AutoNation is one of the largest automotive retailers in the United States, offering innovative products, exceptional services, and comprehensive solutions, empowering our customers to make the best decisions for their needs. With a network of dealerships nationwide strengthened by a recognized brand, we offer a wide variety of new and used vehicles, customer financing, parts, and provide expert maintenance and repair services. Through DRV PNK, we have raised over $40 million for cancer-related causes, demonstrating our commitment to making a positive difference in the lives of our Associates, Customers, and the communities we serve.
So what do you say? Are you ready to be part of something big?
Autonation is looking for an Information Security Operations Manager to be a hands-on technical resource and manage a security operations team. This role’s primary responsibilities include managing a security operations team, triaging security alerts, supporting security tools, managing incident response activities and providing hardening recommendations to improve AutoNation’s security posture. This work requires the manager to be able to manage people and work hands on with security tools, documenting processes, and collecting metrics. Areas of responsibilities include SOC, application security, cloud security, end point security, vulnerability management, cybersecurity incident response, pentests and assessments and email security.
Organizational Relationships:
This role works with the technology and development teams, business units and 3rd parties to promote, support and follow up on security events, vulnerabilities and security controls.
Job Responsibilities include:
- Manages a team of technical engineers, responsible for the effective coordination and execution of day-to-day security operation activities including implementing and administering security tools, procedures and processes.
- Security Operations manages tuning recommendations and responding to security alerts and investigations both internal and external.
- Manages the Cybersecurity Incident Response program and tasks.
- Manages SOC, SIEM and alerts.
- Responsible for data security resources.
- Responsible for Cloud Security, Application Security and Vulnerability Management.
- Responsible for endpoint security AV, IPS/IDS and web proxy.
- Oversee firewall rules and security feeds/configuration.
- Develops work plans and priorities for the SecOps team based on objectives received.
- Is responsible for all performance related activities, including performance reviews. Provides input to compensation decisions.
- Integrates internal and external resources to meet team and organizational needs.
- Identifies areas of risk and develops remediation strategies.
- Developing, supporting and remediating security assessments.
Team Responsibilities Include:
- End-point security technologies administration and maintenance.
- Network security tools.
- SIEM alerting, tuning and response. Analyze logs, identify, recommend, and improve current logging requirements and help oversee SIEM environment.
- Cybersecurity investigations for both internal and external threats.
- Email Security investigations and response.
- Cryptographic key and digital certificate oversight.
- Participate in Cybersecurity Operations on call rotation with some after hours and weekend work required.
- Make recommendations to management on enhancements to existing and new security hardware, software or related tools. Assist in evaluating, planning, configuration, and implementation of new/existing security applications/tools.
- Perform risk analysis for corporate functional and technical areas relevant to data security.
- Configure, implement, monitor, and support security software/systems that will help ensure compliance with regulatory, industry, and corporate policies and procedures. This includes but is not limited to Intrusion Detection System/Intrusion Prevention System (IDS/IPS - Host/Network/Wireless), secure file transfer, Data Loss Prevention (DLP), full disk encryption, firewall rule assessments, log management/correlation, secure password storage/retrieval, application whitelisting, vulnerability management, threat hunting, etc.
- Identify security threats and provide recommendations and remediation steps.
- Support security assessments and remediation.
Experience
- Preferably 7-10 years in a Security Operations role.
- People management experience preferred.
- Experience investigating and identifying threats.
- Experience working with forensics tools and developing processes.
- Experience administering and managing end point security and network security tools.
- Creating and maintaining runbooks, policies, and procedures.
- Cloud and application security knowledge.
Qualifications:
- B.S. Degree required in Computer Science, Information Technology, or related field of study; or any equivalent combination of relevant background, skills and experience.
- 7-10 years relevant experience in Information Security in medium to large organizations.
- One or more security certifications such as CFCE, CCE, CSFA, CISSP, CISA, SANS GIAC, or relevant security certification(s) required. Additional technology certifications such as MCSE, CCNA/CCNP, PMP, etc. preferred.
- Strong analytical, prioritizing, interpersonal, problem-solving, and presentation, project management (from conception to completion) and planning skills
- Strong verbal and written communication skills.
- Strong negotiation/mediation skills.
- Ability to work with and influence senior management.
- Ability to work in a fast-paced and deadline-oriented environment.
- Self-motivated with critical attention to detail, deadlines and reporting.
Linked-in
Google