SR Cybersecurity Engineer
The Senior Cybersecurity Engineer is responsible for establishing and operating cybersecurity controls across a fragmented technology environment spanning cloud infrastructure, enterprise applications, endpoint platforms, and customer-facing systems. The business spans manufacturing, distribution, field service, and customer-facing software products, with global engineering teams building and maintaining proprietary software for the car wash technology space.
This role will operate independently to identify, prioritize, and resolve the most critical security risks. Initial focus areas include identity and access control, including the development of role-based access models, and targeted vulnerability reduction. The position must work across Infrastructure, Technology Operations, Enterprise Applications, and Engineering teams where ownership is not always clearly defined.
This is a hands-on role focused on execution and risk reduction. The role reports directly to the CIO and operates with executive backing to drive remediation and enforce standards across the organization. It is not a compliance or consulting role. It is expected to prioritize and sequence work across identity, vulnerability management, incident response, and tooling, focusing first on the highest-risk areas and expanding coverage over time.
Responsibilities:Operational Prioritization and Risk Ownership
Assess security risks across cloud, endpoint, network, and enterprise application environments.
Identify and prioritize the most critical risks, including access sprawl, cloud exposure, and unremediated vulnerabilities.
Focus efforts on high-impact risk reduction in prioritized areas of the environment.
Identify and Access Control
Establish and enforce access request and approval processes across systems
Define and implement practical access control standards across:
o Azure/Entra ID
o Enterprise business Systems and applications
Develop and implement role-based access control (RBAC) models, beginning with core business roles and extending across systems.
Reduce over-permissioning and address fragmented access models
Implement controls for contractor and vendor access
Conduct access reviews and ensure remediation is completed
Vulnerability Management and Remediation
Review and prioritize vulnerabilities identified across cloud, endpoint, and infrastructure environments
Identify vulnerabilities that represent real business risk and focus remediation accordingly
Driver remediation across infrastructure, Enterprise Applications, and Engineering teams
Execute remediation directly where ownership is unclear or action is delayed
Establish practical tracking and accountability for vulnerability remediation
Incident Response and Security Operations
Act as the primary internal owner for security incidents and alerts
Coordinate with external security monitoring and response providers and internal logging platforms
Define and enforce severity levels and escalation paths
Lead response to high-severity incidents and execute containment actions as needed
Ensure incidents are actively managed and resolved across teams
Security Tooling Ownership and Optimization
Own the effectiveness of security tooling across endpoint, cloud, network, and monitoring domains
Improve configuration and effectiveness of existing tools in priority areas
Identify gaps, overlaps, and opportunities for rationalization across the security stack
Ensure tooling is aligned to risk reduction and not solely reporting
Data Protection and Information Governance
Support the phased implementation of data protection capabilities, including data loss prevention and data classification
Contribute to the development and refinement of policies and controls for sensitive data handling
Assist in establishing processes for alert triage, escalation, and exception handling related to data protection controls
Support investigations and information discovery activities as needed
Collaborate with stakeholders to promote appropriate data handling practices and reduce risk over time
Cross-Functional Execution and Security Input
Work across Infrastructure, Enterprise Applications, and Engineering teams to resolve security risks and vulnerabilities
Drive accountability for remediation and control adherence without relying on formal authority
Enforce security standards and remediation expectations across teams with executive backing
Provide practical security input into system design, integrations, and platform changes across cloud and customer-facing systems
Step in to resolve issues that lack clear ownership or stall across teams
Qualifications:Education and Formal Training:
Bachelors degree in Information Security, Information Technology, Computer Science, or a related field preferred
Relevant certifications such as Security+, CISSP, Azure Security Engineer, or similar are a plus but not required
Experience:
58 years of hands-on cybersecurity experience across multiple domains such as identity and access, endpoint security, cloud security, or security operations
Experience operating in mid-maturity or fragmented environments with mixed security tooling and unclear ownership
Experience with Microsoft security and identity platforms, including Azure / Entra ID
Experience with endpoint security and cloud security tools
Familiarity with SIEM, logging, and managed detection and response (MDR) environments
Working knowledge of network security concepts and controls
Preferred experience supporting enterprise business systems and customer-facing platforms
Preferred exposure to data protection capabilities such as DLP, classification, or information governance
Preferred experience supporting environments with mixed device management and third-party service providers
We offer 100% employer paid medical plan. Other optional benefit programs are available to our employees and their families which include: 401(k) match, additional medical plans, dental, vision, flex spending account, short-term and long-term disability & life insurance coverage.
