Information / Cyber Security, Professional 2

Position Summary:

The Information Security Engineer is part of the Cybersecurity Operations team and will be responsible for maintaining and administrating Splunk environment consisting of search heads, indexers, deployment servers, heavy/universal forwarders, and Splunk Enterprise Security, The Engineer should be proficient with recognizing and onboarding new data sources into Splunk, analyzing the data for anomalies and trends, and building dashboards highlighting the key trends of the data. The Splunk engineer should be proficient within a Linux environment, editing and maintaining Splunk configuration files and apps.



In addition to supporting the SIEM environment, The Information Security Engineer’s responsibilities include managing Security Operations Center (SOC) alerts which includes, ensuring appropriate log sources are being captured by the SIEM, assign and track to closure, and tuning alerts.

Job Responsibilities include:

• Ability to develop technical proficiencies in cyber security competencies and tools like EDR, AV, security vulnerabilities validation, web proxy, incident response etc.
• Maintain and fully support Security Operations tools, policies and procedures.
• Work within SecOps team to support, maintain and enhance current SIEM solution.
• Maintain and improve current logging and alerting.
• Support security operations activities responding to alerts, participating in on call schedule, owning and supporting security tools.
• Investigate security events and potential threats to the organization and employees.
• Analyze logs, identify, recommend, and improve current logging requirements.
• Identify external threats and make security recommendations.
• Make recommendations to management on enhancements to existing and new security hardware, software or related tools. Assist in evaluating, planning, configuration, and implementation of new/existing security applications/tools.
• Perform risk analysis for corporate functional and technical areas relevant to data security.
• Configure, implement, monitor, and support security software/systems that will help ensure compliance with regulatory, industry, and corporate policies and procedures. This includes but is not limited to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) (Host/Network/Wireless), secure file transfer, Data Loss Prevention (DLP), full disk encryption, firewall rule assessments, log management/correlation, secure password storage/retrieval, application whitelisting, vulnerability management, threat hunting, etc.
• Manage Endpoint Detection and Response (EDR) and Anti-Virus solutions deployed within the environment.
• Identify security threats and provide recommendations and remediation steps.

Experience

• 3-5 years' experience working in a Security Operations Center (SOC) / alerts handler
• Experience working in and supporting a SIEM environment
• Experience with Windows servers
• Experience with Linux servers a plus.
• Experience with cloud storage configurations and capabilities a plus.
• Experience with syslog-NG
• Experience with regular expression
• Knowledge of Python
• Splunk Enterprise Security Experience Preferred
• Experience triaging and tuning security alerts
• Experience investigating security events
• Demonstrate behaviors consistent with the Company’s Vision, Mission, and Values in all interactions with customers, co-workers, and suppliers.
• Adheres to all company policies, procedures, and safety standards

Qualifications:

• B.S. Degree preferred in Computer Science, Information Technology, or related field of study; or any equivalent combination of relevant background, skills and experience.
• Strong analytical, prioritizing, interpersonal, problem-solving, and presentation, project management (from conception to completion) and planning skills
• Strong verbal and written communication skills.
• Strong negotiation/mediation skills.
• Demonstrated collaborative skills and ability to work well within a team.
• Ability to work in a fast-paced and deadline-oriented environment.
• Self-motivated with critical attention to detail, deadlines and reporting.

Exciting Benefits and Perks Await You:

• Competitive compensation and 401k matching

• Enjoy a healthy work-life balance with insurance plans (health, dental, vision) and maternity benefits.

• Associate purchase and discount programs for new and pre-owned vehicles, services, parts, collision, accessories, and AutoGear

• Access amazing deals and discounts through YouDecide, a website with offers from top providers and retailers

• Join our DRVPNK mission to raise and donate millions of dollars to cancer research and treatment, partnering with cancer charities nationwide

AutoNation is one of the largest automotive retailers in the United States, offering innovative products, exceptional services, and comprehensive solutions, empowering our customers to make the best decisions for their needs. With a network of dealerships nationwide strengthened by a recognized brand, we offer a wide variety of new and used vehicles, customer financing, parts, and provide expert maintenance and repair services. Through DRV PNK, we have raised over $40 million for cancer-related causes, demonstrating our commitment to making a positive difference in the lives of our Associates, Customers, and the communities we serve.

AutoNation is committed to creating a diverse, equitable, and inclusive environment in our workplace and the services we provide. We welcome candidates from all backgrounds who are passionate about making a positive impact. Even if you do not meet every requirement, we encourage you to apply. Join our team and help us foster a culture of belonging while contributing to our revolutionary work in the automotive industry. We value innovation, teamwork, and a commitment to making a positive impact in the world.