Lead, Cyber Security Engineer
W.W.Williams · Irving, TX · 3 wk ago
Information TechnologyFull-time
Job Duties
- Own, evolve, and communicate the WW Williams Cyber Security roadmap aligned to NIST CSF (Identify, Protect, Detect, Respond, Recover) functions.
- Establish, document, and track security KPIs and KRIs to measure baseline performance, quantify risk reduction, and demonstrate continuous improvement to executive stakeholders.
- Develop and maintain security policies, standards, and procedures in alignment with regulatory requirements and industry frameworks (NIST 800-53, CIS Controls).
- Lead periodic cyber security maturity assessments; produce gap analyses with prioritized remediation roadmaps.
- Manage relationships with MSSPs, vendors, and third-party assessors; conduct vendor security reviews.
- Develop and implement threat detection strategies, including correlation rules and playbooks to minimize MTTD and MTTR.
- Lead incident response activities including containment, eradication, forensic investigation, and post-incident review (PIR).
- Maintain threat intelligence feeds; translate threat actor TTPs (MITRE ATT&CK) into actionable defensive controls.
- Conduct adversarial simulation exercises (purple team / tabletop) to validate detection and response capabilities.
- Administer and optimize advanced endpoint detection and response (EDR/XDR) platforms; enforce next-generation antivirus (NGAV) and behavioral anomaly detection policies.
- Manage Field Effect Covalence (MDR) or equivalent managed detection and response solution; triage and act on platform alerts in concert with the SOC.
- Oversee network security architecture including firewall rule-set management, IDS/IPS tuning, micro-segmentation, and zero-trust network access (ZTNA) initiatives.
- Govern cloud security posture (CSPM) across Azure/AWS/GCP environments; enforce least-privilege IAM, secrets management, and cloud-native security controls.
- Administer the KnowBe4 Security Awareness Training & Simulated Phishing platform; design targeted campaigns, track click-rate metrics, and report on risk reduction over time.
- Drive a measurable reduction in human-layer risk through role-based training curricula, phishing simulations, and coaching for repeat offenders.
- Serve as the internal security advocate; communicate risk in business terms to non-technical audiences including C-suite and field operations.
- Own the full vulnerability management lifecycle: scan, prioritize (CVSS + business context), remediate, and verify closure within SLA.
- Manage patch management cadences across servers, endpoints, OT/IoT-adjacent systems, and network devices.
- Champion secure-by-design principles; conduct security design reviews and code-level assessments for internally developed applications.
- Maintain a risk register and communicate residual risk posture to leadership on a regular cadence.
- Govern privileged access management (PAM), MFA enforcement, and identity lifecycle processes in Active Directory / Azure AD / Entra ID.
- Implement and maintain data loss prevention (DLP) controls; classify and protect sensitive business data across storage, transit, and endpoint.
- Oversee email security stack (anti-phishing, DMARC/DKIM/SPF, secure email gateway) and web proxy / DNS filtering.
Work Experience And Required Qualifications
- 8–10+ years of progressive, hands-on cyber security engineering experience in enterprise environments.
- Demonstrated experience building or maturing a security program against a recognized framework (NIST CSF, NIST 800-53, CIS Controls, or ISO 27001).
- Proven ability to define security baselines, measure current-state maturity, and track improvement over time using quantitative metrics.
- Hands-on experience with KnowBe4 (administration, campaign design, reporting).
- Hands-on experience with Field Effect Covalence, CrowdStrike Falcon, SentinelOne, Microsoft Defender XDR, or comparable MDR/XDR solutions.
- Strong working knowledge of SIEM platforms (Microsoft Sentinel, Splunk, or equivalent); ability to write detection rules and build dashboards.
- Strong understanding of network security principles: firewalls, IDS/IPS, NAC, VPN, ZTNA, and network traffic analysis.
- Experience managing vulnerability scanners (Tenable Nessus / Security Center, Qualys, or Rapid7 InsightVM).
- Proficiency with cloud security in at least one major cloud provider (Azure preferred); understanding of shared-responsibility model and CSPM tools.
- Strong written and verbal communication skills; able to produce board-ready risk reports and technical runbooks alike.
Preferred Qualifications
- CISSP, CISM, or GIAC certifications (GCIA, GCIH, GPEN).
- Scripting/automation skills (Python, PowerShell, KQL).
- Familiarity with OT/ICS security considerations.
- Purple team / adversary emulation experience (MITRE ATT&CK).
- PAM tooling (CyberArk, BeyondTrust, or Delinea).
- SOX 2 Type II, CMMC, or PCI-DSS compliance exposure.