AutoNation
Overview
Sr. Info Security Engineer/Data Security
position at
AutoNation
offers an opportunity to join the security operations team supporting security tools and technologies used to investigate and respond to security alerts. The role focuses on data security tools and strategy, remediation with data owners, and development of proactive and detective controls related to structured and unstructured data. Position Summary
The Information (Data) Security Engineers’ primary responsibilities include overseeing and supporting data security tools and strategy, working with data owners to remediate and validate remediation was successfully completed. The role involves recommending and overseeing structured and unstructured data security best practices and developing proactive and detective controls. This position supports SOC tickets and investigations, ensuring thorough documentation, tracking, and closure. Primary Job Responsibilities
Managing and supporting application/code scanning tools and processes. Knowledge in application security vulnerability identification, validation and remediation tracking. Identifying and validating application vulnerabilities. Working with application development teams to validate and remediate application and API vulnerabilities. Collaborating with business and development teams and monitoring cloud resources to ensure security requirements and standards are met. Cloud security incident response handler, recommending security best practices, implementing and overseeing security compliance. Responding to cloud security events, managing web application firewall rules, creating rules and policies to address threats and developing rules based on current and anticipated threats. Monitoring and managing cloud security resource utilization. Managing and supporting cloud security tools, both preventive and detective. Developing and recommending cloud security standards. Additional Responsibilities
Supporting security operations activities, responding to general security alerts, participating in on-call schedule, and supporting security tools. Analyzing logs, identifying, recommending, and improving current logging requirements. Assisting in evaluating, planning, configuration, and implementation of security applications/tools. Configuring, implementing, monitoring, and supporting security software/systems to ensure compliance with regulatory, industry, and corporate policies. Includes IDS/IPS, secure file transfer, DLP, full disk encryption, firewall rule assessments, log management/correlation, secure password storage/retrieval, application whitelisting, vulnerability management, threat hunting, etc. Utilizing Endpoint Detection and Response (EDR) and anti-virus solutions. Identifying security threats and providing recommendations and remediation steps. Demonstrating behaviors consistent with the company’s Vision, Mission, and Values. Adhering to all company policies, procedures, and safety standards. Experience
3-5 years of relevant experience in cloud security within information security in medium to large organizations. 2-3 years of experience working with application development and cloud environments is a plus. Application development, API knowledge, and code review required. Experience working with OWASP vulnerabilities. Experience with Azure/AWS cloud security and related tools (e.g., WAF, cloud alert aggregation, Azure Security Center). WAF configuration and management a plus. Experience with SIEM and SOAR is a plus. Creating and maintaining data security documentation, policies, and procedures. Experience in a Security Operations Center (SOC) / alerts handler preferred. Additional Qualifications
BS degree in Computer Science, Information Technology, or related field, or equivalent experience. Security certifications such as CISSP, CISA, GIAC, CFCE, CCE, CSFA, or equivalent; additional tech certifications (MCSE, CCNA/CCNP, PMP) are a plus. Hands-on experience with two or more of: data loss prevention, incident response and remediation, network security services, ethical hacking and vulnerability scanning, firewall, application code scanning, and intrusion detection technologies. Strong analytical, prioritization, interpersonal, problem-solving, project management, and communication skills. Ability to work in a fast-paced, deadline-oriented environment; self-motivated with attention to detail and reporting. Proficiency with MS Office Suite, Outlook, and Internet applications. Benefits And Perks
Competitive compensation and 401k matching. Health, dental, and vision insurance, maternity benefits, and work-life balance amenities. Associate purchase/discount programs for vehicles, services, parts, collision, and AutoGear; YouDecide discounts for offers from providers. DRVPNK mission to raise and donate to cancer research and treatment. AutoNation is committed to creating a diverse, equitable, and inclusive environment. We welcome candidates from all backgrounds who are passionate about making a positive impact. Even if you do not meet every requirement, we encourage you to apply. We value innovation, teamwork, and a commitment to making a positive impact in the automotive industry.
