Exeter Finance

At Exeter Finance, we are committed to helping customers find the right financing for their next vehicle purchase. By building strong relationships with our customers and network of dealer partners we are able to give options that make sense, getting customers behind the wheel of their car. 

Every team member is integral to our success. Whether you’re at a servicing center helping customers with their loans, in the field building relationships with dealers, or supporting the company from its corporate offices, you'll enjoy a nurturing, invigorating and positive work environment.

Our vision is to be a premier finance company and lender of choice known for its People, Performance and Service.

Job Description

Job Summary

The Security Engineer II designs, implements, maintains, and operates Information security (Operations) controls and tools in support of Exeter’s cyber-security program. The Security Engineer II designs, implements, maintains, and operates controls according to sound cyber-risk management principles and aligns with relevant standards. The Security Engineer II has a strong security foundation and is able to execute projects with only moderate supervision.

Job Duties

• Operates and maintains Security tools to manage risk including, but not limited to:
• Configure and operate discovery tools and services to enumerate and map enterprise networks
• Configure and operate enterprise vulnerability assessment and configuration assessment tools (i.e. Tenable) and integrate their output into downstream systems
• Validate vulnerability findings for false positives and negatives, and document findings for future use
• Develop repeatable and automated means for identifying the responsible owner for each system affected by a vulnerability and points of contact for remediation
• Work with remediation owners to test effectiveness and ease of solution deployments
• Review exception requests received from product owners to enumerate risks associated with certain vulnerabilities
• Drive remediation of security risks including tracking of issues and action plans, and partner with patch coordination teams, technology/application owners, and business units to prioritize and enhance remediation efforts
• Group and prioritize remediation findings in a manner that increases efficiency
• Identify operational roadblocks to ensure timely remediation and countermeasures
• Support the development and acquisition of data to inform vulnerability management metrics
• Comprehensively document all aspects, technical and otherwise, of project implementations
• Designs, implements, maintains, and operates Exeter’s security controls including, but not limited to:
• Follows a standard methodology to identify and/or detect threats to the IT infrastructure, applications, and other information assets.
• Works with various teams to follow a pre-assessment plan/ and assessment schedule for every assessment, conduct threat assessment, and deliver an assessment report.
• Demonstrate sustainability of newly implemented tools and processes in areas including vulnerability management
• Strong understanding of regulatory requirements and compliance issues affecting companies related to privacy and data protection, such as NYDFS, PCI DSS, GLBA etc.
• Performs incident response operations and investigations including, but not limited to:
• Identify, contain, mitigate, recover, and report on cyber-security incidents affecting the enterprise and business
• Analyze and investigate adverse events and incidents using an enterprise security information and event monitoring (SIEM), logs from firewalls, IPS, servers, endpoints and other network devices to determine threats, attack vector, scope of activity, and appropriate response.
• Collaborate and coordinate with peers and business unit teams as needed to analyze and respond to adverse events and incidents.
• Research the latest threat intelligence, vulnerabilities, exploits, and other relevant threat information and trends on various attackers and attack infrastructure.
• Ensures compliance with Exeter’s policies & procedures, safety, state and federal laws, regulations, and standards.
• Other duties as assigned.

Education and Work Experience

• College Degree or equivalent experience in information security technology or required field, or equivalent work experience and/or Security certifications (ex CISSP, Security+, GIAC/SANS, etc)
• Three (3+) or more years direct related Security Operations experience required.
• Strong communication and teamwork skills
• Proven security experience Vulnerability Management, Risk Management
• Experience with one or more of these strongly preferred: OKTA, Tenable/Nessus, Varonis.
• Experience in at least two (2) of these areas: Splunk, Office365 security, Varonis, Palo Alto Networks, McAfee VirusScan, Mimecast, Okta, Duo Security, Vormetric, Microsoft Defender, Microsoft Defender APT, Tenable/Nessus, Kenna Security, Symantec (Vontu) DLP Network Discover/Protect, Vulnerability Management, Vendor Management, Risk Management, IT Audit, Security Administration.

Exeter Finance LLC is an Equal Opportunity Employer.

Individual compensation packages are based on various factors unique to each candidate including

skill set, experience, qualifications and other job-related reasons.

88,200.00 USD-$121,200.00