Cyber Security Engineer

CYBER SECURITY ENGINEERREPORTS TO: IT DIRECTORSTATUS: EXEMPTSummaryBoot Barn is where community comes first. We thrive on togetherness, collaboration, and belonging. We build each other up, listen intently, and implement out-of-the-box ideas. We celebrate new innovations, congratulate one another’s achievements, and most importantly support each other.At Boot Barn, we work together to make a positive impact on the world around us, and by working collectively with encouragement, we consider ourselves “Partners.” With the values of the West guiding us, Boot Barn celebrates heritage, welcomes all, and values each unique Partner within our Boot Barn community.Our vision is to offer everyone a piece of the American spirit - one handshake at a time.The Cyber Security Engineer is responsible for designing, implementing, and continuously improving Boot Barn’s information security program. This role protects enterprise systems and cloud environments (Azure, Microsoft 365, and AWS) while helping mature the organization’s overall security posture.Essential Duties And ResponsibilitiesOperate and optimize security platforms including CrowdStrike, Microsoft SIEM, Nessus, and SquareX.Monitor, investigate, and respond to security alerts, incidents, and potential threats.Perform log analysis and SOC-style monitoring as needed.Lead vulnerability management activities including scanning, prioritization, remediation tracking, and reporting.Conduct quarterly phishing campaigns and report metrics and trends.Lead weekly security meetings and provide insight from prior-week security events.Conduct quarterly tabletop exercises in coordination with the IT Director.Implement cloud security hardening, monitoring, and best practices across Azure, Microsoft 365, and AWS.Design and maintain security controls for cloud identity, logging, networking, and data protection.Map NIST 800-53, PCI-DSS 4.0, and SOX controls to organizational policies and technical controls.Manage and maintain a centralized Controls Library to support audits and compliance efforts.Partner with IT and Infrastructure teams to remediate security findings.Develop and maintain security standards, procedures, and documentation.Provide security guidance and awareness to technical teams and business stakeholders.Help mature the overall security department and enterprise security program.Stay current with emerging threats and regulatory requirements.Demonstrates high level of quality work, attendance and appearance.Demonstrates high degree of professionalism in communication, attitude and teamwork with customers, peers and management.Adhere to all local, federal and state laws in addition to Company policies, procedures, and practices. Performs any other duties that may be assigned by management.