Lead Cyber Security Engineer

Join Team CARFAX as a Lead Cyber Security Engineer

When was the last time you bragged about where you work? At CARFAX, we do it every day. Why? Because we’re proud to work for a company with a strong mission and trusted brand. We’re proud to work with people who care about what they do and work hard every day to deliver their best. And just announced, the return of the 4-day work week from Memorial Day through Labor Day! We’ve created the type of company culture where the term, “work life balance” isn’t just a catchy saying, it’s part of the #CARFAXdifference!

The Lead Cyber Security Engineer role will play a pivotal role in safeguarding our organization’s information systems, networks, and data assets from cyber threats. The successful candidate will lead a team of talented security professionals, implement robust security measures, and contribute to the development and enhancement of our overall cybersecurity strategy.

As a Lead Cyber Security Engineer, you will:

· Lead a team of security engineers and oversee the foundational security team functions.

· Develop and implement security strategies and policies to protect the organization's assets.

· Serve as a subject matter expert and provide expertise on topics related to cyber security.

· Lead the team in responding to and mitigating security incidents (ex. threat hunting, event analysis, investigations, post-incident analysis, etc.)

· Mentor team members, ensuring continuous skill development and providing technical guidance.

· Enhance enterprise security posture to better protect against attacks and detect new threat vectors.

· Conduct detailed assessments of systems, applications, and infrastructure to ensure they are appropriate, secure, and defensible based on least privilege.

· Assess and analyze security risks, recommending and implementing measures to mitigate identified risks.

· Monitor the general security landscape and stay up-to-date with emerging security threats and technologies.

· Develop and deliver cybersecurity training programs for employees, promoting a security-conscious culture throughout the organization.

· Self-organize and prioritize activities independently.

· Create and maintain documentation and perform status reporting.

· Build working relationships with business and operational units across the organization and collaborating with external partners and vendors as needed.

To be considered for this role, you will need:

· Bachelor of Science degree in Computer Science, Information Assurance, or a related field with a minimum of 5-7 years hands on experience in a security engineering role.

· Preference for CISSP, CISM, Security +, CEH, CCSP or related certification.

· Strong leadership and management skills to oversee a team of security engineers.

· Strategic thinking and planning skills to develop security strategies and policies.

· Excellent communication skills to work with senior management and other stakeholders.

· Experience with managing security projects and budgets.

· Ability to mentor and develop junior engineers.

· In-depth experience coordinating Incident Response and forensics activities.

· Knowledge of security operations concepts such as perimeter defense, data loss protection, insider threat, kill-chain analysis, risk assessment, common security frameworks, Multi-Factor Authentication solutions (Okta, Auth0) and VPN architecture.

· Extensive experience with EDR, SIEM and Vulnerability Management solutions

· Experience with Identity and Access Management (IAM) and Privileged Access Management (PAM) solutions

· System hardening experience utilizing industry benchmarks (ex. CIS/DISA STIG)

· Experience with network security technologies (network firewalls, WAFs, VPC security)

· Working knowledge of security tools/languages including NMAP, Nessus, Kali Linux, Python, etc.

Highly preferred to have:

· Experience with various virtualization and cloud technologies including on-prem virtualization, SaaS, PaaS, & IaaS.

· Experience with zero-trust or similar solutions

· Experience with web application security and penetration testing

· Experience with both Windows & Linux based operating systems.

· Experience with conducting firewall reviews, including firewall rule audits and risk assessments.

· Knowledge of risk management and NIST Cybersecurity Framework controls

· Working knowledge with automation and monitoring platforms

· Experience operating security training and awareness programs

About CARFAX

CARFAX, part of S&P Global Mobility, helps millions of people every day confidently shop, buy, service and sell used cars with innovative solutions powered by CARFAX vehicle history information. The expert in vehicle history since 1984, CARFAX provides exclusive services like CARFAX Used Car Listings, CARFAX Car Care, CARFAX History-Based Value and the flagship CARFAX® Vehicle History Report™ to consumers and the automotive industry. CARFAX owns the world’s largest vehicle history database and is nationally recognized as a top workplace by The Washington Post and Glassdoor.com. Shop, Buy, Service, Sell – Show me the CARFAX™. S&P Global Mobility is a division of S&P Global (NYSE: SPGI). S&P Global is the world’s foremost provider of credit ratings, benchmarks, analytics and workflow solutions in the global capital, commodity and automotive markets.

CARFAX is an Affirmative Action/Equal Opportunity Employer. It is the policy of CARFAX to provide equal employment opportunity to all persons regardless of race, color, sex, pregnancy, religion, national origin, age, ancestry, citizenship status, veteran status, military status, disability or handicap, sexual orientation, genetic information or any other status protected by federal, state or local law. In addition, CARFAX will provide reasonable accommodations for qualified individuals with disabilities. We maintain a drug-free workplace. We are a participant in E-Verify.