Senior Security Engineer
The Senior Security Engineer conducts complex security related assessments as part of Genuine Parts Company (GPC) Information Security program and processes. The Cyber Center is the primary point of contact for all emergencies and security incidents. The Senior Security Engineer will be responsible for coordinating and communicating a timely and appropriate response impacting the GPC customers and all relevant stakeholders.
- Perform as a Leader for Security Engineering.
- Act as technical hands-on lead for Security Engineering/Operational Projects.
- Assist CSIRT Manager in all security incidents and subsequent reporting
- Assess and modify procedures to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access, modification or destruction.
- Writes network security reports and make recommendations.
- Ensures compliance with organizational security rules and standards.
- Prioritize remediation of gaps based on internal and external audits
- Prepares compliance reports by collecting, analyzing, and summarizing data
- Assist with monitoring and auditing of information systems activities and systems to confirm information security policy compliance and provide management with security policy compliance assessments and system monitoring reports
- Work with stakeholders to provide security solutions that support their business requirements
- Identify, develop, and implement mechanisms to detect security incidents in order to enhance compliance with and support of security standards and procedures in place.
- Conduct security risk assessments on new products and systems, periodic security risk assessments on existing systems and identify and/or recommend appropriate security countermeasures and best practices
- Respond to discovered security incidents by informing appropriate custodians, determining root cause, and identifying and executing remedial actions (if necessary) required to re-establish respective information system security
- Coordinate activities or engagements with loss prevention, interact with legal and law enforcement as required
- Bachelor Degree) in Computer Science, Engineering or related discipline with 5+ years of experience
- Minimum of 10 years of information systems security or related auditing experience
- Preferred certifications: CISSP, CEH, GSEC
- Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers, using appropriate language, examples, and tone
- Strong analytical, technical, and problem-solving skills
- Ability to work effectively, independent of assistance or supervision
- Innovative, creative, and extremely responsive, with a strong sense of urgency
- Willing to share knowledge and assist others in understanding technical and business topics
- Willingness to work outside of regular business hours as required which can include evenings, weekends and holidays
- Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling)
- Working knowledge at a Network Security Engineering level with Firewall, F5 ASM, Proxy, and NAC (ISE) experience.
- Working knowledge of protocols and technologies such as TCP, UDP, SSL/TLS, SFTP, SMTP, DNS, DHCP.
- At least one technical certification related to a major platform (Microsoft, Cisco, F5, Etc.)
- Ability to interpret information security data and processes to identify potential compliance issues
- Ability to quickly understand security systems in order to identify and validate security requirements
Preferred skills and capabilities
- Cloud security & architecture experience with most major cloud providers.
- Experience with performing vulnerability scans and assessments as well as computer forensics
- Familiarity with Governance Risk and Compliance models.
- Security Information and Event Management experience. (SIEM).
- A solid understanding of various firewalls, with actual experience in design, installation, configuration, and operation
- Knowledge of network protocols, data flows, and vulnerabilities within a TCP/IP environment
- Ability to perform network protocol analysis and raw data capture
- A solid understanding and knowledge of LDAP
- Knowledge of OWASP, ISO 27001/2, PCI-DSS
- Self-motivated, self-directed and shows attention to detail while working
- Works ethically and with integrity supporting organizational goals and values
- Displays commitment to excellence
- Completes work in a timely manner and meets deadlines
- Contributes to building a positive team spirit and treats others with respect
- Maintains confidentiality of information and uses information appropriately
- Exhibits sound judgment when making decisions and recommendations
- Fosters collaboration toward a common vision and shared goals
GPC believes the fair and equitable treatment of employees, customers, suppliers and other persons is critical to fulfilling its vision and goals. GPC conducts its business without regard to sex, race, creed, color, religion, marital status, national origin, age, pregnancy, sexual orientation, gender identity, genetic information, disability, military status, status as a veteran, or any other protected characteristic. GPC’s policy is to recruit, hire, train, promote, assign, transfer and terminate employees based on their own ability, achievement, experience and conduct and other legitimate business reasons