ESSENTIAL DUTIES AND RESPONSIBILITIES include the following:
- Review daily log reports generated from information security systems and escalate anomalous behavior.
- Process reported social engineering attempts to determine if a threat exists and communicate outcomes to involved parties.
- Monitor, investigate, remediate, and report security incidents as they arise. Work with other members of the Incident Response Team, as needed.
- Conduct social engineering exercises across the organization and assist with training remediation efforts.
- Administer the organizations vulnerability management program to identify and prioritize vulnerabilities. Will also work closely with the Information Technology team and product owners to remediate discovered vulnerabilities.
- Contribute to the organizations security policies, procedures, and processes.
- Implements the information security strategy and objectives, as approved by the Chief Information Officer, including strategies to monitor and address current and emerging risks.
- Contributes to, and where appropriate creates and maintains, the enterprise’s security documents (policies, standards, baselines, guidelines, and procedures) in collaboration with the Chief Information officer.
- Participates on the Change Control Board ensuring systems changes are made with appropriate Confidentiality, Availability, Integrity and Cyber Security design and controls.
- Participates in industry collaborative efforts to monitor, share, and discuss emerging security threats. Maintains up-to-date knowledge of the security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
- Contributes to the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.
- Champions security awareness and training programs.
- Participate in security NIST based incident response process including event handling, process reviews and tabletop exercises. Supervise all investigations into problematic activity and provide on-going communication and reports significant security events to the board, supervisory committee, and management as appropriate.
- Responds to and complies with audit, regulatory, and credit union policies and procedures.
SUPERVISORY RESPONSIBILITIES:
No direct reports.
QUALIFICATION REQUIREMENTS:
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
KEYS TO SUCCESS:
Knowledge Of:
- Experience in enterprise security document creation.
- Experience in enterprise security architecture design.
- Experience in NIST based Incident Handling
- Working technical knowledge of Firewalls, Intrusion Detection, Networking technologies ( LAN / WAN ), Data Leakage Prevention, Network Access Controls, Security Incident and Event Management, Email Security.
- Vulnerability Management Tools (Nessus, Nexpose, Etc)
- Command Line Utilities such as Nmap, netcat, etc.
- Experience with security in cloud environments (Azure preferred) required.
- Corporate wireless networks
- Cisco ASA series firewalls
- Fortinet FortiGate IPS devices
- Microsoft Windows Server, Active Directory, DNS and DHCP, etc.
- Microsoft Windows 10 and later
- Microsoft Office and Visio 2013 and later
Ability To:
- Create and maintain detailed technical documentation.
- Proven analytical and problem-solving abilities.
- Good written, oral, and interpersonal communication skills.
- Ability to conduct research into IT security issues and products as required.
- Ability to present ideas in business-friendly and user-friendly language.
- Highly self-motivated and directed.
- Team-oriented and skilled in working within a collaborative environment.
EDUCATION, EXPERIENCE, & TRAINING GUIDELINES:
Any equivalent combination of education and experience that provides the applicant with the knowledge, skills, and abilities, required to perform the job is acceptable. A typical way to obtain the knowledge and abilities would be:
Education/Experience:
- Bachelor’s degree preferably in Information Systems or Computer Science
- 1-3 years of relevant Information Technology or Information Security experience.
License or Certification:
- Security certifications such as Security , CySA , SSCP, etc.
- Bondable
- Acceptable Credit History
Compensation & Benefits:
- Salary Range: $64,000 - $96,100
- Health, Dental & Vision Benefits
- Bonus opportunity
- 401(k) with match and profit sharing
- Flexible Time Off