Primary Responsibilities - Help lead a team of Security Analysts and provide guidance, mentorship, and support.
- Assess, design, document, and work with IT teams to implement security controls for critical applications and systems throughout the company network to meet security standards and best practice recommendations.
- Plan and schedule work with all areas of IT to ensure timely remediation of vulnerabilities based on security scans, penetration testing, or other means of detection of threats.
- Conduct thorough investigations of security alerts/incidents and provide detailed reports on findings and actions taken.
- Develop and implement security policies, procedures, and best practices to protect sensitive information and ensure compliance with regulatory requirements.
- Maintain and ensure annual updates of all security-related Infrastructure policies and procedures by working with the respective teams.
- Perform regular security audits, risk assessments, and vulnerability assessments to identify and mitigate potential security risks as well as ensure the effectiveness of security controls.
- Stay up-to-date with the latest cybersecurity trends, threats, and technologies.
- Reviewing email proxy phishing and spam queues. Provide guidance for tuning/adjustment of rules for the email proxy as needed.
- Develop, write, and maintain policies and procedures to ensure compliance with SOC 2, CIS Top 18, TISAX, and other relevant standards.
- Define rules for and assist with DLP system maintenance.
- Assist in overseeing 3rd party risk by communicating to vendors regarding mitigating discovered vulnerabilities.
- Lead incident response and assist with disaster recovery planning and execution.
- Monitor alerts and assess and improve on response plans based on the severity and applicability of the threat.
- Ongoing system maintenance, policy configuration changes, and patching.
- Participate in the recruitment and training of new team members.
- Participate in tabletop exercises within IT and operational areas.
Other security tasks as needed.
Job Qualifications - Typically requires a bachelor's degree or its equivalent
- At least 4 - 7 years of security work experience.
- Experience in conducting security training and awareness programs.
- Proficiency in conducting risk assessments, vulnerability assessments, and penetration testing, or working with pentesting firms.
- Strong understanding of cybersecurity compliance frameworks, standards, and best practices (e.g., NIST, CIS, TISAX, OWASP, etc.)
- Experience configuring, maintaining, and auditing application systems security controls.
- Knowledge of system and network exploitation, attack vectors and pathologies, intrusion techniques, such as phishing, denial of service attacks, OWASP Top 10 vulnerabilities, malicious code/malware, ransomware, password attacks, etc.
- Experience with Next Generation Firewalls, Next Generation EndPoint Protection products, IDS/IPS, and web application firewall technologies.
- Experience with SIEM log centralization solutions.
- Knowledge of current Windows Server, Windows Workstation, Apple, Linux, VMware, and Active Directory environments.
- Knowledge of Directory Services (LDAP, AD) and Internet/Intranet architecture and design.
- Experience with Email Security, Web Security, and DLP products.
- Professional certifications such as CISSP, CISM, CEH, or equivalent are highly desirable.
- Excellent analytical, problem-solving, and communication skills.
Standard Motor Products is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.