Senior Cyber Security Analyst

Senior Cyber Security Analyst
At CAVA, we make it deliciously simple to eat well and feel good every day. We are guided by a Mediterranean heritage that’s been perfecting how to eat and live for four thousand years. We prioritize authenticity, curiosity and the pursuit of excellence in everything we do. We are working towards something big, together.

We foster a culture built on five core values: 

• Positivity – Every one of us can change someone’s day for the better.   
• Transparency –We use transparency to help us make decisions through open dialogue
• Humility – We can always find ways to improve.
• Fanaticism – We are passionate about the opportunity to turn every guest into a fanatic.
• Thoughtfulness –We go above and beyond for our guests, our teams and communities. 

The Role:
CAVA/Zoes Kitchen is seeking a Senior Cybersecurity Analyst who will provide ongoing Cybersecurity operations support for the combined IT infrastructure of Cava and Zoe’s Kitchen. As an analyst in the Cybersecurity organization, this role will be critical in safeguarding the critical assets for both the Enterprise and our customers.  

The Senior Cybersecurity Analyst will be responsible for supporting Network and Cloud Security, Compliance, Risk Management, Vulnerability Management, Security Event Monitoring, Identity & Access Management, and Advanced Threat Protection.

 
What You’ll Do:

• Investigate reported security incidents and events, accurately assess business impact, and create action plans for remediation of risk
• Manage security applications, services, and platforms to differentiate between malicious and normal activity 
• Lead cybersecurity projects in support of corporate and departmental initiatives, setting project schedules and collaborating with internal stakeholders 
• Develop security metrics and scheduled reports in order to drive down security-related events and issues 
• Participate in the evaluation and implementation of new cybersecurity technologies and capabilities 
• Evaluate vendor and technology-related security bulletins and develop appropriate operational response 
• Provide level-3 support in troubleshooting cybersecurity  technology issues, engaging internal and/or vendor resources as necessary to resolve security issues and provide root cause analysis 
• Ensure services are delivered within security and compliance standards (SOX, PCI, GDPR) 
• Support continuous process improvement efforts to enhance services performance, stability, and costs  
• Document cybersecurity system architectures, policies, and procedures 
• Support the ongoing maintenance of a cybersecurity awareness program 
• Support development and implementation of effective and reasonable policies and practices to secure critical and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation 
• Support efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls  
• Work with Internal Audit, External Auditors, and outside consultants as appropriate on required security assessments and audits

The Qualifications:

• BS in related field or equivalent experience is required 
• Minimum of five years of experience in information security 
• 5+ years of experience with log aggregation, parsing, analysis, and monitoring to detect and alert on threat events 
• 5+ years of experience with security products such as endpoint security, vulnerability scanners, and network security appliances (e.g., firewalls, VPN, and proxies) 
• 5+ years of experience with Internet protocols, e.g., TCP/IP, UDP, DNS, SMTP, ICMP, etc.  
• 3+ years of experience implementing and managing cloud security solutions (e.g., AWS security services) 
• 5+ years of experience documenting Standard Operating Procedures, generating system diagrams, and writing executive-level reports 
• Certified Information Security Systems Professional (CISSP) certification or similar certification is preferred 
• Change management experience and Enterprise infrastructure experience 
• Excellent project management, written and oral communications skills 
• Knowledge of Sarbanes Oxley, ISO 27001, and PCI Data Security Standards, experience in how they apply to enterprise systems, and process of validation through external audits 
• Experience in hospitality, retail, or restaurant industries is preferred 
• Up to 25% travel

Physical Requirements:

• Ability to maintain stationary position to be able to operate a computer and other office equipment
• Must be able to identify, analyze and assess details
• For certain positions, must be able to occasionally move or transport items up to 50 pounds
• Ability to communicate with others and exchange information accurately and effectively
• Constantly positions self and move about to support ordinary restaurant or food production support or office operations, as applicable
• Ability to work in a constant state of alertness and in a safe manner  

What We Offer:  

• Competitive salary, plus bonus and long-term incentives* 
• Paid vacation, paid parental leave, plus paid opportunities to give back to the community*
• Health, Dental, Vision, Telemedicine, Pet Insurance plus more*
• 401k enrollment with CAVA contribution*
• Company-paid STD, LTD, Life and AD&D coverage for salaried positions*
• Free CAVA food
• Casual work environment
• The opportunity to be on the ground floor of a rapidly growing brand

*Indicates qualifying eligible positions only

CAVA – Joining “A culture, not a concept”

As an equal opportunity employer, CAVA considers applicants for all positions without regard to race, color, sex, religion, national origin, disability, age, height, weight, marital status, sexual orientation, familial status, genetic information or any other characteristic or protected classes as defined by federal, state, or local law.

