US LBM is one of the leading and fastest growing distributors of specialty building materials in the United States, with a team of over 15,000 employees located throughout the country. Since our founding in 2009, we have acquired over 70 companies and have expanded to more than 500 locations serving 37 states. US LBM is a progressive organization that promotes a unique culture that focuses on the value of its customers and associates. Developing our people is critical to our strategy and fostering our culture of empowerment.
.
The US LBM Cybersecurity Engineer will be responsible for securing enterprise endpoints, privileged access, email, and collaboration platforms, with a primary focus on Microsoft 365 (O365) and supporting other collaboration environments, including those in GCP. This role requires a deep technical understanding of Microsoft Defender for Endpoint (MDE), Privileged Access Management (PAM) solutions, and email security platforms. The engineer will ensure that endpoint protection, attack surface reduction, and antivirus configurations are deployed, monitored, and tuned for maximum security effectiveness. In addition, the role will involve automation and detection engineering using Microsoft Sentinel to create analytic rules, detection logic, and automation workflows related to endpoint and PAM.
What you will do
Serve as the subject matter expert (SME) and authority for Microsoft Defender for Endpoint (MDE), ensuring optimal configuration, deployment, and ongoing health.
Oversee policy management and configuration enforcement through Defender XDR, Microsoft Intune, and Active Directory Group Policy Objects (GPO), ensuring consistent security baselines across all endpoints.
Collaborate closely with the Endpoint and Collaboration teams to secure O365 and other collaboration platforms (primarily O365, but also GCP-based collaboration tools) against evolving threats.
Drive continuous improvements in Privileged Access Management (PAM) by advancing the configuration and operational maturity of BeyondTrust PRA/Insight.
Implement and maintain security configurations for Microsoft Defender for Office 365 and Abnormal AI to protect email and collaboration channels from phishing, BEC, and malicious content.
Leverage KQL to develop custom detection queries, analytics rules, and automation workflows in Microsoft Sentinel for endpoint and PAM-related security events.
Developing, implementing, and maintaining IAM systems and solutions
Troubleshooting, identifying, and resolving technical IAM related issues
Ensuring that solutions protect information resources against unauthorized use, inappropriate degrees of access, disclosure, damage and/or loss
Identifying, analyzing and resolving system design weaknesses
Develop a complete understanding of US LBM’s technology and information systems
Build, implement and support enterprise-class security systems
Align organizational security strategy and infrastructure with overall business and technology strategy
Identify and communicate current and emerging security threats
Implement and maintain security infrastructure elements to mitigate threats as they emerge
Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
Create solutions that balance business requirements with information and cybersecurity requirements
Validates IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
Conducts or facilitate threat modeling of services and applications that tie to the risk and data associated with the service or application
Test security systems to ensure they behave as expected
Use current programming language and technologies to writes code, complete programming and performs testing and debugging of applications
Define, implement and maintain corporate security policies and procedures
Respond immediately to security-related incidents and provide thorough remedial solutions and analysis
Regularly communicate vital information, security needs and priorities to upper management
Required For All Jobs
Perform other duties as assigned.
Comply with all policies and standards.
Adheres to Company’s commitment to workplace safety.
Education Qualifications
Bachelor’s degree in Information Systems or equivalent experience required.
Experience Qualifications
3-4 years of IT security experience required.
5-7 years of IT systems engineering experience, with broad understanding of Windows Domain environment, networking, and some Cloud experience, particularly Microsoft Azure.
Endpoint Security: Microsoft Defender for Endpoint, Attack Surface Reduction (ASR), Defender XDR, Microsoft Intune, Active Directory Group Policy Objects (GPO).
Privileged Access Management: BeyondTrust PRA/Insight (PAM), CyberArk.
Collaboration Security: Microsoft Defender for Office 365, Abnormal AI, Microsoft 365 Security & Compliance Center, Google Workspace security controls, GCP security tools.
SIEM/SOAR: Microsoft Sentinel, KQL, Logic Apps, automation playbooks.
Skills and Abilities
Demonstrated ability leading security-based project.
Must have technical competency in IT/Systems, combined with business acumen to understand and translate between business and technical requirements.
Experience and strong understanding of security frameworks and concepts such as Zero Trust model, NIST Cybersecurity Framework, and Microsoft Cloud Security Benchmark.
Able to support multiple efforts in parallel, in a highly matrix, fast-paced, multi-site organization experiencing rapid growth
Proficient in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
Strong interpersonal skills required, with a positive approach to collaboration and relationship building.
Must have excellent written and verbal communication skills.
Strong analytical, organizational and demonstrated problem solving and conflict resolution skills.
Must be a self-starter with an attitude to "get things done” and an excellent understanding of information security concepts, protocols, industry best practices and strategies.
Travel required to various operating locations along with business-related meetings & conferences.
Licenses and Certifications
Industry certifications related to Security, Systems and Network Engineering, such as Network +, Security +, CCNA, Microsoft Certified Azure Security Engineer Associate (AZ-500)
.
US LBM Holdings, LLC, is an equal-opportunity employer. We do not discriminate on the basis of race, color, religion, creed, national origin or ancestry, sex, age, physical or mental disability, veteran or military status, genetic information, sexual orientation, gender identity, marital status, military status, order of protection status, or any other legally recognized protected basis under federal, state, or local law.