Patelco Credit Union
Information Security Engineer
Patelco Credit Union, Dublin, California, United States, 94568
About Patelco Credit Union
Patelco Credit Union is a not-for-profit credit union with a purpose to build financial health and wellbeing for our members. Since 1936, Patelco has grown from $500 in assets to over $9 billion in assets and is the 7th largest credit union in California with branches throughout Northern California.
We are here for our members throughout all their stages of life. Meeting them with the products and services to help them plan purposefully for their futures and to secure our life-long partnership as their trusted financial advocate. As one team, we are all committed to delivering service, empowering financial literacy, creating products, and providing new technology for our members.
We believe that work should be rewarding, challenging, and enjoyable. We're dedicated to creating a positive and supportive culture where our team members can thrive. If you're looking to use your skills and knowledge to make a difference in our members' lives, Patelco could be the perfect fit for you.
Overview
The Information Security Engineer will be responsible for providing engineering design, analysis, and support for information security platforms and devices, routers, firewalls, networks, and operating systems, identifying relevant threats, recommending corrective actions, developing solutions for security issues, and investigating security incidents and breaches. The Information Security Engineer will help plan and carry out the organization's information security strategy and program to include developing a set of security standards and best practices for the organization, developing policy, standards and procedure, recommending security enhancements to management as needed, and developing strategies to respond to and recover from a security breach.
Responsibilities
Conduct regular Vulnerability Assessments & Penetration Testing to identify & mitigate risks.Analyze vulnerability scan results, prioritize vulnerabilities based on risk, threat intelligence, and potential business impactReview and collaborate with developers to remediate Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) findingsCollaborate cross-functionally with teams including IT/Enterprise, Security/Compliance, Engineering/Production and Leadership, ensuring vulnerabilities are addressed expeditiously and effectively.Aggregate vulnerability assessment results from partner teams, utilizing a combination of automated tools and manual reviews to identify potential weaknesses in systems, networks, and applicationsPrioritize vulnerabilities based on severity, risk level, and potential impact on the Patelco's business, functional & technical operationsFacilitate remediation plans for identified vulnerabilities, collaborating with asset owning teams to ensure timely resolution.Monitor and track the progress of vulnerability remediation efforts, providing regular reports to management on the overall effectiveness of the programImplement vulnerability detection capabilities within the continuous integration and continuous delivery (CI/CD) pipeline and software development lifecycle (SDLC).Enhance the current Vulnerability Management Program for Patelco Credit UnionPerforms risk assessments to determine our stature against specific threats in order to recommend solutionsDevelop and recommend policies, standards and procedures that are in compliance with statutory and regulatory requirements that cover internal and external parties, physical security systems, internet and computer systemsBacking up the Information Security Officer as neededQualifications
Experience in Vulnerability Management or related field such as Penetration TestingStrong knowledge of common vulnerabilities and exploitation techniquesStrong knowledge of offensive security tactics techniques and proceduresProficiency with at least one scripting language (e.g.: Perl, Python, PowerShell)Knowledge of risk assessment tools, technologies, and methodsDemonstrated ability to map vulnerability exploitation vectors commonly identified in frameworks like OWASP Top 10 & STRIDE.Knowledge of CIS Benchmarks and best practices for the secure configuration of information systems and applications.Experience maintaining and running vulnerability scanning and other security testing tools (e.g., Tenable/Nessus, Qualys, Snyk, Burp, ZAP etc.)Technical experience working with industry-wide frameworks and standards like MITRE ATT&CKAbility to communicate network security issues to peers and managementAn understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the businessAn understanding of organizational mission, values, and goals and consistent application of this knowledgeExperience with regulatory compliance, including risk management frameworks (e.g., NIST CSF/RMF)Experience with Security Orchestration, Automation, and Response (SOAR) platforms.Strong understanding of PCI, GLBA, and IS/IT risk assessment, the Federal Financial Institution Examination Council (FFIEC) IT examination handbooks, and National Institute of Standard and Technology (NIST) 800-53 and Cybersecurity Framework.Minimum Qualifications
BS in Computer Science, Information Security, or a related field is highly desirable5+ years of experience in information security, especially in a security engineering role3+ years of past experience in a role on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC) is highly desirableCertified Information Systems Security Professional (CISSP, OSCP, GPEN etc. ) or equivalent requiredTarget Base Pay
$115,763 - $141,603
Compensation at Patelco
Please note that the salary information is a general guideline only. Patelco Credit Union considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills, internal peer equity, as well as market and business considerations when extending an offer. We offer a competitive total rewards package including a wide range of medical, dental, vision, financial, and other benefits.
We Offer
Physical Health:
Exceptional Medical, Dental, Vision, and Life Insurance benefitsOnsite fitness center at HQ and rewards for completing wellness related activitiesFinancial Health:
Competitive compensation packages with bonus opportunity401(k) with 3% Safe Harbor and 5% employer matchDiscounts on loan productsTuition reimbursementEmotional Health:
Employee Assistance Program (EAP)PTO for part-time and full-time positionsPaid holidaysPersonal Development:
On-the-job training and skills developmentInternal transfer opportunities for career growthVolunteer work
Flexible work arrangements available for specific positions
Patelco Credit Union is an Equal Opportunity Employer including individuals with disabilities and protected veterans
IND123
Patelco Credit Union is a not-for-profit credit union with a purpose to build financial health and wellbeing for our members. Since 1936, Patelco has grown from $500 in assets to over $9 billion in assets and is the 7th largest credit union in California with branches throughout Northern California.
