Lead, Cyber Security Engineer

The Lead, Cyber Security Engineer is a senior individual-contributor and team-lead role responsible for owning the end-to-end cyber security program at WW Williams. Reporting to CIO and based in the Dallas, Texas metro area, this hybrid role requires both strategic vision and deep technical execution. The successful candidate will establish measurable security baselines, drive the organization toward NIST Cybersecurity Framework (CSF) maturity, and act as the primary defender of WW Williams' digital assets across all business units., Security Program Leadership & Governance

• Own, evolve, and communicate the WW Williams Cyber Security roadmap aligned to NIST CSF (Identify, Protect, Detect, Respond, Recover) functions.
• Establish, document, and track security KPIs and KRIs to measure baseline performance, quantify risk reduction, and demonstrate continuous improvement to executive stakeholders.
• Develop and maintain security policies, standards, and procedures in alignment with regulatory requirements and industry frameworks (NIST 800-53, CIS Controls).
• Lead periodic cyber security maturity assessments; produce gap analyses with prioritized remediation roadmaps.
• Manage relationships with MSSPs, vendors, and third-party assessors; conduct vendor security reviews.

Threat Detection, Incident Response and Threat Intelligence

• develop correlation rules and playbooks to minimize mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR).
• Lead incident response activities including containment, eradication, forensic investigation, and post-incident review (PIR).
• Maintain threat intelligence feeds; translate threat actor TTPs (MITRE ATT&CK) into actionable defensive controls.
• Conduct adversarial simulation exercises (purple team / tabletop) to validate detection and response capabilities.

Endpoint, Network & Cloud Security

• Administer and optimize advanced endpoint detection and response (EDR/XDR) platforms; enforce next-generation antivirus (NGAV) and behavioral anomaly detection policies.
• Manage Field Effect Covalence (MDR) or equivalent managed detection and response solution; triage and act on platform alerts in concert with the SOC.
• Oversee network security architecture including firewall rule-set management, IDS/IPS tuning, micro-segmentation, and zero-trust network access (ZTNA) initiatives.
• Govern cloud security posture (CSPM) across Azure/AWS/GCP environments; enforce least-privilege IAM, secrets management, and cloud-native security controls.

Security Awareness & Human-Layer Defense

• Administer the KnowBe4 Security Awareness Training & Simulated Phishing platform; design targeted campaigns, track click-rate metrics, and report on risk reduction over time.
• Drive a measurable reduction in human-layer risk through role-based training curricula, phishing simulations, and coaching for repeat offenders.
• Serve as the internal security advocate; communicate risk in business terms to non-technical audiences including C-suite and field operations.

Vulnerability Management & Secure Development

• Own the full vulnerability management lifecycle: scan, prioritize (CVSS + business context), remediate, and verify closure within SLA.
• Manage patch management cadences across servers, endpoints, OT/IoT-adjacent systems, and network devices.
• Champion secure-by-design principles; conduct security design reviews and code-level assessments for internally developed applications.
• Maintain a risk register and communicate residual risk posture to leadership on a regular cadence.

Identity, Access & Data Protection

• Govern privileged access management (PAM), MFA enforcement, and identity lifecycle processes in Active Directory / Azure AD / Entra ID.
• Implement and maintain data loss prevention (DLP) controls; classify and protect sensitive business data across storage, transit, and endpoint.
• Oversee email security stack (anti-phishing, DMARC/DKIM/SPF, secure email gateway) and web proxy / DNS filtering.

Do you have experience in Zero Trust security?, * 8-10+ years of progressive, hands-on cyber security engineering experience in enterprise environments.

• Demonstrated experience building or maturing a security program against a recognized framework (NIST CSF, NIST 800-53, CIS Controls, or ISO 27001).
• Proven ability to define security baselines, measure current-state maturity, and track improvement over time using quantitative metrics.
• Hands-on experience with KnowBe4 (administration, campaign design, reporting) or equivalent security awareness platforms.
• Hands-on experience with Field Effect Covalence, CrowdStrike Falcon, SentinelOne, Microsoft Defender XDR, or comparable MDR/XDR solutions.
• Strong working knowledge of SIEM platforms (Microsoft Sentinel, Splunk, or equivalent); ability to write detection rules and build dashboards.
• Solid understanding of network security principles: firewalls, IDS/IPS, NAC, VPN, ZTNA, and network traffic analysis.
• Experience managing vulnerability scanners (Tenable Nessus / Security Center, Qualys, or Rapid7 InsightVM).
• Proficiency with cloud security in at least one major cloud provider (Azure preferred); understanding of shared-responsibility model and CSPM tools.
• Strong written and verbal communication skills; able to produce board-ready risk reports and technical runbooks alike., * CISSP, CISM, or GIAC certifications (GCIA, GCIH, GPEN)
• Experience with Microsoft Sentinel & Defender 365 ecosystem
• Scripting/automation skills (Python, PowerShell, KQL)
• Familiarity with OT/ICS security considerations
• Prior experience in distribution, logistics, or field-service industries
• Purple team / adversary emulation experience (MITRE ATT&CK)
• PAM tooling (CyberArk, BeyondTrust, or Delinea)
• SOC 2 Type II, CMMC, or PCI-DSS compliance exposure

Pulled from the full job description

• Paid training
• Referral program
• Health insurance
• 401(k) matching
• Paid time off
• Vision insurance
• Dental insurance, * 8 Paid Holidays & 1 Paid Wellness Day
• Paid Time Off
• Employee Referral Bonus Program
• Medical, Dental & Vision Insurance
• 401k with a Company Match
• Company Paid Training
• Growth & Leadership Opportunities

W.W. Williams was founded in Columbus, Ohio, in 1912. Today The W.W. Williams Companies have a broad portfolio of businesses located throughout the U.S. and Mexico. The W.W. Williams Companies include CT Power and Guaranteed Truck Service. W.W. Williams offers a full range of industry-leading products, while providing technical/mechanical service and repair, remanufacturing and warehouse/supply chain management solutions to a varied customer base. Our products and services include diesel engines, transmissions, heavy duty truck repair, transport refrigeration, power generation and third-party supply chain logistics services. Our customers include on-highway truck fleets, off-highway equipment users, data centers, hospitals, Department of Defense OEMs, vehicle OEMs, U.S. Military and boat owners to name a few. What began as a small family-owned business has evolved into one of the nation's most diversified solutions provider. We are relentlessly dedicated to helping our customers achieve maximum up time. From single trucking to cranes to fleet management to power generators to military and commercial packaging - consider it done. We are Genuine. Honest. Passionate. That's not a slogan, it's a mantra. Everyone who wears the W.W. Williams name - from service technicians to advisors to business executives - is committed to getting the job done right, the first time around. Our people are our greatest assets; we support our team with access to world class training and development opportunities. It's this level of investment and care that matters to customers, giving you peace of mind that your fleet is in the right hands. W.W. Williams is one of the nation's largest sales and service networks of industrial power products. With multiple locations across the US and Mexico, we are dedicated to providing highly professional service and strong relationships with our customers. Join us for a career where you'll grow both personally and professionally in a welcoming, diverse, and inclusive environment. Competitive wages and benefits. AAP/EPE/M/F/Vets/Disabled, DFWP.