Sr. Engineer, Cyber Security
Holley Performance•Nashville, TN
3d
About The Position
THE SENIOR CYBERSECURITY ENGINEER IS RESPONSIBLE FOR DEFINING, IMPLEMENTING, AND CONTINUOUSLY IMPROVING THE SECURITY POSTURE OF HOLLEY’S TECHNOLOGY ENVIRONMENT. THIS ROLE ENSURES THAT SECURITY IS EMBEDDED INTO HOW WE DESIGN, BUILD, AND OPERATE SYSTEMS ACROSS INFRASTRUCTURE, APPLICATIONS, AND CLOUD PLATFORMS. THIS INDIVIDUAL ACTS AS BOTH A TECHNICAL EXPERT AND A STRATEGIC PARTNER, WORKING ACROSS IT, BUSINESS TEAMS, AND EXTERNAL PARTNERS TO PROACTIVELY IDENTIFY RISK, IMPLEMENT EFFECTIVE CONTROLS, AND ENABLE SECURE GROWTH. A KEY FOCUS OF THIS ROLE IS SUPPORTING REGULATORY AND COMPLIANCE INITIATIVES, WHILE ENSURING SECURITY PRACTICES ARE PRACTICAL, SCALABLE, AND ALIGNED TO BUSINESS OBJECTIVES. THE PRIMARY OBJECTIVE: REDUCE RISK, IMPROVE RESILIENCE, AND ENSURE SECURITY IS AN ENABLER—NOT A BLOCKER—TO THE BUSINESS.
Requirements
- 8–12+ YEARS OF EXPERIENCE IN CYBERSECURITY, WITH STRONG HANDS-ON ENGINEERING EXPERTISE.
- EXPERIENCE WORKING WITH MANAGED SECURITY SERVICE PROVIDERS (MSSPS) OR EXTERNAL SECURITY VENDORS.
- DEEP EXPERIENCE ACROSS MULTIPLE SECURITY DOMAINS (NETWORK, ENDPOINT, CLOUD, IDENTITY, APPLICATION SECURITY).
- EXPERIENCE WITH MODERN SECURITY TOOLS (SIEM, EDR, IAM, VULNERABILITY MANAGEMENT PLATFORMS).
- STRONG UNDERSTANDING OF CLOUD SECURITY (AWS PREFERRED; AZURE ACCEPTABLE).
- EXPERIENCE SUPPORTING COMPLIANCE FRAMEWORKS SUCH AS TISAX, SOX, ISO 27001, OR NIST.
- PROVEN ABILITY TO TRANSLATE RISK INTO ACTIONABLE TECHNICAL CONTROLS.
- STRONG ANALYTICAL AND INCIDENT RESPONSE CAPABILITIES.
Responsibilities
- DESIGN AND IMPLEMENT SECURITY SOLUTIONS ACROSS NETWORK, INFRASTRUCTURE, ENDPOINTS, IDENTITY, AND CLOUD ENVIRONMENTS.
- DEFINE AND ENFORCE SECURITY STANDARDS, PATTERNS, AND BEST PRACTICES ACROSS IT.
- EMBED SECURITY INTO SYSTEM DESIGN, APPLICATION DEVELOPMENT, AND INTEGRATION EFFORTS (“SECURE BY DESIGN”).
- PARTNER WITH ALL IT TEAMS TO ENSURE NEW SOLUTIONS MEET SECURITY REQUIREMENTS FROM THE OUTSET.
- EVALUATE EMERGING TECHNOLOGIES AND RECOMMEND IMPROVEMENTS TO STRENGTHEN OVERALL SECURITY POSTURE.
- LEAD ADVANCED THREAT DETECTION AND RESPONSE EFFORTS ACROSS THE ENVIRONMENT.
- OWN AND CONTINUOUSLY IMPROVE INCIDENT RESPONSE PROCESSES, INCLUDING PLAYBOOKS, ESCALATION PATHS, AND POST-INCIDENT REVIEWS.
- CONDUCT ROOT CAUSE ANALYSIS AND ENSURE CORRECTIVE ACTIONS ARE IMPLEMENTED AND SUSTAINED.
- SIMULATE AND TEST RESPONSE READINESS (E.G., TABLETOP EXERCISES, INCIDENT SCENARIOS).
- DRIVE IMPROVEMENTS IN DETECTION COVERAGE, RESPONSE TIME, AND OVERALL RESILIENCE.
- ESTABLISH AND MAINTAIN A RISK-BASED VULNERABILITY MANAGEMENT PROGRAM.
- PRIORITIZE VULNERABILITIES BASED ON BUSINESS IMPACT AND THREAT EXPOSURE—NOT JUST SEVERITY SCORES.
- PARTNER WITH IT TEAMS TO DRIVE TIMELY REMEDIATION AND REDUCE RISK EXPOSURE.
