Cyber Security Administrator

Monro’s family of brands is one of the leading automotive service and tire dealers in the United States. We work on approximately five million vehicles a year, but with us, it is personal. Every guest is important, and every teammate is valued. That is our people-first approach.

Headquartered in our hometown of Rochester, New York, where our founder, Chuck August, opened his first store in 1957, we have grown to nearly 1,300 auto repair shops and tire dealers in 32 states from coast to coast. Monro powers 16 highly respected tire and auto service brands, supporting each company’s regional strength and community connections. From big cities to small towns to rural crossroads, you will find us in neighborhoods of every shape, size, and color.

Under the Monro banner, we are united TEAM, and share the same mission to bring our guests the highest quality tire and auto service in the industry.

Do you have what it takes to shape a better future for yourself and the automotive service industry? Our vision is to be America’s leading auto and tire centers, trusted by consumers as the best place in our neighborhoods for quality automotive maintenance and repairs. We’re looking for motivated individuals at every stage in their career who share our vision. Positions are available in our retail locations across our many brands, in field management, and in store operations at our Store Support Center in Rochester, New York. If you like helping others, if you enjoy being part of a team, solving problems, and building guest relationships, if you value honesty and integrity - we have a Destination for you at Monro.

This position will be responsible for supporting the introduction of modern technology and processes to improve security and countermeasures on enterprise endpoints. Specific deliverables will support implementation of endpoint intrusion prevention using Microsoft endpoint management and protection suites, antivirus, and endpoint vulnerability management administration, including but not limited to corrective actions. Candidates will need to understand patching methodologies, CVSS v3 ratings and scoring, risk ranking and cataloging and endpoint threat mitigation tactics and techniques.

Compensation: The salary range for this role is $105,000 - $115,000 annually. This role is eligible for additional compensation and incentives. Pay will be determined based on experience level.

Essential Functions:

• Monitor security systems and provide early response to potential threats.
• Analyze technologies and establish highly effective processes and protocols to ensure comprehensive protection exists to prevent unauthorized entry into company networks and systems.
• Support automation and orchestration to maximize team talent and reduce routine tasks.
• Drive creation of countermeasures to protect company personnel and information assets.
• Take ownership of a comprehensive logging and monitoring methodology for the enterprise.
• Document, prioritize, and formally report incidents, root cause analyses, and after-action reviews.
• Manage Security Administrators responsible for firewalls, network and host intrusion prevention/detection systems, virtual private networks, threat intelligence platforms, endpoint protection, email security, forensic tools, public/private/hybrid cloud infrastructure, identity and access management systems, and physical security systems.
• Work closely with system owners to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization’s security posture against them.
• Provide support to business groups launching modern applications and services to verify that new offerings are effectively logging and reporting activity.
• Communicate incident activity in a manner understood by technical and non-technical business units, and gain support through influential messaging.
• Defines key performance indicators and metrics that align with business initiatives and delivers them to non-technical individuals in an effective, understandable manner.
• Periodically attend and participate in change management policy discussions and meetings.
• Understand breach and attack simulation solutions to validate and improve the effectiveness of preventative controls and incident response.
• Familiarity with cyber kill chain processes, using Mitre Attack framework to identify IoCs and drive next steps derived from that alignment.
• Work as a team to consistently learn and share advanced skills and foster team excellence.

Perform other duties as assigned.

Education and Experience:

• Higher education with a technical focus such as Information Security, Computer Science, or equivalent industry experience.

3+ years’ information security experience with at least 2+ years exposure to various security frameworks; CISSP, CRISC, CGEIT, GRCP, or PMP preferred

Knowledge & Skills:

• Preferably some experience with vulnerability management across cloud environments such as Microsoft Azure, Amazon Web Services, or Google Cloud Platform.
• Have Microsoft server administration background (AD, Security, Azure, O365, etc.)
  • Microsoft Certified: Security, Compliance, and Identity Fundamentals
  • Microsoft Certified: Security Operations Analyst Associate
  • Microsoft Certified: Azure Security Engineer Associate
• Experience with and understanding of various regulatory requirements, laws, and security frameworks, including but not limited to: NIST, PCI DSS, SOX, GDPR, CCPA, CIS, or SOC 2.
• Strong knowledge and experience in the areas below:
  • SharePoint Online, Teams
  • Have configured Office 365 services including Azure AD Connect, Teams, Intune, Azure AIP and DLP
  • Intune (Conditional Access \ MDM \ MAM)
  • Clients (Outlook, Outlook for Mac, IMAP, POP3, Mobile Devices)
  • Permissions (Tenant \ Security & Compliance Center \ Exchange Online)
• Detail oriented, organized, self-motivated, and self-sufficient.
• Strong business writing and verbal communication skills.
• Self-motivated, directed, and well-organized, with the vision to position controls in anticipation of threats

Work Environment & Physical Requirements:

This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, scanners, and fax machines. Position requires incumbent to see, read, hear, speak, reach, bend, sit/stand for prolonged periods of time at a desk and working on a computer. Ability to work weekends and holidays as needed.

• Health Insurance
• 401K Retirement Plan with Company Match
• Paid vacation
• Paid Holidays

Your next Destination!

At Monro we’re committed to helping our teammates grow their career through the combination of coursework, demonstrating leadership skills and open opportunities. Our teammatesreceive on-the-job training, company sponsored certifications, as well as course curriculum in Monro University that empowers them to advance to the next level of their careers.

Monro, Inc. is an equal opportunity employer and affords equal opportunity to all applicants for all positions without regard torace, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.