Cybersecurity Engineer

Overview:

We are actively seeking a highly skilled Cybersecurity Engineer possessing 5+ years of progressive experience managing significant information security platforms, with CISA or CISSP preferred. Candidates should live within a commutable distance to our headquarters in Lexington, Kentucky.

Why Gray?

Gray is a fully integrated, global service provider deeply rooted in engineering, design, and construction, along with smart manufacturing and equipment manufacturing services. Consistently ranked as a leader in the industry, we focus on the following markets for domestic and international customers: Food & Beverage, Manufacturing, Data Centers, Distribution, and Advanced Technology.

Founded in 1960, Gray's robust offering enables us to create one-of-a-kind solutions at the highest levels of customization, delivering unmatched precision and partnership to some of the world's most sophisticated organizations. Still, these areas don't define Gray—our people do. Passion, commitment, and a great team spirit all speak to the team members at Gray.

Responsibilities:

Position Summary

The Cybersecurity Engineer plays a pivotal role in safeguarding Gray's information assets and infrastructure from evolving cyber threats. Leveraging your experience and in-depth knowledge of information security principles and control processes, you will assist the Director, Information Security in the development, execution, and implementation of the cybersecurity roadmap to ensure consistent, appropriate information security controls are in place and effective across the Gray family of brands.

This role is the information security engineering subject matter expert for Gray and will provide cybersecurity expertise and leadership in the design, evaluation, configuration, and implementation of the IT infrastructure security controls and platforms. As a Cybersecurity Engineer, you will be a key technical resource to both technical and non-technical stakeholders, ensuring that controls are appropriate and correctly implemented. This position offers an exciting opportunity to contribute to the development and execution of Gray's information security strategy and the architecture and configuration of security platforms and controls.

What we expect… (Essential Functions)

• Serve as technical subject matter expert for the design, configuration and operation of security aspects of Gray's IT infrastructure components, ensuring they are maintained in accordance with Gray specifications, control frameworks such as ISO27001, NIST CSF, SP800-171, CMMC, and industry best practices.
• Participate in technology and security roadmap decisions, providing architectural guidance for systems that best fit into Gray's overall IT strategy and business needs.
• Work closely with the IT Operations team to drive the secure implementation, configuration, and maintenance of Gray's IT platforms and application components such as Microsoft Azure, Microsoft365, Egnyte, and Gray SaaS, IaaS, and PaaS environments.
• Perform monitoring and security control testing of systems and resources to ensure ongoing compliance to standards for secure operations.
• Assess, track, report, and remediate any security exceptions and incidents as they arise.
• Correlate activity across the Gray IT ecosystem to identify unauthorized activity.
• Provide cybersecurity incident response support, including detection and analysis, mitigating activities, and facilitating forensics analysis when necessary.
• Research and stay informed of potential information security threats, industry trends, emerging technologies, and response alternatives.
• Perform additional duties as needed.

Qualifications:

Who we want… (Requirements)

The Cybersecurity Engineer has an analytical mind and a detailed understanding of security methodologies. Security Engineers are expected to have a meticulous attention to detail, outstanding problem-solving skills, work comfortably under pressure, and deliver on tight deadlines. In addition:

• Certified Information Systems Security Professional (CISSP) or Certified Information Security Analyst (CISA) preferred.
• 5+ years of work experience managing information security platforms and tools.
• Knowledge of information security standards, data privacy laws, security frameworks.
• Demonstrated experience managing incident detection, incident response, and forensics activities.
• Possess a strong foundation in networking and server, and cloud operating environments and security configurations, penetration testing, and incident response, coupled with hands-on experience in managing security infrastructure components.
• Expertise in incident response processes and tools to detect, analyze, respond, and contain cyber security threats.
• Significant awareness of cybersecurity trends and attacker tactics and techniques.
• Outstanding analytical, problem-solving, oral, and written communication skills as well as excellent judgment and self-motivation.
• Proficiency in problem-solving, analytical thinking, and penetration testing and vulnerability scanning methodologies.
• Ability to react quickly, decisively, and deliberately in high-stress, high-impact situations.
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• Ability to effectively influence others to modify their opinions, plans or behaviors.
• Must have a willingness to educate fellow team members, have patience and the capability to provide support as necessary.
• Must be well organized, efficient, detail-oriented, and able to work independently as well as a member of a team.

Physical Demands & Work Environment

The physical demands described here are representative of those that must be met by a team member to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this position, the team member is frequently required to stand, walk, sit, use hands, reach with hands or arms and talk or hear. They may occasionally be required to climb or balance, stoop, kneel, or crouch. Must occasionally lift and/or move up to 50 pounds. Specific vision abilities required include close vision.

Generally, normal office environment where noise level is moderate and temperature/humidity is controlled. Overtime may be required.

Supervisory Responsibilities

This position does not have any supervisory responsibilities.

EEO Disclaimer

Gray is proud to be an Equal Opportunity Employer and welcomes everyone to apply. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, or protected veteran status and will not be discriminated against on the basis of disability.