Offer summary

Qualifications:

Bachelor’s degree in Information Systems or equivalent experience required., 3-4 years of IT security experience and 5-7 years of IT systems engineering experience., Strong understanding of security frameworks such as NIST Cybersecurity Framework and Zero Trust model., Industry certifications related to Security, Systems and Network Engineering, such as Security + and Microsoft Certified Azure Security Engineer Associate..

Key responsibilities:

Implement, monitor, and maintain security measures to protect the organization from cyber threats.

Perform threat intelligence collection and analysis to support proactive threat detection.

Collaborate with IT and development teams to integrate security best practices into system designs.

Assist in identifying and prioritizing vulnerabilities across networks, systems, and applications.

Job description

US LBM is one of the leading and fastest growing distributors of specialty building materials in the United States, with a team of over 15,000 employees located throughout the country. Since our founding in 2009, we have acquired over 70 companies and have expanded to more than 500 locations serving 37 states. US LBM is a progressive organization that promotes a unique culture that focuses on the value of its customers and associates. Developing our people is critical to our strategy and fostering our culture of empowerment.

A Brief Overview

The US LBM Engineer - Cybersecurity Solutions plays an essential role in implementing, monitoring, and maintaining security measures to protect our organization from evolving cyber threats. Expertise in a variety of IT domains will contribute to the development and execution of US LBM's cybersecurity strategy, working in close collaboration and following the strategic direction set by the cybersecurity architect and the vice-president for information security and compliance. This position will promote security requirements and objectives while ensuring that security frameworks and practices do not obstruct US LBM's operational demands. The Cybersecurity Engineer will also serve as a technical consultant when engaging with different line-of-business (LOB) units within the organization.

Key Responsibilities

Perform threat intelligence collection, enrichment, and technical analysis to identify malicious activities and support proactive threat detection.
Maintain adversary profiles and map threat actor behaviors using frameworks such as MITRE ATT&CK, Cyber Kill Chain, and the Diamond Model.
Research, draft, and present intelligence reports and briefings tailored to both technical teams and leadership audiences.
Monitor, analyze, and respond to security incidents using threat detection tools and SIEM technologies.
Support incident response efforts by providing threat context, detection recommendations, and post-incident analysis.
Assist in identifying, assessing, and prioritizing vulnerabilities across US LBM’s networks, systems, and applications as part of exposure management efforts.
Contribute to attack surface reduction initiatives by recommending strategies to minimize potential attack vectors.
Participate in regular security assessments, vulnerability scans, and penetration testing activities to identify and mitigate risks.
Collaborate with IT and development teams to integrate security best practices into system designs and deployments.
Help develop, update, and maintain security policies, standards, procedures, and technical documentation.
Stay informed on evolving cyber threats, vulnerabilities, and security technologies, sharing relevant insights with the broader security team.
Support the design and implementation of security solutions and architectures under the guidance of the Cybersecurity Architect

Required And Preferred Knowledge, Skills, And Abilities

Demonstrated ability leading security-based project with a mindset towards proactive solutions, automation, cloud-based, and emerging technologies.
Must have technical competency in IT/Systems, combined with business acumen to understand and translate between business and technical requirements.
Experience and strong understanding of security frameworks and concepts such as Zero Trust model, NIST Cybersecurity Framework, and Microsoft Cloud Security Benchmark.
Able to support multiple efforts in parallel, in a highly matrix, fast-paced, multi-site organization experiencing rapid growth
Proficient in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
Strong interpersonal skills required, with a positive approach to collaboration and relationship building.
Must have excellent written and verbal communication skills.
Strong analytical, organizational and demonstrated problem solving and conflict resolution skills.
Must be a self-starter with an attitude to "get things done” and an excellent understanding of information security concepts, protocols, industry best practices and strategies.
Travel required to various operating locations along with business-related meetings & conferences.
Physical demands include sitting for extended periods of time, standing and walking, bending or stooping, lifting up to 25 pounds frequently and up to 50 pounds on occasion. Lifting equipment such as PC CPU's and monitors and transporting to various locations.

Systems Experience

Working experience on Microsoft Cloud Security Solutions (365 Defender, Sentinel, Defender for Cloud, Azure Policy, Defender for Endpoint, Defender for Cloud Apps, Defender for Identity, Intune, Conditional Access, Microsoft Purview)
Microsoft Entra ID (Azure Active Directory), and solid understanding of Identity security.
Microsoft Azure Resource configuration such as Virtual Machines, Logic Apps, Automation Accounts, Storage Accounts
Kusto Query Language (KQL) scripting, Powershell Scripting, and other scripting language
Window Active Directory and Windows Server Administration (Group Policy, ADUC)
Experience with Linux OS is a plus
Experience with User Lifecycle Management is a plus
Experience with Microsoft 365 is a plus

Qualifications

Minimum Education required - Bachelor’s degree in Information Systems or equivalent experience required.
Minimum Experience required 3-4 years of IT security experience
Minimum 5-7 years IT systems engineering experience, with broad understanding of Windows Domain environment, networking, and some Cloud experience, particularly Microsoft Azure
Industry certifications related to Security, Systems and Network Engineering, such as Network +, Security +, CCNA, Microsoft Certified Azure Security Engineer Associate (AZ-500)

US LBM Holdings, LLC, is an equal-opportunity employer. We do not discriminate on the basis of race, color, religion, creed, national origin or ancestry, sex, age, physical or mental disability, veteran or military status, genetic information, sexual orientation, gender identity, marital status, military status, order of protection status, or any other legally recognized protected basis under federal, state, or local law.

Required profile