Sr. Info Security Engineer/data Security

Information Security Engineer

AutoNation is one of the largest automotive retailers in the United States, offering innovative products, exceptional services, and comprehensive solutions, empowering our customers to make the best decisions for their needs. With a network of dealerships nationwide strengthened by a recognized brand, we offer a wide variety of new and used vehicles, customer financing, parts, and provide expert maintenance and repair services. Through DRV PNK, we have raised over $40 million for cancer-related causes, demonstrating our commitment to making a positive difference in the lives of our Associates, Customers, and the communities we serve. So what do you say? Are you ready to be part of something big?

Primary Job Responsibilities:

• Managing and supporting application/code scanning tools and process.
• Knowledge in application security vulnerability identification, validation and remediation tracking.
• Identifying and validating application vulnerabilities.
• Working with application development teams to validate and remediate application and API vulnerabilities.
• Working with business and development teams and monitoring cloud resources to ensure security requirements and standards are met.
• Cloud security incident response handler, recommending security best practices, implementing and overseeing security compliance.
• Responding to Cloud Security events, managing web application firewall rules, creating rules and policies to address immediate security threats and developing and implementing rules based on current and anticipated security threats.
• Monitoring and managing cloud security resource utilization.
• Managing and supporting cloud security tools both preventive and detective.
• Developing and recommending cloud security standards.

Additional Responsibilities:

• Supporting security operations activities responding to general security alerts, participating in on call schedule, and supporting security tools.
• Analyzing logs, identifying, recommending, and improving current logging requirements.
• Assisting in evaluating, planning, configuration, and implementation of new/existing security applications/tools.
• Configuring, implementing, monitoring, and supporting security software/systems that will help ensure compliance with regulatory, industry, and corporate policies and procedures. This includes but is not limited to Intrusion Detection System/Intrusion Prevention System (IDS/IPS), secure file transfer, Data Loss Prevention (DLP), full disk encryption, firewall rule assessments, log management/correlation, secure password storage/retrieval, application whitelisting, vulnerability management, threat hunting, etc.
• Utilizing Endpoint Detection and Response (EDR) and Anti-Virus solutions deployed within the environment.
• Identifying security threats and provide recommendations and remediation steps.
• Demonstrate behaviors consistent with the Company's Vision, Mission, and Values in all interactions with customers, co-workers, and suppliers.
• Adheres to all company policies, procedures, and safety standards.

Experience:

• 3-5 year’s relevant experience, cloud security in Information Security in medium to large organizations.
• 2-3 years’ experience working with application development and cloud environments a plus.
• Application development, API knowledge, code review required.
• Experience working with OWASP vulnerabilities.
• Experience with Azure/AWS Cloud Security and related tools like application WAF, cloud alert aggregation, Azure Security Center et al.
• Application WAF configuration and management a plus.
• Experience working with Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) a plus.
• Creating and maintaining data security documentation, policies, and procedures.
• Experience working in a Security Operations Center (SOC) / alerts handler preferred.

Additional Qualifications:

• BS. Degree required in Computer Science, Information Technology, or related field of study, or any equivalent combination of relevant background, skills and experience.
• One or more security certifications such as CFCE, CCE, CSFA, CISSP, CISA, SANS GIAC, or relevant security certification(s) preferred. Additional technology certifications such as MCSE, CCNA/CCNP, PMP, etc. a plus.
• Hands-on experience with two or more of the following: data loss prevention technologies, incident response and remediation, network security services, ethical hacking and vulnerability scanning, firewall, application code scanning and intrusion detection technologies.
• Strong analytical, prioritizing, interpersonal, problem-solving, and presentation, project management (from conception to completion) and planning skills.
• Strong verbal and written communication skills.
• Strong negotiation/mediation skills.
• Demonstrated collaborative skills and ability to work well within a team.
• Ability to work in a fast-paced and deadline-oriented environment.
• Self-motivated with critical attention to detail, deadlines and reporting.
• High degree of proficiency MS Office Suite, Outlook & Internet applications.

Exciting Benefits and Perks Await You:

• Competitive compensation and 401k matching
• Enjoy a healthy work-life balance with insurance plans (health, dental, vision) and maternity benefits.
• Associate purchase and discount programs for new and pre-owned vehicles, services, parts, collision, accessories, and AutoGear
• Access amazing deals and discounts through YouDecide, a website with offers from top providers and retailers
• Join our DRVPNK mission to raise and donate millions of dollars to cancer research and treatment, partnering with cancer charities nationwide

AutoNation is committed to creating a diverse, equitable, and inclusive environment in our workplace and the services we provide. We welcome candidates from all backgrounds who are passionate about making a positive impact. Even if you do not meet every requirement, we encourage you to apply. Join our team and help us foster a culture of belonging while contributing to our revolutionary work in the automotive industry. We value innovation, teamwork, and a commitment to making a positive impact in the world.