WHAT YOU'LL DO The Cybersecurity Lead Engineer is responsible for security monitoring and incident response for Cox Automotive infrastructure, mission critical products, and numerous lines of businesses. Using and developing best in class security tooling and processes, the engineer will be solving critical and complex Cybersecurity related issues. Performs advanced cyber threat analysis, collaborates with internal teams and external parties, and provides expert guidance to applicable stakeholders, improving the security posture of the organization. Interfaces with leadership and supports incident related communications, while working under high pressure situations. Key Responsibilities Security Monitoring Leads security operations center (SOC) event escalations and responds to internal and external threats. Implements advanced security monitoring techniques to identify malicious behavior in on-premise networks, computing, email systems, identity services, and cloud environments. Builds and develops threat detection and automated remediation use cases utilizing SIEM, Threat Intelligence platforms, EDR, IPS, DDoS protection, and other security technologies. Develops and advances security tooling for better detection and response to security use cases and needs. Performs threat hunting activities to identify compromised systems or issues not detected by security controls. Develops and maintains security plans, processes, and procedures defining monitoring and Threat Intelligence programs. Reviews proposed security product deployments to ensure monitoring requirements are met. Provides off-hour support as needed for security monitoring and response activities. Other duties may be assigned as needed to address threats to the organization. Incident Response Leverages forensic tool sets to investigate incidents and implements advanced tools to accelerate incident response investigations. Works closely with the SOC, external forensic providers, and internal teams to respond to and remediate security incidents. Reviews compromised systems and environments, partnering with stakeholders to perform root cause analysis, threat identification, containment, eradication, and recovery. Performs postmortem and root cause analysis reviews with stakeholders including engineering teams, leadership, legal, enterprise risk, and associated business partners. Works closely with leadership providing incident details and strategic guidance based on incident outcomes and lessons learned. Continuously improves incident handling tasks, procedures, and documentation. Conducts and supports incident response tabletop exercises. Correlates incident data and Threat Intelligence to identify specific vulnerabilities and make recommendations that enable swift remediation. Emerging Threats Monitoring Obtains information and stays up to date on the latest threats and security trends in a fast and efficient manner to keep organizational environments protected. Researches new TTPs (tactics, techniques, and procedures) threat actors are utilizing to undermine environments of organizations. Leverages Threat Intelligence systems to monitor for emerging threats that may impact the organization. Service Desk and Incident Management Assists in investigation and resolution of security issues. Helps support PagerDuty call trees and escalation procedures. WHO YOU ARE Security MonitoringAbility to: Work with internal stakeholders conducting security monitoring of IDS, SIEM, EDR, Email, Threat Intelligence and Cloud based technologies. Perform security event correlation, triage, and analysis. Apply Threat Intelligence to respond appropriately to security events. Recognize when a network/system/environment has been compromised by an internal or external threat actor. Work on projects to improve security monitoring and response capabilities. Demonstrate strong understanding of defense-in-depth security practices. Utilize strong security engineering and architecture background to employ the most effective and efficient monitoring solutions. Conduct effective communication of security issues to leadership and others. Maintain the security monitoring operational guidelines and standards for security. Incident ResponseAbility to: Perform incident response and forensic activities for internal and external threats. Work with internal teams and external forensic services to respond to incidents. Ensure all identified issues in security are promptly and thoroughly investigated/remediated. Ensure security incidents are documented accurately and holistically. Knowledge, Experience & Qualifications Essential Bachelor of Computer Science degree or related field or equivalent combination of industry related professional experience and education. Working experience with Information Security, Network Security, Security Monitoring, and Incident Response. Working experience with industry standard security technologies and services relating to Threat Intelligence, Firewalls, VPN, IDS, Endpoint Security, Email Security, Proxy, SIEM. Strong experience with event log analysis and correlation. Desirable GSEC, GCIA, GFE, GCFA, CISA, CISSP, CISM, or CIA certification(s Administration, engineering, or architecture background. USD 128,000.00 - 213,500.00 per yearCompensation:Compensation includes a base salary of $128,000.00 - $213,500.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.Benefits:The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company's needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, parental leave, and COVID-19 vaccination leave.About Cox AutomotiveAt Cox Automotive, people of every background are driven by their passion for mobility, innovation and community. We transform the way the world buys, sells, owns and uses cars, accelerating the industry with global powerhouse brands like Autotrader, Kelley Blue Book, Manheim and more. What's more, we do it all with an emphasis on employee growth and happiness. Drive your future forward and join Cox Automotive today!About CoxCox empowers employees to build a better future and has been doing so for over 120 years. With exciting investments and innovations across transportation, communications, cleantech and healthcare, our family of businesses - which includes Cox Automotive and Cox Communications - is forging a better future for us all. Ready to make your mark? Join us today!Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k, and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO For more details on what benefits you may be offered, visit our benefits page (link removed) is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual's age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law. Cox provides reasonable accommodations when requested by a qualified applicant or employee with disability, unless such accommodations would cause an undue hardship.Statement to ALL Third-Party Agencies and Similar Organizations: Cox accepts resumes only from agencies with which we formally engage their services. Please do not forward resumes to our applicant tracking system, Cox employees, Cox hiring manager, or send to any Cox facility. Cox is not responsible for any fees or charges associated with unsolicited resumes.