Security Engineer

at  SAFE Federal Credit Union

SUMMARY

The Security Engineer is responsible for executing the Credit Union’s Information Security Program and adherence to related procedures that equal or exceed the information security standards prescribed by National Credit Union Administration (“NCUA”) Rules and Regulations Part 748 and Part 749, and Federal Financial Institutions Examination Council (“FFIEC”) guidance. The Security Engineer will participate in efforts to implement, promote, and maintain high-level security standards that support the organization. This individual will be responsible for configuring and maintaining the security infrastructure, analyzing, and resolving security vulnerabilities and responding to security incidents. In addition, the Security Engineer will serve as a subject matter expert on the Credit Union’s Response Team and will serve as the backup to the Credit Union’s Information Security Officer.

QUALIFICATION REQUIREMENTS

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Regulatory Requirements: Your position has specific procedures that must be followed to comply with the Privacy Act, Office of Foreign Assets Control (OFAC), and Bank Secrecy/Patriot Act. You will receive annual training to keep you current on any changes to these policies/procedures to assure compliance. Failure to comply with procedures may cause termination of your position and possible monetary penalties from the federal regulatory agency.

EDUCATION AND/OR EXPERIENCE

A Bachelor’s degree (BA or BS) from an accredited four-year college or university is preferred however equivalent combination of education, experience, certification, and training may be considered in lieu of degree requirements. The ideal candidate will have one (1) year to three (3) years of progressive work experience in information security and/or related field(s). Experience within the financial industry preferred but not required.

LANGUAGE SKILLS

Ability to read, analyze, interpret, and communicate regulatory information and technical procedures relating to credit union operations. Ability to write reports, business correspondence and procedure manuals. Ability to effectively present information and respond to questions from groups of managers, directors, employees, and members as required.

MATHEMATICAL SKILLS

Ability to add, subtract, multiply, and divide in using whole numbers, common fractions, and decimals.

ESSENTIAL DUTIES AND RESPONSIBILITIES

Duties and responsibilities include:

• Participate and contribute to activities necessary to maintain an effective and efficient Information Security Program, designed to mitigate risk and support the organization’s business goals and objectives.
• Develop, configure, maintain, and monitor a security infrastructure for both on-premises, vendor hosted applications, and public hosted environments (Azure, Amazon Web Services, and Google) while supporting the organization’s disaster recovery and business resumption plans.
• Develop, implement, maintain, and oversee the enforcement of Credit Union policies, and procedures for system security administration and user system access based on industry-standard best practices.
• Participate and contribute to the development and management of Credit Union information security policies and procedures.
• Deploy, manage, and maintain security systems on premises and in the cloud, and their corresponding or associated software, including intrusion detection systems, application whitelisting, and anti-virus software.
• Monitor and review security alerts, examining network traffic for unusual or suspicious activities. Interpret activity and investigate any noted irregularities and make recommendations for resolution.
• Administer the provisioning of end user accounts, permissions, and access rights, conducting user access reviews ensuring the principle of least privilege is followed throughout the organization.
• Participate and provide guidance for security reviews related to vendor management onboarding processes, vendor management ongoing security reviews, and annual risk assessments.
• Participate and execute security, vulnerability, and penetration assessments in partnership with regulators and external security firms, as well as performing necessary internal security evaluations and remediation activities.
• Collaborate with stakeholders to assess and analyze business unit security operations ensuring governance compliance and making security recommendations that best support the organization’s strategic objectives.
• Recommend, schedule, and perform security improvements, upgrades, and assess the need for any security reconfigurations and execute them if required. Conduct research on emerging products, services, protocols, and standards in support of strategic security enhancement and development efforts.
• Keep abreast of current information security technologies, industry developments; maintain certifications and attend professional courses and seminars as required to support the organization.
• Participate as a member of the Incident Response and Disaster Recovery teams, participating as a key team member investigating and remediating information security incidents.
• Performs other duties and responsibilities as assigned.