Senior Security Engineer

Genuine Parts Company – Enterprise Security Team – North America

Genuine Parts Company (GPC) is a service organization engaged in the sale and distribution of automotive replacement parts, industrial replacement parts, and electrical/electronic materials. In North America alone, our products and services are offered through a network of over 6,000 retail locations. Globally, GPC has business operations in North America, Europe, and the Asia Pacific region.

Job Description

The Security/Sr. Security Product Engineer is a security practitioner with a development background. The security engineer will work with developers to secure and update our current single sign on application that supports 53 applications through the entire SDLC process. The security engineer will assist in moving the current identity applications to more modern toolset while securing the application through the migration. Changes to the current application will also need to be reviewed for security issues and vulnerabilities. The security product engineer will work to achieve the GPC Identity and access management requirements and will be instrumental in helping us improve GPC Identity and access management. The Security Engineer serves as a bridge between the software development, cyber security, infrastructure, and operations teams. This role uses a collaborative approach to identify and optimize the interdependencies between these teams, from a cyber security, compliance, and risk perspective.

The current identity application is a critical application and must be ensured running on a daily basis. This involves validating the operations with the development team and ensuring any operational changes do not compromise the security of the application. Participating and facilitating IT operations calls will be necessary.

The security product engineer will work with onshore development leads and offshore developers.

Responsibilities

• Understanding of security solutions providing single sign on (SSO)
• Identifies interdependencies and productivity barriers between the software development, infrastructure, cyber security, and operations teams.
• Familiar with the use of Jira, GitHub and ServiceNow to facilitate issue review
• Creates security & architectural diagrams, design specifications, and support documentation.
• Assists in application & infrastructure integration on multi-platform systems from a cyber security perspective.
• Assists in the development, support, planning, & hardening of systems and applications infrastructure.
• Understands security & firewall implications on designs.
• Understanding of full stack design, and OWASP Top 10 security.
• Manages team of development/support contractors.
• Ensures solutions being evaluated and implemented are compliant with PCI-DSS, NIST, CCPA, and GPC Enterprise Security.
• Reviews changes to the infrastructure for potential impact to the protection of critical assets.
• Experience in software development in languages Java/JavaScript.
• Experience with .NET and SQL databases.

Qualifications

• Bachelor’s Degree, or the equivalent combination of education, technical training, or work/military experience.
• Preferred years of experience is 3-5 working in an enterprise level infrastructure or application project team.
• Experience facilitating End User Technology and Security projects for a Fortune-500 company.
• Excellent communications skills to effectively information share with project team members and senior managers.
• Be available to work outside of the traditional hours and days to facilitate project or issue events when required.
• Can effectively work with diverse project team members and be able to instill a unified drive to achieve project objectives and milestones.
• Skilled in conceptualizing creative solutions, documenting them, and presenting/selling them to senior management.
• Preferred certifications: CISSP, CISA, PMP, other Security or Audit related Certifications
• Demonstrated ability to work independently and with others.
• Proficiency with Microsoft Office 365 suite and applications (Word, PowerPoint, Excel, Outlook, SharePoint,, Visio, Teams).
• Strong analytical, technical, and problem-solving skills.
• Innovative, creative, and extremely responsive, with a strong sense of urgency.
• Willing to share knowledge and assist others in understanding technical and business topics.
• Ability to interpret information security data and processes to identify potential compliance issues.
• Ability to quickly understand security systems to identify and validate security requirements.
• Understanding of auditing information systems.
• Experience with SSO and Identity application support.
• Experience with the overall software development lifecycle
• Strong interpersonal and communication skills to work with development, infrastructure, and operations teams.
• Understanding of cloud-based application integrations and software as a service implementation.

LICENSES & CERTIFICATIONS: CISSP or CISM desired but not required