Springs Window Fashions is hiring for a Senior IT Security Engineer based in our Middleton, WI corporate headquarters.

This is an onsite role, fully remote is not an option.

Springs Window Fashions has been part of the window treatments industry since 1939. Headquartered in Middleton WI, we have over 8,000 associates and 18 locations worldwide. Our products are available in nearly every major retailer, in thousands of designer showrooms and showcased in large commercial buildings. Our company is privately owned with products marketed across a broad portfolio of brands including Bali, Graber, SunSetter and Mecho. We pride ourselves as The Best Experience Company, striving to provide the best experience for our consumers, channel partners, and associates.

Job Summary

Springs Window Fashions is seeking a highly motivated Senior IT Security Engineer to join our IT Security Team. As a lead specialist you will be leading various security programs and mentor other Security Engineers. This position will be responsible for implementing and managing all aspects of Cyber Security. As such, you must have a strong & proven technical background and leverage it to become a trusted Security Expert in the Company.

We are looking for a Senior IT Security Engineer who can design, define, and execute the security architecture, standards, configuration, and monitoring of services & technologies at Springs. You will be working with a talented team of associates with a shared mission to make Springs secure and drive our cybersecurity success under the direction of Springss Director of IT Infrastructure and Security.

The Senior IT Security Engineer will provide several core functions for the enterprise including identification, investigation, and resolution of potential security incidents. They will Serve as the first line of defense against threat vectors, prevent network breach and data loss, and minimize the impact on business operations. This role will participate in the creation and or maintenance of policies, security metrics, standards, baselines, guidelines, and procedures as well as conducting vulnerability assessments and disaster recovery planning. They will handle day-to-day security vendor relationships and work closely with all security service providers. They lead the charge and champion compliance and framework adherence for the IT department.

Job Duties

• Planning and design of enterprise security functions under the direction of senior IT leadership, where appropriate
• Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures (GRC))
• Develop and report key security metrics
• Participate in the planning and design of an enterprise Business Continuity Plan and Disaster Recovery Plan, under the direction of the Business Continuity and Disaster Recovery Teams, where appropriate.
• Security Awareness: Develop content for organization wide and targeted security awareness training. Present relevant information security topics through a variety of forums depending on the audience.
• Compliance planning and implementation with focus on PCI-DSS and SOX.
• Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
• Lead or manage technical system security audit efforts by working with Compliance Team members.
• Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
• Lead the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating practices and in compliance with the enterprises security documents.
• Ensure that up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.) are maintained.
• Monitor all in-place security solutions for efficient and appropriate operations.
• Review logs and reports of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.). Interpret the implications of that activity and devise plans for appropriate resolution.
• Participate in investigations into problematic activity.
• Perform real-time proactive security monitoring, detection and response to security events and incidents within the enterprise network.
• Participate and or lead in the design and execution of vulnerability assessments, penetration tests and security audits.
• Working technical knowledge of vulnerability and port scanning, data loss prevention, email gateways, Web Gateways, web proxies, URL filtering, anti-virus and other standard security monitoring/management tools.
• Other duties as assigned

Education and Experience

* Bachelors degree and 3 years of equivalent work experience

* The following certifications are recommended. Ability to obtain CISM or CISSP with 6 months of employment.

• CISM
• CISSP
• GIAC Security Essentials (GSEC)
• GIAC Information Security Fundamentals (GISF)

This position has 24/7 responsibility for key IT Security equipment. Must be willing to respond to incident detection and security-based outages 24/7

Preferred Experience

• Experience with Security as a Service providers
• Experience with Python, Perl, Ruby or PowerShell
• Experience with Automation (Puppet, Chef, Ansible, etc.)
• Network Security: Firewall, IDS/IPS and threat protection administration
• Experience with CrowdStrike EDR, Spotlight, Logscale, Identity protection
• Experience with identity management and zero trust identity
• Experience with cloud security technologies

Behavioral Competencies

• Ensures Accountability Holding self and others accountable to meet commitments
• Drive Engagement Creating a climate where people are motivated to do their best to help the organization achieve its objectives
• Instill Trust Gaining the confidence and trust of others through honesty, integrity, and authenticity
• Drive Results Consistently achieving results, even under tough circumstances
• Consumer/Customer Focus Building strong customer relationships and delivering on customer-centric solutions
• Critical Thinking Making Sense of complex, high quantity, and sometimes contradictory information to effectively solve problems
• Being Resilient Rebounding from setbacks and adversity when facing difficult situations
• Optimize Work Processes Knowing the most effective and efficient processes to get things done, with a focus on continuous improvement