Information Security Engineer

Dealership:

Information Security Engineer

The Information Security Engineer is responsible for a complex and diverse portfolio of Asset Security, Cybersecurity and Risk Management focused activities. This role will be focused on long-term workstream delivery and the development of new technology solutions. Assignments may require a level of self-management and ability to collaborate with large teams and may incorporate one or many locations. This includes working autonomously with minimal supervision whilst conducting high volumes of risk analyses and reporting accurate and relevant risks to the appropriate constituents

The Information Security Engineer reports to the Information Security Manager.

Position Overview

Area of Responsibility

• Information Security Infrastructure Projects and workstreams
• Work closely and collaboratively with a wide audience of Lithia team members to gather requirements and perform discovery for large-scale infrastructure roadmap projects
• Help drive technical implementations, coordinate complex change controls and implement technical configurations on security tool
• Provide tier 2 troubleshooting support for issues and challenges that arise as part of the projects
• Monitor, assess and re-calibrate tools post-implementation to optimize the environment
• Information Security Operations
• Use technology tools to monitor logical environments for security events and respond in a timely fashion.
• Follow runbooks to assess security alerts and events and perform initial security threat investigations.
• Perform threat hunting activities in order to better understand alerts by correlating events across all systems and technologies.
• Collaborate with key resources to ensure that alerts are optimized.
• Communicate with in-house physical security specialists, digital forensic examiners/data breach experts, network engineers, system engineers and Web application engineers to action specific security risk issues in more depth as required.
• Help evaluate reported security incidents through ticketing queue and escalate issues as needed.
• Take initial mitigation actions to reduce risk exposures.
• Help to provide root cause analysis of critical security events and contribute to continuous improvement of existing processes.

Additional Qualifications

The following knowledge, skills and abilities are needed to be successful in this position:

• 3+ years of relevant information technology experience
• Ability to demonstrate passion, enthusiasm and depth of knowledge about cyber security and data protection
• Strong attention to detail
• Excellent communication skills both written and oral
• Active Listening – give full attention to the words and body language of others, take time to understand the points being made and ask questions as appropriate
• Critical Thinking – using logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions or approaches to problems.
• Time Management – ability to prioritize workload and manage one’s own time

• Ability to be resourceful, creative and flexible
• Knowledge of vulnerabilities in various operating systems, databases and networks in relation to hardening, configuration, deployment and administration highly desirable
• Ability to manage processes and associate relationships in multiple locations
• Ability to work independently towards goals
• Business, computer, or related technical degree from an accredited institution highly preferred
• CISSP, CISM, CISA, CEH, CEPT, PCI QSA, GIAC or similar relevant information security certifications highly preferred
• Experience of IDS/IPS, NextGen and applications firewalls, VPN, DLP, data encryption, SIEM, vulnerability assessment and penetration testing, Windows / Linux and database security highly desirable
• Demonstrate self-confidence, energy and enthusiasm
• Excellent oral, written, interpersonal, and communication skills required
• Experience with common information security management frameworks, such as ISO27001/27002, HIPAA, PCI, FISMA, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) highly desirable
• Manage time well, correctly prioritizing tasks
• Must meet performance standards
• Present ideas, expectations and information in a concise, well-organized way
• Proven ability to plan, test, and implement security controls
• Proven ability to share knowledge, resolves conflict, create consensus, and lead complex projects
• Relevant network administration, information security or technical IT audit experience required; consulting experience strongly preferred
• Travel required based on client requests/commitments.

Proficiency Standards

• Integrity - Acts ethically, maintaining a commitment to honesty and truth in all facets of behavior that builds the trust of others
• Work Ethic - Delivers accurate, timely and consistent results while understanding the need to balance short-term sacrifice for long-term gain
• Team Player - Supports the overall efforts of the team to accomplish departmental and Company goals and objectives
• Team Builder - Acts as a role model within the department in all facets of assigned job duties, while effectively providing feedback to team members and earning respect as a leader

Physical Demands & Working Conditions

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of the job. Reasonable accommodations may be made to enable individuals to perform the essential functions.

• Physical Demands: Standing, walking over 1/3 of the time, sitting to 2/3 of time, kneeling/crouching to 2/3 of time, reaching with hands and arms to 2/3 of time, talking or hearing over 2/3 of time; move, transport or place up to 1/3 of time up to 25 pounds
• Working Conditions:  Indoor office environment, considerable use of telephone, computer and other office equipment

Lithia Hiring Requirements

• High school graduate or equivalent.
• 18 years or older
• Possess an acceptable driving record and valid driver’s license in state of residence
• A criminal history background check will be conducted prior to beginning employment
• Clear pre-employment drug screen

NOTE:  This job description applies only to the specific employing entity and location of an individual’s employment. This is not necessarily an exhaustive list of responsibilities, skills, duties, requirements, efforts or working conditions associated with the job.  While this list is intended to be an accurate reflection of the current job, the company reserves the right to revise the functions and duties of the job or to require that additional or different tasks be performed when circumstances change (i.e., emergencies, changes in personnel, workload, rush jobs, or technological developments).