Lead, Cyber Security Engineer Opportunity Summary: The Lead, Cyber Security Engineer is a senior individual-contributor and team-lead role responsible for owning the end-to-end cyber security program at WW Williams. Reporting to CIO and based in the Dallas, Texas metro area, this hybrid role requires both strategic vision and deep technical execution. The successful candidate will establish measurable security baselines, drive the organization toward NIST Cybersecurity Framework (CSF) maturity, and act as the primary defender of WW Williams' digital assets across all business units.
Job Duties:Security Program Leadership & Governance
- Own, evolve, and communicate the WW Williams Cyber Security roadmap aligned to NIST CSF (Identify, Protect, Detect, Respond, Recover) functions.
- Establish, document, and track security KPIs and KRIs to measure baseline performance, quantify risk reduction, and demonstrate continuous improvement to executive stakeholders.
- Develop and maintain security policies, standards, and procedures in alignment with regulatory requirements and industry frameworks (NIST 800-53, CIS Controls).
- Lead periodic cyber security maturity assessments; produce gap analyses with prioritized remediation roadmaps.
- Manage relationships with MSSPs, vendors, and third-party assessors; conduct vendor security reviews.
Threat Detection, Incident Response and Threat Intelligence
- develop correlation rules and playbooks to minimize mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR).
- Lead incident response activities including containment, eradication, forensic investigation, and post-incident review (PIR).
- Maintain threat intelligence feeds; translate threat actor TTPs (MITRE ATT&CK) into actionable defensive controls.
- Conduct adversarial simulation exercises (purple team / tabletop) to validate detection and response capabilities.
Endpoint, Network & Cloud Security
- Administer and optimize advanced endpoint detection and response (EDR/XDR) platforms; enforce next-generation antivirus (NGAV) and behavioral anomaly detection policies.
- Manage Field Effect Covalence (MDR) or equivalent managed detection and response solution; triage and act on platform alerts in concert with the SOC.
- Oversee network security architecture including firewall rule-set management, IDS/IPS tuning, micro-segmentation, and zero-trust network access (ZTNA) initiatives.
- Govern cloud security posture (CSPM) across Azure/AWS/GCP environments; enforce least-privilege IAM, secrets management, and cloud-native security controls.
Security Awareness & Human-Layer Defense
- Administer the KnowBe4 Security Awareness Training & Simulated Phishing platform; design targeted campaigns, track click-rate metrics, and report on risk reduction over time.
- Drive a measurable reduction in human-layer risk through role-based training curricula, phishing simulations, and coaching for repeat offenders.
- Serve as the internal security advocate; communicate risk in business terms to non-technical audiences including C-suite and field operations.
Vulnerability Management & Secure Development
- Own the full vulnerability management lifecycle: scan, prioritize (CVSS + business context), remediate, and verify closure within SLA.
- Manage patch management cadences across servers, endpoints, OT/IoT-adjacent systems, and network devices.
- Champion secure-by-design principles; conduct security design reviews and code-level assessments for internally developed applications.
- Maintain a risk register and communicate residual risk posture to leadership on a regular cadence.
Identity, Access & Data Protection
- Govern privileged access management (PAM), MFA enforcement, and identity lifecycle processes in Active Directory / Azure AD / Entra ID.
- Implement and maintain data loss prevention (DLP) controls; classify and protect sensitive business data across storage, transit, and endpoint.
- Oversee email security stack (anti-phishing, DMARC/DKIM/SPF, secure email gateway) and web proxy / DNS filtering.
Work Experience and Required Qualifications: - 8-10+ years of progressive, hands-on cyber security engineering experience in enterprise environments.
- Demonstrated experience building or maturing a security program against a recognized framework (NIST CSF, NIST 800-53, CIS Controls, or ISO 27001).
- Proven ability to define security baselines, measure current-state maturity, and track improvement over time using quantitative metrics.
- Hands-on experience with KnowBe4 (administration, campaign design, reporting) or equivalent security awareness platforms.
- Hands-on experience with Field Effect Covalence, CrowdStrike Falcon, SentinelOne, Microsoft Defender XDR, or comparable MDR/XDR solutions.
- Strong working knowledge of SIEM platforms (Microsoft Sentinel, Splunk, or equivalent); ability to write detection rules and build dashboards.
- Solid understanding of network security principles: firewalls, IDS/IPS, NAC, VPN, ZTNA, and network traffic analysis.
- Experience managing vulnerability scanners (Tenable Nessus / Security Center, Qualys, or Rapid7 InsightVM).
- Proficiency with cloud security in at least one major cloud provider (Azure preferred); understanding of shared-responsibility model and CSPM tools.
- Strong written and verbal communication skills; able to produce board-ready risk reports and technical runbooks alike.
Preferred Qualifications:- CISSP, CISM, or GIAC certifications (GCIA, GCIH, GPEN)
- Experience with Microsoft Sentinel & Defender 365 ecosystem
- Scripting/automation skills (Python, PowerShell, KQL)
- Familiarity with OT/ICS security considerations
- Prior experience in distribution, logistics, or field-service industries
- Purple team / adversary emulation experience (MITRE ATT&CK)
- PAM tooling (CyberArk, BeyondTrust, or Delinea)
- SOC 2 Type II, CMMC, or PCI-DSS compliance exposure
Employee Rewards and Benefits:- 8 Paid Holidays & 1 Paid Wellness Day
- Paid Time Off
- Employee Referral Bonus Program
- Medical, Dental & Vision Insurance
- 401k with a Company Match
- Company Paid Training
- Growth & Leadership Opportunities
