Senior Engineer, Information Technology Security

  • 31 May 2019 9:20 AM
    Message # 7525121
    James Walters (Administrator)

    Senior Engineer, Information Technology Security - Richmond, Virginia (VA)

    Lumber Liquidators Corporate Office, Toano, Virginia, United States of America, Lumber Liquidators Richmond Office, Richmond, Virginia, United States of America Req #7133

    Tuesday, May 28, 2019

    Lumber Liquidators…A GREAT place to work!

    With more than 400 locations, Lumber Liquidators is North America’s largest specialty retailer of hardwood flooring. Our associates drive our success through a commitment to providing customers with the highest quality product at the lowest prices. Lumber Liquidators offers excellent career growth opportunities. Other benefits include a low premium medical plan, paid holidays and time off, a 401(k) plan with an employer match that is immediately vested, and a casual work environment.

    Job Summary: This position defines and drives security initiatives to continually improve the company’s ability to identify and safeguard against cyber risks.  This position will further scope out, present and implement recommendations to remediate the Company’s technology and processes to safeguard corporate systems, data, and related property.   

    Job Title: Senior Engineer, Information Technology Security                                          

    Department: 9904- Information Technology                                                      

    Reports To: Information Security Officer                                               

    Job Status: Exempt                                                                             

    General Work Schedule: This position routinely works Monday through Friday.  May work beyond a standard full-time schedule and may involve some evening or weekend work based on business needs.

                                       

    Primary Functions:

    Empower a security culture:

    Drive foundational efforts of Lumber Liquidators’ security program that set the strategic direction. 

    • Partner across the business to understand objectives and tailor security efforts to enable those needs
    • Help define and manage the lifecycle of security standards, policies and procedures
    • Perform ongoing focused security assessments for company systems, data, and processes
    • Be part of building an enterprise security awareness program and provide internal security advisory on IT and business projects
    • Drive continuous operational security improvements through the capture and measurement of KPIs
    • Train and develop technical support and applications staff on security-related subjects
    • Participate in audit, loss prevention, and other risk-related processes to support and guide as necessary

     

    Deliver enterprise security technology:

    Utilize technical depth to implement and operationalize the technologies that close gaps and build visibility.

    • Help assess the company’s security capabilities, and outline a technical coverage roadmap
    • Evaluate, test, deploy and manage security-centric tools that safeguard company systems, users and data
    • Collaborate across the CIO organization to ensure that security technologies and ops meet a defined sustainability plan (availability, change management, system monitoring, support)
    • Stay current on the security technology landscape, partnering with vendors to evaluate key technologies and influence product roadmaps
    • Identify opportunities for system and process automation that improve tool integration and team efficiency

     

    Impact through security operations:

    Execute an efficient and effective analysis and response playbook identifies and quickly resolves security issues.

    • Own and drive ongoing security operations including threat awareness, event monitoring, platform develops, incident communications and issue resolution
    • Lead an enterprise vulnerability management program, working with asset owners to improve posture through proper scanning, patching and validation of hosts and endpoints
    • Participate in and lead tactical security initiatives with a matrixed team across IT and the business
    • Monitor networks and systems for security breaches, through the use of software that detects intrusions and anomalous system behavior
      • Perform systems forensics, incident response and investigations, including working with law enforcement (as needed)
      • Serve as escalation contact for systems issues that cannot be resolved with standard procedures or personnel, including off-hours

    Continually monitor external threat landscape for potential risks to Lumber Liquidators

     

    Knowledge, Skills & Abilities 

    • Familiarity with retail operations including point-of-sale systems.
    • Ability to self-motivate, multi-task, prioritize and manage tasks and deadlines in fast-paced environment.
    • Excellent interpersonal skills with experience collaborating with multiple departments on projects, implementations, training, etc.
    • Ability to independently troubleshoot and solve problems, analyze, plan and lead projects.
    • Ability to maintain an extremely high level of discretion, confidentiality, and professionalism.
    • Ability to work flexible schedules and to be available for investigations when needed outside of business hours.

     

    Education:

    • Bachelor's Degree in Computer Science, Computer Engineering or equivalent military or professional experience

     

    Related Experience, Qualifications and/or Certifications:

     

    • Certifications: Network+, Security+, SANS, CISSP, SSCP, CISM, etc.
    • 5-7 years of experience working with network & operating system security concepts
    • 5-7 years of experience with system hardening across host, endpoint and/or mobile platforms
    • 5-7 years leading technical system implementation and management within enterprise environments
    • 5-7 years leading enterprise security initiatives, employing structured methodologies (Scrum, Kanban, DevOps, waterfall)
    • 5-7 years of experience working with host and network-based intrusion detection and prevention systems, signature development and event / alert analysis
    • 3+ years of experience working with cyber-security and information security risks and controls
    • 3+ years of experience of data analytics and reporting, including building centralized SIEM/reporting platforms
    • 3+ years of experience developing and delivering recommendations to non-technical business areas

     

     

    Computer Skills / Special Equipment Knowledge:

    • Experience designing and implementing enterprise security technologies for endpoint, network, database, application, mobile
    • Experience with system and network administration and maintenance:
      1. Cisco router / switch / firewall / wireless
      2. Windows Server 2008/2012/2016, Exchange/Exchange Online, Active Directory, SQL Server*nix (CentOS, RHEL), VMware vSphere
      3. Windows 7/8/10, MacOS, MS SCCM, MS InTune, Altiris, McAfee ePO
      4. HP OpenView, SolarWinds,
    • Experience with security technology administration and usage:
      1. IDS / IPS (Cisco, Juniper, Snort, Suricata, Bro, Security Onion, OSSEC), Tenable Nessus, NMAP, Wireshark, TripWire, Netflow/PCAP analysis
      2. Windows O365 native tools (Defender, Defender ATP, BitLocker, App Locker, Credential Guard), EPP/EDR tools (McAfee VSE/ENS/HIPS, Sophos, Symantec SEP, CarbonBlack, Endgame, Cylance)
      3. LogRhythm, ELK stack, Splunk, ArcSight
      4. SCCM, Qualys, Nessus, Rapid7

          

    Apply 

Copyright 2018, International Information Systems Security Certification Consortium, Inc. (“(ISC)²), in website format and trade dress only. All Rights Reserved. (ISC)², CISSP, SSCP, CAP, ISSAP, ISSEP, ISSMP, CSSLP, and CBK are registered certification, service, and trademarks of (ISC)². Disclaimer: (ISC)²” does not own, operate, or moderate this website. All content of this site, exclusive of licensed trademarks or copyright, is the property of the designated (ISC)² Chapter organization, which is not owned, managed, or controlled by (ISC)² and operates independent of (ISC)².

P.O. Box 2566, Glen Allen, VA 23058-2566

Powered by Wild Apricot Membership Software