#J-18808-Ljbffr
Sr. Info Security Engineer/Data Security
position at
AutoNation
offers an opportunity to join the security operations team supporting security tools and technologies used to investigate and respond to security alerts. The role focuses on data security tools and strategy, remediation with data owners, and development of proactive and detective controls related to structured and unstructured data. Position Summary
The Information (Data) Security Engineers’ primary responsibilities include overseeing and supporting data security tools and strategy, working with data owners to remediate and validate remediation was successfully completed. The role involves recommending and overseeing structured and unstructured data security best practices and developing proactive and detective controls. This position supports SOC tickets and investigations, ensuring thorough documentation, tracking, and closure. Primary Job Responsibilities
Managing and supporting application/code scanning tools and processes. Knowledge in application security vulnerability identification, validation and remediation tracking. Identifying and validating application vulnerabilities. Working with application development teams to validate and remediate application and API vulnerabilities. Collaborating with business and development teams and monitoring cloud resources to ensure security requirements and standards are met. Cloud security incident response handler, recommending security best practices, implementing and overseeing security compliance. Responding to cloud security events, managing web application firewall rules, creating rules and policies to address threats and developing rules based on current and anticipated threats. Monitoring and managing cloud security resource utilization. Managing and supporting cloud security tools, both preventive and detective. Developing and recommending cloud security standards. Additional Responsibilities
Supporting security operations activities, responding to general security alerts, participating in on-call schedule, and supporting security tools. Analyzing logs, identifying, recommending, and improving current logging requirements. Assisting in evaluating, planning, configuration, and implementation of security applications/tools. Configuring, implementing, monitoring, and supporting security software/systems to ensure compliance with regulatory, industry, and corporate policies. Includes IDS/IPS, secure file transfer, DLP, full disk encryption, firewall rule assessments, log management/correlation, secure password storage/retrieval, application whitelisting, vulnerability management, threat hunting, etc. Utilizing Endpoint Detection and Response (EDR) and anti-virus solutions. Identifying security threats and providing recommendations and remediation steps. Demonstrating behaviors consistent with the company’s Vision, Mission, and Values. Adhering to all company policies, procedures, and safety standards. Experience
3-5 years of relevant experience in cloud security within information security in medium to large organizations. 2-3 years of experience working with application development and cloud environments is a plus. Application development, API knowledge, and code review required. Experience working with OWASP vulnerabilities. Experience with Azure/AWS cloud security and related tools (e.g., WAF, cloud alert aggregation, Azure Security Center). WAF configuration and management a plus. Experience with SIEM and SOAR is a plus. Creating and maintaining data security documentation, policies, and procedures. Experience in a Security Operations Center (SOC) / alerts handler preferred. Additional Qualifications
BS degree in Computer Science, Information Technology, or related field, or equivalent experience. Security certifications such as CISSP, CISA, GIAC, CFCE, CCE, CSFA, or equivalent; additional tech certifications (MCSE, CCNA/CCNP, PMP) are a plus. Hands-on experience with two or more of: data loss prevention, incident response and remediation, network security services, ethical hacking and vulnerability scanning, firewall, application code scanning, and intrusion detection technologies. Strong analytical, prioritization, interpersonal, problem-solving, project management, and communication skills. Ability to work in a fast-paced, deadline-oriented environment; self-motivated with attention to detail and reporting. Proficiency with MS Office Suite, Outlook, and Internet applications. Benefits And Perks
Competitive compensation and 401k matching. Health, dental, and vision insurance, maternity benefits, and work-life balance amenities. Associate purchase/discount programs for vehicles, services, parts, collision, and AutoGear; YouDecide discounts for offers from providers. DRVPNK mission to raise and donate to cancer research and treatment. AutoNation is committed to creating a diverse, equitable, and inclusive environment. We welcome candidates from all backgrounds who are passionate about making a positive impact. Even if you do not meet every requirement, we encourage you to apply. We value innovation, teamwork, and a commitment to making a positive impact in the automotive industry.
#J-18808-Ljbffr