Sr. Manager, Security Architecture and Engineering

At Greenbrier, we do the hard work that matters. The Greenbrier Companies (NYSE:GBX) is powering the movement of products around the world as a leading designer, manufacturer and supplier of freight rail transportation equipment and services.

Greenbrier’s heritage of hard work and industrial innovation is celebrated at every level of our organization. We structure our business to support teams that deliver innovative solutions for our customers while positively impacting the world around us.

Greenbrier’s success begins with people. We believe in supporting our global workforce through our unwavering attention to Safety, Quality, Respect for People and Customer Satisfaction. Our IDEAL commitment is rooted in these values, which promotes Inclusion, Diversity, Equity, Access, and Leadership, creating a culture where employees are fulfilled and feel good about coming to work every day. A diverse, qualified, and engaged talent base is the key to our success.

Summary

The Senior Manager, Security Architecture and Engineering, is responsible for leading the design, implementation, and operation of enterprise security technologies to protect Greenbrier’s critical infrastructure and data. This role plays a key part in defining the organization’s security architecture roadmap, ensuring alignment with business objectives, and implementing solutions that reduce risk and enhance the overall security posture. The position also promotes a culture of security awareness and collaboration across departments.

Duties and Responsibilities

To perform this job successfully, an individual must be able to satisfactorily perform the following essential duties. Other duties may be assigned to address business needs and changing business practices.

• SaaS Security & Shared Responsibility: Lead initiatives related to SaaS product security, including guiding the effective application of the shared responsibility model with our vendors and internal teams.
• Operational Technology (OT) Security: Provide expert consultation on OT security requirements, recommending, designing, and delivering capabilities to protect these critical environments in coordination with operational and facility-management teams.
• Third-Party & Vendor Security: Participate in security assessments of existing and prospective vendors, especially those with which Greenbrier shares confidential, restricted, regulated, or other protected data.
• Metrics-Driven Security & Risk Culture: Configure tool dashboards to provide actionable metrics, enabling metric-informed decisions and prioritization. Drive a risk-informed culture across the organization through clear data and insights.
• Cross-Functional Collaboration & Consulting: Partner closely with IT, enterprise, domain architects, business stakeholders, and SOC teams to integrate security requirements into technology roadmaps, implemented solutions, and defined security standards. Provide clear written and verbal consulting to projects about security architecture and risk management.
• Threat Intelligence & Standards Adoption: Stay informed of industry trends and relevant threat activity to proactively adapt Greenbrier’s security capabilities, championing the implementation of industry-leading security standards and best practices across the enterprise.
• Vulnerability Management & Control Validation: Collaborate to have vulnerability assessments performed and other security reviews of systems, prioritizing remediation based on asset risk profiles. Support the testing and validation of internal security controls.
• Team Leadership & Development: Lead, mentor, and develop a high-performing, geographically distributed team of security professionals, fostering a diverse, inclusive, and empathetic team environment.

Qualifications

The following generally describes the requirements to perform the assigned duties successfully.

Minimum Qualifications

• Bachelor’s degree in Computer Science, Information Technology, or a related discipline, or an equivalent combination of education and work experience.
• 7+ years of progressive information security experience, with substantial direct experience leading distributed engineering teams across various security domains (e.g., application security, infrastructure security, identity and access management, vulnerability and cyber threat management, security architecture).
• At least 3 years of hands-on experience designing, architecting, and securing IaaS, PaaS, and SaaS cloud deployments across multiple cloud service providers (e.g., AWS, Azure).
• Demonstrated strong track record of successfully integrating modern architectures (SaaS, PaaS, IaaS, etc.) with traditional environments to achieve a robust and effective security posture.
• In-depth understanding of NIST Cybersecurity Framework, along with other relevant cloud cybersecurity standards, frameworks, and best practices (e.g., ISO 27001, CIS Controls).
• Experience driving security programs and leveraging security metrics to inform decision-making, risk prioritization, and foster a risk-informed culture.
• Exceptional communication and interpersonal skills, including the ability to communicate complex and technical issues to diverse audiences (orally and in writing), negotiate, facilitate, build consensus, and influence without direct control.
• Skilled in talent development, mentorship, and empathetic performance management.

Preferred Qualifications

• Relevant security certifications such as CISSP, CCSP, CCSK, or other cloud vendor-specific certifications.
• Application security knowledge, including expertise in OWASP Top 10, SAST/DAST, and secure coding practices.
• Knowledge of modern authentication and identity infrastructures and cross-platform interoperability.
• Experience with threat modeling methodologies at both application and enterprise levels.
• Experience in Cyber Incident Response.
• Familiarity with Project Management and Quality Management methodologies.
• Willingness to innovate and take calculated risks, enabling teams to explore new techniques for impactful change.

Work Environment and Physical Requirements

Work Environment

The work environment characteristics described here represent those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform basic functions.

• This is a remote office position.

Physical Activities and Requirements 

Frequency Key

Not Applicable: Activity does not apply to this occupation

Occasionally: Occupation requires this activity up to 33% of the time (0- 2.5+ hours/day)

Frequently: Occupation requires this activity from 33% - 66% of the time (2.5- 5.5+ hours/day)

Constantly: Occupation requires this activity more than 66% of the time (5.5+ hours/day)

Working Postures

• Sit: Frequently
• Stand: Occasionally
• Walk: Occasionally
• Bend: Not Applicable
• Kneel/Squat: Not Applicable
• Crawl: Not Applicable
• Climb: Not Applicable
• Reach Forward: Occasionally
• Reach Upward: Not Applicable
• Handling/Fingering: Frequently

Lift / Carry Requirements

• 5-10 lbs: Occasionally
• 10-25 lbs: Not Applicable
• 25-50 lbs: Not Applicable
• 50-75 lbs: Not Applicable
• 75+ lbs: Not Applicable

Push / Pull Requirements

• Up to 10 lbs: Occasionally
• 10-25 lbs: Not Applicable
• 25-50 lbs: Not Applicable
• 50-75 lbs: Not Applicable
• 75+ lbs: Not Applicable

EOE including Vet/Disability

Click here for more information: Know Your Rights

Greenbrier makes reasonable accommodations in the application and hiring process for individuals with known disabilities, unless providing accommodation would result in an undue hardship. Any applicant believing that he or she may need reasonable accommodation for any part of the application and hiring process should contact Greenbrier Human Resources at careers@gbrx.com or call us at 503-684-7000.
 
-----------------------------------------------------------------
 
Email communication from The Greenbrier Companies (Greenbrier) will always come from a corporate email address that ends in @gbrx.com or from our applicant tracking system, iCIMS, after you have created a secure account and submitted your application. During the application process, you will create a secure account in our secure applicant tracking site that ends with “-gbrx.icims.com”. In this portal, we will ask you to provide your contact information, past employment history, education history and other job-related information.