• Systems Engineer, Information Security

    AutoZone, Inc. (Memphis, TN)


    Summary:

    To deliver desired, sustainable business outcomes and assure the integrity and continuity of our systems. This position is responsible for the development, maintenance, and support of AutoZone’s security hardware, software and/or security systems. This includes applying domain expertise, providing technical guidance and mentoring, supporting the customers, resolving problems, and training as required.

    Responsibilities:

    Participate in any and potentially all roles of the security systems development life cycle. Roles may vary by project and assignment. This may include, but not limited to:

     

    + Design and execute red team operations (simulated and real world activities), including network exploitation, social engineering, and physical security assessments.

    + Conduct security vulnerability assessments across various infrastructures (on-premises, hybrid, and cloud environments).

    + Collaborate with blue teams to facilitate purple team exercises and strengthen threat identification and mitigation strategies.

    + Compile comprehensive assessment reports and deliver practical improvement suggestions to both technical specialists and leadership teams.

    + Continuously monitor and research new security threats, attack methods, and system weaknesses to enhance testing approaches and methodologies.

    + Identify security concerns and mitigating controls; identify, document, and manage risks to AutoZone data, systems, and processes.

    + Responsible for technical design and administration of security controls, services, and architecture, e.g. infrastructure and / or network systems, application security tools and processes, identity and access management technologies, and /or incident response functions.

    + Accurate work planning and execution; accurate project and time tracking.

    + Applying security subject matter expertise.

    Requirements:

    Typically, four to seven years of experience in penetration testing, red teaming, or offensive security in a mid- to large-enterprise environment

     

    Solid knowledge of one of the following functional areas, with advanced Red Team knowledge

     

    Infrastructure and Network Security

     

    Strong understanding of TCP/IP networking fundamentals, ports, and protocols

     

    Experience exploiting vulnerabilities in Active Directory environments and security controls

     

    Ability to identify and exploit network infrastructure weaknesses

     

    Application Security

     

    Demonstrated experience with application-layer security assessments and penetration testing

     

    Proficiency in conducting code reviews to identify security flaws

     

    Ability to analyze published vulnerabilities (CVEs) and adapt exploitation techniques to specific operating environments

     

    Security Operations and Incident Response

     

    Formal incident response experience in large enterprise environments

     

    Experience with threat hunting methodologies and tools

     

    Forensic analysis capabilities and familiarity with incident handling procedures

     

    Understanding of security monitoring systems and evasion techniques

     

    Identity and Access Management

     

    Expertise in identifying misconfigurations in authentication and authorization controls

     

    Experience bypassing or exploiting IAM weaknesses

     

    Knowledge of privilege escalation techniques across various platforms

     

    Cyber Threat Intelligence and Social Engineering

     

    Proficiency in Open Source Intelligence (OSINT) gathering techniques

     

    Experience planning and executing phishing campaigns and social engineering attacks

     

    Ability to leverage threat intelligence to simulate realistic adversary behaviors

     

    Experience with cloud security testing (GCP preferred) and web application protocols (HTTP, DNS, FTP).

     

    + Strong communication skills to articulate complex technical issues to non-technical audiences.

    + Solid task estimation, planning and execution skills

    + Solid problem solving, domain technical and analytical skills

    + Solid system design and implementation skills

    + Required Bachelor’s degree in Computer Science or related field

    + Preferred: Certifications such as OSCP, OSCE, or CRTP

    + Preferred: The ability to create and update specialized software utilities that augment security testing operations (utilizing languages such as Python, PowerShell, or Go).

    + Preferred: Experience with exploit development or custom malware creation.

    + Preferred: Knowledge of advanced persistent threat (APT) emulation and purple team operations.

     

    Benefits at AutoZone

     

    AutoZone cares about people. That’s why AutoZone offers thoughtful benefits programs designed to improve AutoZoners’ physical, mental and financial wellbeing. Some of these benefits include:

     

    Competitive pay and time off

    Unrivaled company culture

    Medical, dental, vision, life, and short- and long-term disability insurance options

    401(k) with Company match and Stock Purchase Plan

    Mental and physical wellbeing programs

    Opportunities for career growth and tuition reimbursement

     

    Eligibility and waiting period requirements may apply. Learn more about all that AutoZone has to offer on careers.autozone.com.

     

    An ONLINE APPLICATION is REQUIRED. Click the Apply button to complete your application. For step-by-step instructions on how to apply visit careers.autozone.com/candidateresources