Position Overview
The Senior Cybersecurity Engineer leads enterprise security operations, incident response, and technical security engineering across all Spotless Brands (Cobblestone, Flagship, Okie Auto Wash, Ultimate Shine). This role owns the organization’s security architecture, tooling, and roadmap, driving advancement of the company’s cybersecurity maturity aligned to the NIST Cybersecurity Framework (CSF) toward Tier 3.
This position partners closely with Infrastructure and IT teams to ensure security is embedded across all systems and initiatives, while mentoring junior cybersecurity resources and strengthening overall program effectiveness
Essential Functions (Other Duties as Assigned)
- Lead enterprise security operations, including threat detection, incident response, and forensic investigations; act as primary owner for all security incidents and coordinate response across IT and business stakeholders
- Own the cybersecurity roadmap, remediation plan, and risk register; drive continuous improvement aligned to the NIST Cybersecurity Framework (CSF) and report regularly on security posture and risk to leadership
- Own and execute the vulnerability management program end-to-end, prioritizing remediation based on risk and partnering with infrastructure teams to ensure timely closure
- Design, implement, and maintain security controls across identity, endpoint, network, and data environments; ensure security requirements are integrated into all infrastructure and application changes
- Own security architecture decisions and ensure alignment with business strategy and evolving threat landscape
- Own and manage security platforms, including Microsoft Defender, Purview, DLP, EDR, and identity protection; continuously evaluate and implement tools to improve visibility, detection, and response
- Lead the selection, implementation, and ongoing ownership of centralized monitoring and alert correlation capabilities
- Support and drive compliance initiatives (SOC 2, PCI-DSS, cyber insurance) by ensuring security controls meet regulatory and audit requirements
- Own the enterprise security awareness program, including training strategy, phishing simulations, and ongoing performance improvement based on user risk trends
- Report security awareness metrics, phishing results, and overall organizational risk posture to leadership on a regular basis
- Plan and conduct incident response tabletop exercises; document findings and ensure remediation of identified gaps
- Mentor and develop junior cybersecurity resources while building documentation, processes, and operational playbooks to scale the security function
Education and Experience
- Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field; equivalent professional experience considered in lieu of degree
- 5+ years of progressive cybersecurity experience, including hands-on security engineering, incident response, and vulnerability management
- Demonstrated experience leading a security program or maturity initiative aligned to a recognized framework (NIST CSF, ISO 27001, or similar)
- Relevant certifications preferred: CISSP, CISM, GSEC, GCIH, or equivalent
- Experience with Microsoft security stack (Defender for Office 365, Purview, Entra ID/Conditional Access, EDR, DLP) and multi-site/multi-brand environments preferred
Knowledge, Skills, and Abilities
- Strong knowledge of the NIST Cybersecurity Framework (CSF) and ability to translate a maturity gap assessment into an executable, prioritized roadmap
- Hands-on technical proficiency in identity protection, endpoint detection and response (EDR), data loss prevention (DLP), and email security platforms
- Ability to design and implement technical security controls and integrate security requirements into infrastructure and application changes
- Experience leading incident response and forensic investigations, including planning and facilitating tabletop exercises
- Working knowledge of compliance and audit frameworks (SOC 2, PCI-DSS) and cyber insurance requirements
- Strong written and verbal communication skills; able to translate technical risk into business terms for non-technical stakeholders and leadership
- Ability to mentor junior staff while independently owning a technical program with minimal day-to-day oversight
Physical Requirements:
- Approximately 10% travel to brand/site locations for security assessments, incident response, or tabletop exercises
- Ability to respond to critical (P1) security incidents outside standard business hours as needed
This job description in no way states or implies that these are the only duties to be performed by the employee(s) in this position. Employee(s) will be required to follow any other job-related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments.
All duties and responsibilities are essential job functions and requirements and are subject to possible modification to reasonably accommodate individuals with disabilities. To perform this job successfully, the incumbent(s) will possess the skills, aptitudes, and abilities to perform each duty proficiently. The requirements listed in this document are the minimum levels of knowledge, skills, and abilities.
Spotless Brands and its subsidiaries comply with federal and state disability laws and make reasonable accommodation for applicants and employees with disabilities. If reasonable accommodation is needed to participate in the job application or recruitment process, please contact the Human Resources department and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Human Resources team will respond to your email promptly.
Spotless Brands and its affiliate brands are Equal Employment Opportunity (EEO) employers. Spotless Brands invites all qualified interested applicants to apply for career opportunities. It is the policy of the company to provide equal opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran, disabled status or any other protected group status as defined by and subject to applicable federal, state and local laws. We use E-Verify to check employment eligibility: https://www.everify.gov/sites/default/files/everify/posters/EVerifyParticipationPoster.pdf and https://www.e-verify.gov/sites/default/files/everify/posters/IER_RightToWorkPoster%20Eng_Es.pdf