individually to achieve specific goals.  The successful candidate will be able to work well within a team, collaborate directly with other IT and business departments, and handle several different projects at the same time.


  • Able to diagnose and troubleshoot Host Security Infrastructure issues (Windows and Linux OS, Host Firewall, Host IDS/IPS, Anti-Virus/Anti-Malware, Application Security White-Listing, Disk Encryption, Web Proxy, Network IDSIPS) quickly and efficiently.
  • Request and ticket queue oversight, daily.  Hold weekly meetings with team to solicit questions and recommend actions and solutions to move forward.  Including developing reports to immediate leadership team, explaining trends and status of tickets in queue.
  • Regular network service and infrastructure lifecycle maintenance planning and activities.
  • Communication for incident manager or problem manager for major incidents, including drafting and submitting IT Incident Reports.
  • Configuration and management of Host Firewall, Host IDS/IPS, Anti-Virus/Anti-Malware, Disk Encryption, Web Proxy, Network IDS/IPS policies and services.
  • Escalation of requests or tickets that are not resolved within existing processes.
  • Taking ownership of any P1 ticket with no immediate resolution defined.
  • Regular check-in on P1 and P2 priority tickets.  Comfortable with recognizing and reprioritizing up or down based on defined prioritization guidelines.
  • Ongoing support process development and improvement.
  • Engagement with vendors for system operation, detailed design, and best practices evaluation regarding project initiatives and escalated incidents or problems.

Position Requirements:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • Bachelor’s degree in Computer Science, Engineering or related field.
  • Minimum 3 years (5-7 years desired) of experience hands on experience with LAN and WAN architectures and technologies.
  • A solid understanding of Windows Operating System and Active Directory services, RedHat Linux Operating System, McAfee Host IPS and Firewall services, McAfee VirusScan Enterprise services, McAfee Application Control services, McAfee Endpoint Encryption, IBM ISS IDS, McAfee Enterprise Security Manager, McAfee Intrushield, Access Control Lists and industry best practices.
  • Proficient in the configuration, implementation and troubleshooting of Windows and Linux OS, McAfee Host Firewall, McAfee Host IDS/IPS, McAfee Anti-Virus/Anti-Malware, McAfee Application Security White-Listing, McAfee E-Policy Orchestrator and McAfee Network IPS.
  • Understanding of Firewall, VPN, NAC, Radius/AAA and IDS/IPS solutions.
  • Firm understanding of operation of network firewalls and IPS systems, where they are positioned, and impact they could have on communication between areas of the network.  Able to use event management tools to research and identify complex connectivity scenarios, as well as impact on connectivity due to network firewall or IPS systems.
  • Is part of the on call rotation and able to work primarily through most issues unassisted.
  • Ability to understand Layered Security architecture, Security Zone architecture, Enterprise Application Platform architectures, and Stateful Traffic Flow.
  • Ability to use industry standard tools and learn AAP specific tools to understand and diagnose issues with AAP security systems.
  • The ability to understand IPv4 networks and subnet masks and calculate CIDR boundaries.
  • Able to identify and document the root cause of issues and outages, as well as recommended after-action changes to prevent further recurrences.
  • Able to open a support case and work with vendor support groups to resolve open issues.
  • Familiar with different desktop operating systems and the correct tools for an IT professional.
  • Strong communication skills.
  • Strong interpersonal and collaboration skills.
  • Comfortable with GUI interfaces as well as a CLI interface.
  • Ability to effectively use system monitoring tools to isolate and diagnose problems proactively.
  • Can work independently on many projects or tasks.
  • Maintains awareness of evolving network and security technologies, including training or self-education in relevant fields.