Engineer, Info Security I

About Performance Food Group Company

Built on the many proud histories of our family of companies, Performance Food Group is a customer-centric foodservice distribution leader headquartered in Richmond, Virginia. Grounded by roots that date back to a grocery peddler in 1885, PFG today has a nationwide network of approximately 75 distribution centers, 15,000-plus talented associates and more than 5,000 valued suppliers across the country. With the goal of helping our customers thrive, we market and deliver quality food and related products to over 150,000 locations including independent and chain restaurants, schools, business and industry locations, healthcare facilities, vending distributors, office coffee service distributors, big box retailers and theaters. Building strong relationships is core to PFG’s success – from connecting associates with great career opportunities to connecting valued suppliers and quality products with PFG’s broad and diverse customer base. To learn more about PFG and our divisions, Performance Foodservice, PFG Customized and Vistar, visit

Job Description

Do you want to work in a rapidly growing, Fortune 100 company as part of their Information Security program? Do you obsess about applying identity and access context to workers to ensure they have the right access, to the right things, at the right time? Do you want to work as a key member of a comprehensive security apparatus, whose capabilities have direct board-level visibility?

PFG is looking for a talented technical engineer to enable it’s Identity and Access Management (IAM) program with a combination of people, process, and technology, at a time where the company is experiencing exponential growth and taking on numerous technology transformation initiatives. Identity and Access Management capabilities are a key enabler of Cloud Transformation, Secure Modern Workforce, and acquisition integration initiatives, and require a skilled technical resource to implement and manage PFG’s Identity Governance and Administration (IGA) solution and associated processes.

The Information Security Engineer I will facilitate the tactical advancement of our IAM program by expanding and growing our IGA platform from the ground up, and serves as the core of administration and support activities. As part of the broader Information Security organization, this role will participate as a member of a multidisciplined information security team, applying fundamental systems security understanding, skills, expertise, to maintain and operate complex information systems and security tools.

Provide input to the IAM roadmap as it pertains to our current solution technologies, as well as future technologies, and align priorities to support the roadmap realization.

Provide engineering solutions to the identity governance administration program, specifically familiar with SailPoint IdentityNow features (provisioning, certifications, separation of duties) and related processes (joiner/mover/leaver, periodic access reviews), offering subject matter expertise where relevant

Document, establish, and improve security services related to identity and access management initiatives to improve our broader security posture, demonstrated by metrics and KPIs

Drive IAM initiatives to improve our broader security posture, demonstrated by metrics and KPIs

Provide hands-on support, as needed, to initiatives related to our IAM solution technologies. May be required to provide after hours support on occasion.

Engage in continuous technology improvement, process improvement, and quality control

Owns the relevant documentation, including those associated solution design, operation, and training required for IAM initiatives and routinesLeverages data to drive decision making and advocates for security throughout the peer groups, partners, and end users

Execute training for other support team members (Level 1), as well as backup engineering/administration resources on the utilization and reporting functionality of Sailpoint IdentityNow productAddresses ticket queue in timely fashion and follows appropriate change management procedures

Establishes, maintains or contributes to systems architecture standards (e.g. physical/logical reference architecture, Zero Trust frameworks/architecture), as well as supports the assessment and authorization for new and existing systems. Maintains the ability to troubleshoot problems, perform root cause analysis, and be considered a subject matter expert for capabilities/systems

Leads engineering team members, serves as product/service owner, and mentors others both within and outside of their direct reporting line
Intimately understands, applies, and interprets the Enterprise Information Security Policy in all aspects of technologies, processes for which they are responsible, as well as educates, influences, or requires the compliance of others in alignment thereto

Performs other related duties as assigned.

Required Qualifications

Associates/2-Year Technical

3 – 5 Years Experience working with the following

Foundational understating of and application of network (LAN, WAN, Perimeter) concepts and security best practices, OSI model, DNS
– • Demonstrated experience in engineering and administering identity governance administration (IGA) solutions, particularly SailPoint (IdentityNow), and the relevant controls related to cybersecurity and assurance/compliance
– Extensive knowledge of identity and access management concepts, Authentication/Access Control (Single Signon, Federation, Conditional Access, Multifactor Authentication, Authorization (Role Based Access), identity lifecycle management
– Working knowledge of LDAP/Active Directory, Azure Active Directory and relevant IT Identity and Access Management systems architecture
– Foundational understanding of IT security and assurance mandates/frameworks such as: Sarbanes-Oxley, CobIT, ISO 27001, NIST 800-53
– Able to conduct qualitative and quantitative analysis of large and complex data sets, correlating data to identify patterns, anomalies, issues and insights. Understands how to measure performance using data
– Experienced with desktop application and associated analytic/reporting utilities (MS Excel, MS Power BI, Cognos)
– Working knowledge of Cloud Security/IAM concepts and tools, API security/management, Cloud Entitlement Management, specifically within Microsoft Azure/Azure Active Directory
– Working understanding and application of advanced security and infrastructure concepts and practices, specifically Zero Trust, DevSecOps, Software defined Infrastructure
– Proficient project management skills
– Strong written and verbal communication skills
– Strong MS Office skills (specifically PowerPoint, Word, Excel, Visio)
-Demonstrated high level of analytical and problem solving skills Understanding of security concepts/disciplines applied in contemporary IT deployment models and technologies; cloud (IaaS, PaaS, SaaS), microservices, APIs, SD-WAN, IAC
– Demonstrated experience in managing teams and mentoring individuals, serving as a leader in a matrixed environment and without reporting authority
– Demonstrated high level of analytical and problem solving skills
– Excellent written and verbal communication skills

Preferred Qualifications


5 – 7 Years

– Working knowledge of Privileged Access Management concepts, controls, and tools, specifically Cyberark, a plus
– Familiarity with scripting languages (i.e., PowerShell, etc.) a plus
– Experience working with APIs, specifically RESTful APIs, and familiarity with service-oriented architecture and web services integration (SOAP, WSDL, REST) a plus
– Knowledge of web technologies (XML, HTML, SPML/SOAP, etc.), PowerShell, SaaS applications, network operations (networks and email protocols) a plus


Performance Food Group

Job Category

Information Systems

Req Number


EEO Statement

Performance Food Group and/or its subsidiaries (individually or collectively, the “Company“) provides equal employment opportunity (EEO) to all applicants and employees, regardless of race, color, national origin, sex, marital status, pregnancy, sexual orientation, gender identity, religion, age, disability, genetic information, veteran status, and any other characteristic protected by applicable local, state and federal laws and regulations. Please click on the following links to review: (1) our EEO Policy; (2) the “EEO is the Law” poster and supplement; and (3) the Pay Transparency Policy Statement.

More Information

Apply for this job

Leave your thoughts