Safety National
Security Engineer
Safety National, Sumter, South Carolina, United States, 29153
SUMMARY
The Security Engineer is responsible for executing the Credit Union's Information Security Program and adherence to related procedures that equal or exceed the information security standards prescribed by National Credit Union Administration ("NCUA") Rules and Regulations Part 748 and Part 749, and Federal Financial Institutions Examination Council ("FFIEC") guidance. The Security Engineer will participate in efforts to implement, promote, and maintain high-level security standards that support the organization. This individual will be responsible for configuring and maintaining the security infrastructure, analyzing, and resolving security vulnerabilities and responding to security incidents. In addition, the Security Engineer will serve as a subject matter expert on the Credit Union's Response Team and will serve as the backup to the Credit Union's Information Security Officer.
We are not able to sponsor visas at this time.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Duties and responsibilities include:
•Participate and contribute to activities necessary to maintain an effective and efficient Information Security Program, designed to mitigate risk and support the organization's business goals and objectives.•Develop, configure, maintain, and monitor a security infrastructure for both on-premises, vendor hosted applications, and public hosted environments (Azure, Amazon Web Services, and Google) while supporting the organization's disaster recovery and business resumption plans.•Develop, implement, maintain, and oversee the enforcement of Credit Union policies, and procedures for system security administration and user system access based on industry-standard best practices.•Participate and contribute to the development and management of Credit Union information security policies and procedures.•Deploy, manage, and maintain security systems on premises and in the cloud, and their corresponding or associated software, including intrusion detection systems, application whitelisting, and anti-virus software.•Monitor and review security alerts, examining network traffic for unusual or suspicious activities. Interpret activity and investigate any noted irregularities and make recommendations for resolution.•Administer the provisioning of end user accounts, permissions, and access rights, conducting user access reviews ensuring the principle of least privilege is followed throughout the organization.•Participate and provide guidance for security reviews related to vendor management onboarding processes, vendor management ongoing security reviews, and annual risk assessments.•Participate and execute security, vulnerability, and penetration assessments in partnership with regulators and external security firms, as well as performing necessary internal security evaluations and remediation activities.•Collaborate with stakeholders to assess and analyze business unit security operations ensuring governance compliance and making security recommendations that best support the organization's strategic objectives.•Recommend, schedule, and perform security improvements, upgrades, and assess the need for any security reconfigurations and execute them if required. Conduct research on emerging products, services, protocols, and standards in support of strategic security enhancement and development efforts.•Keep abreast of current information security technologies, industry developments; maintain certifications and attend professional courses and seminars as required to support the organization.•Participate as a member of the Incident Response and Disaster Recovery teams, participating as a key team member investigating and remediating information security incidents.•Performs other duties and responsibilities as assigned.
SUPERVISORY RESPONSIBILITIES
No requirement.
PERFORMANCE STANDARDS
Display excellent written and verbal communication skills when interacting with all personnel, members, auditors, and examiners. Maintain professional composure, objectivity and fairness when dealing with conflicts and sensitive matters. Display attention to detail, ability to multi-task and meet established deadlines. Exhibit sound judgment, critical thinking, and problem-solving skills. Maintain collaborative relationships with all departments. Demonstrate professional care and the highest standards of professional competency. Support a strong sense of teamwork and commitment to mentoring and serving others.
QUALIFICATION REQUIREMENTS
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Regulatory Requirements: Your position has specific procedures that must be followed to comply with the Privacy Act, Office of Foreign Assets Control (OFAC), and Bank Secrecy/Patriot Act. You will receive annual training to keep you current on any changes to these policies/procedures to assure compliance. Failure to comply with procedures may cause termination of your position and possible monetary penalties from the federal regulatory agency.
EDUCATION AND/OR EXPERIENCE
A Bachelor's degree (BA or BS) from an accredited four-year college or university is preferred however equivalent combination of education, experience, certification, and training may be considered in lieu of degree requirements. The ideal candidate will have one (1) year to three (3) years of progressive work experience in information security and/or related field(s). Experience within the financial industry preferred but not required.
