Holman is a family-owned, global automotive services organization anchored by our deeply rooted core values and principles that have enabled us to continue Driving Whats Right throughout the last century Our teams deliver the Holman Experience by treating our customers and each other as we would like to be treated, and creating positive, rewarding relationships all around.
The automotive markets Holman serves include fleet management and leasing; vehicle fabrication and upfitting; component manufacturing and productivity solutions; powertrain distribution and logistics services; commercial and personal insurance and risk management; and retail automotive sales as one of the largest privately owned dealership groups in the United States.
Holman a Computerworld 2024 Best Places to Work in IT company - is hiring a Security Analyst II for a fully remote opportunity.
Responsibilities
Monitors and responds to escalated security alerts.
Implements processes to ensure all security monitors are operational.
Supports and mentors junior staff in alert analysis and incident investigations.
Leads analysis of security events to determine their nature, severity, and potential impact on the organization.
Escalates based on impact and severity of alerts, works collaboratively with others to investigate and respond to higher priority alerts in a timely manner.
Develops documentation of incident details, investigation findings, and response actions taken for future reference and analysis.
Creates security operations controls, playbooks, procedures and guidelines.
Performs investigation and responds to alerts generated by Security Operations tooling such as IDS/IPS, SIEM, Web Proxy technologies through the entire Incident Response life-cycle.
Oversees documentation of incident details, investigation findings, and response actions taken for future reference and analysis.
Interacts with internal IT and business partners, legal, security, and outside agencies during incident investigations.
Work collaboratively with other members of the SOC team to investigate and respond to security incidents in a timely manner.
Implements, develops and enhances SIEM, IDS/IPS, Proxy, EDR/XDR, Vulnerability Management and other security solutions.
Recommends and applies adaptive security measures based on investigative findings and threat monitoring.
Advises management on best practices, current trends, and pertinent changes in internal/external threats and opportunities for improvement. Presents action plans for implementation and approval
Stays current on best practices, current trends,and pertinent changes in internal/external threats and opportunities in atimely and anticipatory manner. Advises management on key findings.
Performs all other duties and special projects as assigned.
Relevant Experience
4-7 years of combined Information Security and Technical Administration Experience.
Experience developing security controls for Iaas, PaaS, SaaS and traditional infrastructure and applications.
Strong familiarity of fundamental and operational concepts in information security, including network security, encryption, authentication, and incident response.
Experience with common security technologies and tools, such as SIEM platforms, firewalls, intrusion detection/prevention systems, and endpoint security solutions.
Strong working knowledge of networking protocols, TCP/IP, and operating systems (Windows, Linux).
Demonstrated use of security defensive frameworks such as CIS Top 20 Controls, CIS Hardening Standards, NIST SP 800-53, OWASP and MITRE ATT&CK
Familiarity with apply scripting languages into security operations procedures and investigations (examples in Python or PowerShell).
Strong working knowledge of networking, systems management, operating systems, and cloud security.
Education and/or Training
Bachelors degree in Computer Sciences, Information Security, or equivalent work experience.
Security certifications such as Security+/GSEC/CISSP/other GIAC or advanced technical certifications are a plus but not required.
#LI-FB1
#LI-REMOTE