CYBER SECURITY ENGINEER REPORTS TO IT DIRECTOR
STATUS EXEMPT
Summary --------
Boot Barn is where community comes first. We thrive on togetherness, collaboration, and belonging. We build each other up, listen intently, and implement out-of-the-box ideas. We celebrate new innovations, congratulate one anothers achievements, and most importantly, support each other. At Boot Barn, we work together to make a positive impact on the world around us, and by working collectively with encouragement, we consider ourselves Partners.
Our vision is to offer everyone a piece of the American spirit - one handshake at a time. The Cyber Security Engineer is responsible for designing, implementing, and continuously improving Boot Barns information security program. This role protects enterprise systems and cloud environments, including Azure, Microsoft 365, and AWS, while helping mature the organizations overall security posture.
Essential Duties and Responsibilities ------------------------------------
• Operate and optimize security platforms, including CrowdStrike, Microsoft SIEM, Nessus, and SquareX. • Monitor, investigate, and respond to security alerts, incidents, and potential threats. • Perform log analysis and SOC-style monitoring as needed. • Lead vulnerability management activities, including scanning, prioritization, remediation, tracking, and reporting. • Conduct quarterly phishing campaigns and report metrics and trends. • Lead weekly security meetings and provide insight from prior-week security events. • Conduct quarterly tabletop exercises in coordination with the IT Director. • Implement cloud security hardening, monitoring, and best practices across Azure, Microsoft 365, and AWS. • Design and maintain security controls for cloud identity, logging, networking, and data protection. • Map NIST 800-53, PCI-DSS 4.0, and SOX controls to organizational policies and technical controls. • Manage and maintain a centralized Controls Library to support audits and compliance efforts. • Partner with IT and Infrastructure teams to remediate security findings. • Develop and maintain security standards, procedures, and documentation. • Provide security guidance and awareness to technical teams and business stakeholders. • Help mature the overall security department and enterprise security program. • Stay current with emerging threats and regulatory requirements.
Professional Requirements -------------------------
• Demonstrates high level of quality work, attendance, and appearance. • Demonstrates high degree of professionalism in communication, attitude, and teamwork with customers, peers, and management. • Adheres to all local, federal, and state laws, in addition to Company policies, procedures, and practices. • Performs any other duties that may be assigned by management.