LANGUAGE SKILLS
Ability to read, analyze, interpret, and communicate regulatory information and technical procedures relating to credit union operations. Ability to write reports, business correspondence and procedure manuals. Ability to effectively present information and respond to questions from groups of managers, directors, employees, and members as required.
MATHEMATICAL SKILLS
Ability to add, subtract, multiply, and divide in using whole numbers, common fractions, and decimals.
REASONING ABILITY
Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of regulatory and technical instructions in several abstract and concrete variables.
CERTIFICATES, LICENSES, REGISTRATIONS
Professional certifications are a plus (CISA, CompTIA A+, Network+, Security +)
OTHER SKILLS and ABILITIES:
Strong understanding of security processes relating to firewalls, intrusion detection systems, data encryption, device hardening, access controls, and cloud application implementations are required.
Demonstrated abilities in the identification, analysis, and assessment of system logs, monitoring alerts, threat hunting, and the ability to work with a third-party security provider to investigate events.
Demonstrated knowledge of Microsoft Office365 suite, specifically Excel, Word, and PowerPoint. Ability to communicate verbally and in writing with others is essential. Requires the ability to work in a collaborative team environment.
PHYSICAL DEMANDS
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is regularly required to talk or listen. The employee frequently is required to use hands to finger, handle, or feel objects, tools, or controls. The employee is occasionally required to stand, walk, reach with hands and arms, climb or balance and stoop, kneel, crouch or crawl.
Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception and the ability to adjust focus. Occasionally lift/and or move up to 35 pounds.
WORK ENVIRONMENT
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The noise level in the work environment is usually low to moderate.
MENTAL DEMANDS
The mental characteristics necessary to competently perform this job include the need to occasionally use basic and complex numeric calculations, persuasiveness, and creativity, to frequently use resourcefulness and problem solving and to continuously use analyzing skills.
The Security Engineer is responsible for executing the Credit Union's Information Security Program and adherence to related procedures that equal or exceed the information security standards prescribed by National Credit Union Administration ("NCUA") Rules and Regulations Part 748 and Part 749, and Federal Financial Institutions Examination Council ("FFIEC") guidance. The Security Engineer will participate in efforts to implement, promote, and maintain high-level security standards that support the organization. This individual will be responsible for configuring and maintaining the security infrastructure, analyzing, and resolving security vulnerabilities and responding to security incidents. In addition, the Security Engineer will serve as a subject matter expert on the Credit Union's Response Team and will serve as the backup to the Credit Union's Information Security Officer.
We are not able to sponsor visas at this time.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Duties and responsibilities include:
•Participate and contribute to activities necessary to maintain an effective and efficient Information Security Program, designed to mitigate risk and support the organization's business goals and objectives.•Develop, configure, maintain, and monitor a security infrastructure for both on-premises, vendor hosted applications, and public hosted environments (Azure, Amazon Web Services, and Google) while supporting the organization's disaster recovery and business resumption plans.•Develop, implement, maintain, and oversee the enforcement of Credit Union policies, and procedures for system security administration and user system access based on industry-standard best practices.•Participate and contribute to the development and management of Credit Union information security policies and procedures.•Deploy, manage, and maintain security systems on premises and in the cloud, and their corresponding or associated software, including intrusion detection systems, application whitelisting, and anti-virus software.•Monitor and review security alerts, examining network traffic for unusual or suspicious activities. Interpret activity and investigate any noted irregularities and make recommendations for resolution.•Administer the provisioning of end user accounts, permissions, and access rights, conducting user access reviews ensuring the principle of least privilege is followed throughout the organization.•Participate and provide guidance for security reviews related to vendor management onboarding processes, vendor management ongoing security reviews, and annual risk assessments.•Participate and execute security, vulnerability, and penetration assessments in partnership with regulators and external security firms, as well as performing necessary internal security evaluations and remediation activities.•Collaborate with stakeholders to assess and analyze business unit security operations ensuring governance compliance and making security recommendations that best support the organization's strategic objectives.•Recommend, schedule, and perform security improvements, upgrades, and assess the need for any security reconfigurations and execute them if required. Conduct research on emerging products, services, protocols, and standards in support of strategic security enhancement and development efforts.•Keep abreast of current information security technologies, industry developments; maintain certifications and attend professional courses and seminars as required to support the organization.•Participate as a member of the Incident Response and Disaster Recovery teams, participating as a key team member investigating and remediating information security incidents.•Performs other duties and responsibilities as assigned.