We are here for our members throughout all their stages of life. Meeting them with the products and services to help them plan purposefully for their futures and to secure our life-long partnership as their trusted financial advocate. As one team, we are all committed to delivering service, empowering financial literacy, creating products, and providing new technology for our members.
We believe that work should be rewarding, challenging, and enjoyable. We're dedicated to creating a positive and supportive culture where our team members can thrive. If you're looking to use your skills and knowledge to make a difference in our members' lives, Patelco could be the perfect fit for you.
Overview
The Information Security Engineer will be responsible for providing engineering design, analysis, and support for information security platforms and devices, routers, firewalls, networks, and operating systems, identifying relevant threats, recommending corrective actions, developing solutions for security issues, and investigating security incidents and breaches. The Information Security Engineer will help plan and carry out the organization's information security strategy and program to include developing a set of security standards and best practices for the organization, developing policy, standards and procedure, recommending security enhancements to management as needed, and developing strategies to respond to and recover from a security breach.
Responsibilities
Conduct regular Vulnerability Assessments & Penetration Testing to identify & mitigate risks.Analyze vulnerability scan results, prioritize vulnerabilities based on risk, threat intelligence, and potential business impactReview and collaborate with developers to remediate Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) findingsCollaborate cross-functionally with teams including IT/Enterprise, Security/Compliance, Engineering/Production and Leadership, ensuring vulnerabilities are addressed expeditiously and effectively.Aggregate vulnerability assessment results from partner teams, utilizing a combination of automated tools and manual reviews to identify potential weaknesses in systems, networks, and applicationsPrioritize vulnerabilities based on severity, risk level, and potential impact on the Patelco's business, functional & technical operationsFacilitate remediation plans for identified vulnerabilities, collaborating with asset owning teams to ensure timely resolution.Monitor and track the progress of vulnerability remediation efforts, providing regular reports to management on the overall effectiveness of the programImplement vulnerability detection capabilities within the continuous integration and continuous delivery (CI/CD) pipeline and software development lifecycle (SDLC).Enhance the current Vulnerability Management Program for Patelco Credit UnionPerforms risk assessments to determine our stature against specific threats in order to recommend solutionsDevelop and recommend policies, standards and procedures that are in compliance with statutory and regulatory requirements that cover internal and external parties, physical security systems, internet and computer systemsBacking up the Information Security Officer as neededQualifications
Experience in Vulnerability Management or related field such as Penetration TestingStrong knowledge of common vulnerabilities and exploitation techniquesStrong knowledge of offensive security tactics techniques and proceduresProficiency with at least one scripting language (e.g.: Perl, Python, PowerShell)Knowledge of risk assessment tools, technologies, and methodsDemonstrated ability to map vulnerability exploitation vectors commonly identified in frameworks like OWASP Top 10 & STRIDE.Knowledge of CIS Benchmarks and best practices for the secure configuration of information systems and applications.Experience maintaining and running vulnerability scanning and other security testing tools (e.g., Tenable/Nessus, Qualys, Snyk, Burp, ZAP etc.)Technical experience working with industry-wide frameworks and standards like MITRE ATT&CKAbility to communicate network security issues to peers and managementAn understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the businessAn understanding of organizational mission, values, and goals and consistent application of this knowledgeExperience with regulatory compliance, including risk management frameworks (e.g., NIST CSF/RMF)Experience with Security Orchestration, Automation, and Response (SOAR) platforms.Strong understanding of PCI, GLBA, and IS/IT risk assessment, the Federal Financial Institution Examination Council (FFIEC) IT examination handbooks, and National Institute of Standard and Technology (NIST) 800-53 and Cybersecurity Framework.Minimum Qualifications
BS in Computer Science, Information Security, or a related field is highly desirable5+ years of experience in information security, especially in a security engineering role3+ years of past experience in a role on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC) is highly desirableCertified Information Systems Security Professional (CISSP, OSCP, GPEN etc. ) or equivalent requiredTarget Base Pay
$115,763 - $141,603
Compensation at Patelco
Please note that the salary information is a general guideline only. Patelco Credit Union considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills, internal peer equity, as well as market and business considerations when extending an offer. We offer a competitive total rewards package including a wide range of medical, dental, vision, financial, and other benefits.
We Offer
Physical Health:
Exceptional Medical, Dental, Vision, and Life Insurance benefitsOnsite fitness center at HQ and rewards for completing wellness related activitiesFinancial Health:
Competitive compensation packages with bonus opportunity401(k) with 3% Safe Harbor and 5% employer matchDiscounts on loan productsTuition reimbursementEmotional Health:
Employee Assistance Program (EAP)PTO for part-time and full-time positionsPaid holidaysPersonal Development:
On-the-job training and skills developmentInternal transfer opportunities for career growthVolunteer work
Flexible work arrangements available for specific positions
Patelco Credit Union is an Equal Opportunity Employer including individuals with disabilities and protected veterans
IND123