Information Security Engineer

It's fun to work in a company where people truly BELIEVE in what they're doing!

We're committed to bringing passion and customer focus to the business.

The Information Security Engineer is responsible for the research, implementation, and management of security measures for the protection of credit union computer systems, network, and Personal Data and Confidential Information against any cyber security threats. The Information Security Engineer, reporting to the Manager of Engineering and Architecture, will participate in security compliance efforts, provide security expert guidance, and identify and define security requirements to remediate security vulnerabilities or gaps discovered in the credit union systems and network environment. Engineer will collaborate with the Information Technology team to design a secured network architecture using multiple layers of security. The position will serve as a security subject matter expert and looked to for expert guidance as well as managing the Incident Response Program to collaboratively resolve security incidents impacting the credit union. Engineer will assist conducting security risk assessments and maintaining a stable security framework.

Position Responsibilities:

• Administer and monitor security controls under the Information Security Department to protect computer systems, networks and Personal Data and Confidential Information.
• Keep AVP of Information Security informed on the security posture of the credit union.
• Research, evaluate, design, test, recommend, and participate in the implementation of new security measures to remediate existing or new cyber threats.
• Investigate and remediate internal and external system and network security anomalies detected or discovered through penetration tests, vulnerability scans, or security risk assessments.
• Manage and lead security incident response efforts during all phases of remediation.
• Prepare and document departmental standard operating procedures.
• Enforce clean-desk policy by conducting security walkthroughs.
• Collaborate with the IT Department on innovative strategies and techniques for remediating security vulnerabilities cautiously and in a timely manner.
• Develop and implement security strategies with AVP of Information Security to proactively detect and prevent cyber-attacks using applicable regulatory standards and industry best security practices.
• Collaboratively with the IT Department maintain the Cybersecurity Assessment Tool to assess and identify the credit union’s cybersecurity risks.
• Assist in the enforcement of the Information Security Standards and Procedures.
• Conduct security risk assessments on information systems to determine if they have been designed to comply with established security standards. Develop new standards as necessary.
• Maintain a working knowledge with NCUA information security policies and regulations regarding due diligence, contingency planning, and information security, including the Cybersecurity Assessment Tool.
• Perform other duties as assigned.
• Maintain confidentiality regarding credit union policies and procedures, member financial data, personal information, and work-related events.
• Provide quality support and maintain a professional relationship with peers, management, other staff, and members through cooperation, mutual trust, and respect.

Required Knowledge and Skills:

• API management and security
• DevSecOps processes
• Knowledge of Cloud Security standards (AWS, Azure)
• Solid understanding of information security and security controls as they relate to ensuring confidentiality, integrity, and availability of credit union Personal Data and Confidential Information. 
• Ability to understand the broader implications of business and technology security strategy across the company, while concurrently visualizing the project-level impacts.
• Strong experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, data loss protection, and encryption systems.
• Experience with network security and forensics tools.
• Knowledge of risk assessment tools, technologies, and methods.
• Experience designing secure networks, systems, and applications.
• Detail oriented, possess strong verbal and written communication, interpersonal, problem solving, negotiation, and conflict management skills.
• Ability to communicate information security concepts clearly and effectively with technical and nontechnical staff in writing and verbally.
• Ability to prioritize workload in a dynamic work environment.
• Expertise and interest in emerging security principles, techniques, trends, and technologies with the ability to assist implementing and operationalize new and unfamiliar security technologies.

Education/Experience/Certifications:

Education: Bachelor’s degree in Information Assurance, Information Security, Cyber Security, Networking, or related discipline, or an equivalent combination of education, certification and work experience is preferred.

Experience: Minimum of 5 years work experience in a security role or network administrator responsible for network security controls is required.    

Certification(s): An advanced certification such as CISSP, GSLC or CCNP is required but an intermediate certification such as Security+, CEH, or GSEC will be considered.