SUPERVISORY RESPONSIBILITIES
No requirement.
PERFORMANCE STANDARDS
Display excellent written and verbal communication skills when interacting with all personnel, members, auditors, and examiners. Maintain professional composure, objectivity and fairness when dealing with conflicts and sensitive matters. Display attention to detail, ability to multi-task and meet established deadlines. Exhibit sound judgment, critical thinking, and problem-solving skills. Maintain collaborative relationships with all departments. Demonstrate professional care and the highest standards of professional competency. Support a strong sense of teamwork and commitment to mentoring and serving others.
QUALIFICATION REQUIREMENTS
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Regulatory Requirements: Your position has specific procedures that must be followed to comply with the Privacy Act, Office of Foreign Assets Control (OFAC), and Bank Secrecy/Patriot Act. You will receive annual training to keep you current on any changes to these policies/procedures to assure compliance. Failure to comply with procedures may cause termination of your position and possible monetary penalties from the federal regulatory agency.
EDUCATION AND/OR EXPERIENCE
A Bachelor's degree (BA or BS) from an accredited four-year college or university is preferred however equivalent combination of education, experience, certification, and training may be considered in lieu of degree requirements. The ideal candidate will have one (1) year to three (3) years of progressive work experience in information security and/or related field(s). Experience within the financial industry preferred but not required.
LANGUAGE SKILLS
Ability to read, analyze, interpret, and communicate regulatory information and technical procedures relating to credit union operations. Ability to write reports, business correspondence and procedure manuals. Ability to effectively present information and respond to questions from groups of managers, directors, employees, and members as required.
MATHEMATICAL SKILLS
Ability to add, subtract, multiply, and divide in using whole numbers, common fractions, and decimals.
REASONING ABILITY
Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of regulatory and technical instructions in several abstract and concrete variables.
CERTIFICATES, LICENSES, REGISTRATIONS
Professional certifications are a plus (CISA, CompTIA A+, Network+, Security +)
OTHER SKILLS and ABILITIES:
Strong understanding of security processes relating to firewalls, intrusion detection systems, data encryption, device hardening, access controls, and cloud application implementations are required.
Demonstrated abilities in the identification, analysis, and assessment of system logs, monitoring alerts, threat hunting, and the ability to work with a third-party security provider to investigate events.
Demonstrated knowledge of Microsoft Office365 suite, specifically Excel, Word, and PowerPoint. Ability to communicate verbally and in writing with others is essential. Requires the ability to work in a collaborative team environment.
PHYSICAL DEMANDS
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is regularly required to talk or listen. The employee frequently is required to use hands to finger, handle, or feel objects, tools, or controls. The employee is occasionally required to stand, walk, reach with hands and arms, climb or balance and stoop, kneel, crouch or crawl.
Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception and the ability to adjust focus. Occasionally lift/and or move up to 35 pounds.
WORK ENVIRONMENT
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The noise level in the work environment is usually low to moderate.
MENTAL DEMANDS
The mental characteristics necessary to competently perform this job include the need to occasionally use basic and complex numeric calculations, persuasiveness, and creativity, to frequently use resourcefulness and problem solving and to continuously use analyzing skills.