Senior Cyber Security Analyst
At CAVA, we make it deliciously simple to eat well and feel good every day. We are guided by a Mediterranean heritage that’s been perfecting how to eat and live for four thousand years. We prioritize authenticity, curiosity and the pursuit of excellence in everything we do. We are working towards something big, together.

We foster a culture built on five core values: 

• Positivity – Every one of us can change someone’s day for the better.   
• Transparency –We use transparency to help us make decisions through open dialogue
• Humility – We can always find ways to improve.
• Fanaticism – We are passionate about the opportunity to turn every guest into a fanatic.
• Thoughtfulness –We go above and beyond for our guests, our teams and communities. 

The Role:
CAVA/Zoes Kitchen is seeking a Senior Cybersecurity Analyst who will provide ongoing Cybersecurity operations support for the combined IT infrastructure of Cava and Zoe’s Kitchen. As an analyst in the Cybersecurity organization, this role will be critical in safeguarding the critical assets for both the Enterprise and our customers.  

The Senior Cybersecurity Analyst will be responsible for supporting Network and Cloud Security, Compliance, Risk Management, Vulnerability Management, Security Event Monitoring, Identity & Access Management, and Advanced Threat Protection.

 
What You’ll Do:

• Investigate reported security incidents and events, accurately assess business impact, and create action plans for remediation of risk
• Manage security applications, services, and platforms to differentiate between malicious and normal activity 
• Lead cybersecurity projects in support of corporate and departmental initiatives, setting project schedules and collaborating with internal stakeholders 
• Develop security metrics and scheduled reports in order to drive down security-related events and issues 
• Participate in the evaluation and implementation of new cybersecurity technologies and capabilities 
• Evaluate vendor and technology-related security bulletins and develop appropriate operational response 
• Provide level-3 support in troubleshooting cybersecurity  technology issues, engaging internal and/or vendor resources as necessary to resolve security issues and provide root cause analysis 
• Ensure services are delivered within security and compliance standards (SOX, PCI, GDPR) 
• Support continuous process improvement efforts to enhance services performance, stability, and costs  
• Document cybersecurity system architectures, policies, and procedures 
• Support the ongoing maintenance of a cybersecurity awareness program 
• Support development and implementation of effective and reasonable policies and practices to secure critical and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation 
• Support efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls  
• Work with Internal Audit, External Auditors, and outside consultants as appropriate on required security assessments and audits

The Qualifications:

• BS in related field or equivalent experience is required 
• Minimum of five years of experience in information security 
• 5+ years of experience with log aggregation, parsing, analysis, and monitoring to detect and alert on threat events 
• 5+ years of experience with security products such as endpoint security, vulnerability scanners, and network security appliances (e.g., firewalls, VPN, and proxies) 
• 5+ years of experience with Internet protocols, e.g., TCP/IP, UDP, DNS, SMTP, ICMP, etc.  
• 3+ years of experience implementing and managing cloud security solutions (e.g., AWS security services) 
• 5+ years of experience documenting Standard Operating Procedures, generating system diagrams, and writing executive-level reports 
• Certified Information Security Systems Professional (CISSP) certification or similar certification is preferred 
• Change management experience and Enterprise infrastructure experience 
• Excellent project management, written and oral communications skills 
• Knowledge of Sarbanes Oxley, ISO 27001, and PCI Data Security Standards, experience in how they apply to enterprise systems, and process of validation through external audits 
• Experience in hospitality, retail, or restaurant industries is preferred 
• Up to 25% travel

Physical Requirements:

• Ability to maintain stationary position to be able to operate a computer and other office equipment
• Must be able to identify, analyze and assess details
• For certain positions, must be able to occasionally move or transport items up to 50 pounds
• Ability to communicate with others and exchange information accurately and effectively
• Constantly positions self and move about to support ordinary restaurant or food production support or office operations, as applicable
• Ability to work in a constant state of alertness and in a safe manner  

What We Offer:  

• Competitive salary, plus bonus and long-term incentives* 
• Paid vacation, paid parental leave, plus paid opportunities to give back to the community*
• Health, Dental, Vision, Telemedicine, Pet Insurance plus more*
• 401k enrollment with CAVA contribution*
• Company-paid STD, LTD, Life and AD&D coverage for salaried positions*
• Free CAVA food
• Casual work environment
• The opportunity to be on the ground floor of a rapidly growing brand

*Indicates qualifying eligible positions only

CAVA – Joining “A culture, not a concept”

As an equal opportunity employer, CAVA considers applicants for all positions without regard to race, color, sex, religion, national origin, disability, age, height, weight, marital status, sexual orientation, familial status, genetic information or any other characteristic or protected classes as defined by federal, state, or local law.