- TRACK AND REPORT ON RISK POSTURE, REMEDIATION PROGRESS, AND OUTSTANDING GAPS.
- PROACTIVELY IDENTIFY SYSTEMIC RISKS AND DRIVE LONG-TERM FIXES.
- PARTNER WITH THE IAM ENGINEER TO STRENGTHEN IDENTITY AND ACCESS MANAGEMENT PRACTICES ACROSS THE ORGANIZATION.
- SUPPORT IMPLEMENTATION OF LEAST PRIVILEGE ACCESS, ROLE-BASED ACCESS CONTROLS, AND PRIVILEGED ACCESS MANAGEMENT.
- ASSIST IN THE ROLLOUT AND GOVERNANCE OF IDENTITY PLATFORMS.
- ENSURE IDENTITY-RELATED CONTROLS ARE INTEGRATED INTO BROADER SECURITY ARCHITECTURE AND OPERATIONS.
- HELP DRIVE ADOPTION OF IAM BEST PRACTICES ACROSS IT AND BUSINESS TEAMS.
- OWN AND OPTIMIZE CORE SECURITY TOOLING (SIEM, EDR, VULNERABILITY SCANNERS, EMAIL SECURITY, NETWORK SECURITY TOOLS).
- ENSURE EFFECTIVE LOGGING, MONITORING, AND ALERTING ACROSS ALL ENVIRONMENTS.
- DRIVE AUTOMATION AND INTEGRATION ACROSS TOOLS TO IMPROVE EFFICIENCY AND RESPONSE TIMES.
- CONTINUOUSLY ASSESS TOOL EFFECTIVENESS—REDUCE NOISE AND IMPROVE SIGNAL.
- PARTNER CLOSELY WITH THE MANAGED SECURITY SERVICES PROVIDER (MSSP) TO ENSURE EFFECTIVE MONITORING, DETECTION, AND RESPONSE.
- ESTABLISH CLEAR ACCOUNTABILITY, SERVICE EXPECTATIONS, AND PERFORMANCE METRICS WITH THE VENDOR.
- CONTINUOUSLY EVALUATE VENDOR PERFORMANCE AND DRIVE IMPROVEMENTS WHERE NEEDED.
- ENSURE SEAMLESS COORDINATION BETWEEN INTERNAL IT TEAMS AND EXTERNAL PARTNERS—NO GAPS, NO DUPLICATION, NO FINGER-POINTING.
- ACT AS THE INTERNAL OWNER OF THE RELATIONSHIP, ENSURING SERVICES ALIGN WITH HOLLEY’S SECURITY PRIORITIES AND RISK POSTURE.
- LEAD AND SUPPORT CYBERSECURITY COMPLIANCE EFFORTS, INCLUDING TISAX, SOX, AND OTHER APPLICABLE FRAMEWORKS.
- TRANSLATE COMPLIANCE REQUIREMENTS INTO PRACTICAL, ENFORCEABLE CONTROLS.
- PARTNER WITH AUDIT AND RISK TEAMS TO PREPARE FOR AND COMPLETE AUDITS SUCCESSFULLY.
- MAINTAIN DOCUMENTATION OF CONTROLS, PROCESSES, AND EVIDENCE.
- ENSURE ONGOING ADHERENCE—NOT JUST POINT-IN-TIME COMPLIANCE.
- ACT AS A TRUSTED ADVISOR ACROSS THE ENTIRETY OF IT
- ENSURE SECURITY IS FULLY INTEGRATED INTO IT PROCESSES, NOT OPERATING AS A SILOED FUNCTION.
- ENABLE TEAMS TO MAKE SECURE DECISIONS WITHOUT SLOWING DOWN DELIVERY.
- SERVE AS THE ESCALATION POINT FOR COMPLEX SECURITY CHALLENGES.
- PROMOTE A CULTURE OF SHARED OWNERSHIP FOR SECURITY ACROSS IT.
- DRIVE INITIATIVES TO IMPROVE OVERALL CYBERSECURITY MATURITY.
- IDENTIFY GAPS IN CURRENT CAPABILITIES AND DEVELOP PLANS TO ADDRESS THEM.
- STAY CURRENT ON EMERGING THREATS, VULNERABILITIES, AND INDUSTRY TRENDS.
- CONTRIBUTE TO BUILDING A SECURITY-FIRST CULTURE ACROSS THE ORGANIZATION.
Benefits
- Competitive medical, dental, and vision coverage starting day one.
- 401(k) with company match
- Paid time off and 9 paid holidays
- Employee Assistance Program (EAP)
- Company-paid life and short-term disability insurance
- Employee discounts on Holley Performance Brands products, events, and partnerships
- Education Assistance program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
Number of Employees
501-1,000 employees
