IT SECURITY ENGINEER SR Job Listing at Dollar General in Goodlettsville, TN (Job ID 2025-341085)

Description

Company Overview:

The Senior Security Engineer is responsible for designing and leading advanced security solutions to safeguard Dollar General's digital infrastructure, with a focus on cloud, network, and system security in a dynamic retail environment. This role drives layered security integration, mentors junior team members, and utilizes tools such as Palo Alto Networks, Splunk, and F5 ASM to address complex security risk. The ideal candidate brings a balance of technical depth, critical thinking, and pragmatism to strengthen Dollar General's overall security posture.

Duties & Responsibilities: What major responsibilities does this position have and what percentage of time is spent on completing them? (Typically 5 – 7)

• Design and implement security architectures across on-premises and cloud environments (Google GCP, Azure) utilizing tools such as Palo Alto firewalls, F5 ASM, and Akamai App & API Protector.
• Promote modern security fundamentals by embedding security into CI/CD pipelines using Terraform and championing secure design practices for applications and APIs.
• Perform advanced risk analysis and vulnerability management, leveraging tools such as ExtraHop RevealX, Palo Alto Cortex XDR, and Sysdig Secure to identify and mitigate threats.
• Manage and respond to security incidents and perform forensic analysis using Splunk and Proofpoint Email Security while leveraging CyberArk for privileged access control.
• Develop and enforce security policies related to network security (Palo Alto, Fortinet), DNS (Akamai), and identity management (Clearpass), with emphasis on PKI and conditional access frameworks.
• Mentor junior security engineers, fostering critical thinking and hands-on problem-solving skills while collaborating with IT and business units to embed security into organizational processes.
• Research emerging threats and evaluate technologies to inform and enhance Dollar General's security strategy and posture.
  

Knowledge, Skills and Abilities (KSAs): What KSAs are required to perform this job?

• Deep expertise in network security (Palo Alto, Fortinet, Meraki MX), application firewalls (F5 ASM, Akamai App & API Protector, Cloud Armor), and data protection (Digital Guardian DLP, Microsoft DLP).
• Advanced proficiency in cloud security (GCP, Azure) and container security (Sysdig Secure), including tools such as VPC Service Controls and Cloud Armor.
• Strong scripting skills in Python, Bash, or PowerShell, and hands-on experience in Terraform for automating security infrastructure.
• In-depth understanding of PKI, VPN/remote access technologies (CyberArk Alero, GlobalProtect), and DNS security (Akamai DNS, Akamai GLB).
• Exceptional analytical and critical thinking skills with the ability to solve complex security challenges in a pragmatic and business-aligned manner.
• Proven leadership and communication skills, with the ability to mentor team members and influence cross-functional stakeholders.
• Excellent written, oral, and inter-personal communications skills with the ability to clearly communicate complex topics across technical and non-technical audiences.
• Capability to adapt to rapidly changing technologies and threat landscapes, with occasional availability for non-standard hours or travel (up to 5%).

Work Experience &/or Education: What are the minimum education and/or experience requirements necessary to perform this job?

• Bachelor's degree in Computer Science, Information Security, or a related field; or equivalent combination of education and relevant experience.
• Minimum 7 years of experience in information security, including at least 2 years in a senior or leadership capacity.
• Advanced hands-on experience with at least five of the following:
• Palo Alto Networks firewalls and Panorama
• Akamai App/API Protector
• F5 Application Security Manager (ASM)
• Sysdig Secure (or equivalent)
• Google Cloud Platform (GCP) native security tools
• Microsoft Azure native security tools
• Microsoft Defender
• CyberArk Privileged Access
• HCL BigFix
• Splunk Enterprise and Enterprise Security
• Data security methodologies
• DLP technologies
• Proven track record in risk analysis, mitigation planning, and implementing secure configurations across cloud, network, and application layers.
• Preferred certifications: CISSP, CISM, CISSP-ISSAP, Palo Alto PCNSE, Splunk Certified Architect, or GCP Cloud Security Engineer.