Info Sec Engineer II - Identity Access Management

OnPoint Credit Union•Portland, OR

About The Position

SUMMARY: Implements and monitors information security programs and controls. Ensures protection of technology and the business against unauthorized access, disclosure, modification and deletion of information. Completes a variety of audit, reporting, information program, policy, procedure, technology and incident mitigation tasks. ESSENTIAL DUTIES AND RESPONSIBILITIES: Establishes and applies risk management principles for consistent tracking and measurement in compliance with industry standards. Performs as a security engineering technical advisor for all technology initiatives to ensure program conformance. Ensures end-to-end system and data security through the use of perimeter threat event reporting, data loss prevention and anti-spam/anti-virus and phishing simulation solutions. Performs risk-analysis for threat events through simulations and communicates findings and training requirements to management and business (e.g. phishing simulations). Supports a near-zero risk enterprise using telemetry from security incident and event management and other solutions. Tests solutions effectively utilizing industry standard analysis methods. Delivers technical reports and other documentation concerning test results. Engineers security solutions efficiently with a minimal technology footprint where possible. Manages vendor solutions and partnerships with discretion to ensure business and data privacy. Audits and reports on identity and access management to ensure a zero-trust framework for production and development business application systems.Maintains awareness of evolving threats through membership with ISO, RSA, SANS, ISSA, etc. and information security solution vendor partners. Collaborates with other IT and business teams on security program initiatives and resolves security related issues.Monitors intrusion prevention system technologies and performs vulnerability scans. Escalates incidents when applicable and tracks completion of full event lifecycles. Supports efforts and processes focused on investigations and misuse of company data. Captures evidence that is admissible in a court of law for unauthorized activities. Uses approved AI tools responsibly to improve productivity and support job-related duties, while maintaining data privacy, security, and compliance with applicable policies. Harnesses approved AI capabilities to strengthen the organization’s security posture (e.g., improving threat detection, triage, and response), while ensuring data privacy, security, and compliance with applicable policies.

Requirements

Must have at least 3 years information security experience or 6 years information systems experience preferably in the financial services industry.
Must have or be able to obtain within six months of hire one of the following/equivalent certifications: Certified Ethical Hacker (CEH) Offensive Security Certified Professional (OSCP) CompTIA PenTest+ SC-200 Microsoft Security Operations Analyst
Bachelor’s degree in related field or equivalent experience is required.
Must have advanced computer skills and practical knowledge of computing systems and software including support desk solution(s).
Must also demonstrate conduct consistently with our Corporate Values

Responsibilities

Establishes and applies risk management principles for consistent tracking and measurement in compliance with industry standards.
Performs as a security engineering technical advisor for all technology initiatives to ensure program conformance.
Ensures end-to-end system and data security through the use of perimeter threat event reporting, data loss prevention and anti-spam/anti-virus and phishing simulation solutions.
Performs risk-analysis for threat events through simulations and communicates findings and training requirements to management and business (e.g. phishing simulations).
Supports a near-zero risk enterprise using telemetry from security incident and event management and other solutions.
Tests solutions effectively utilizing industry standard analysis methods.
Delivers technical reports and other documentation concerning test results.
Engineers security solutions efficiently with a minimal technology footprint where possible.
Manages vendor solutions and partnerships with discretion to ensure business and data privacy.
Audits and reports on identity and access management to ensure a zero-trust framework for production and development business application systems.
Maintains awareness of evolving threats through membership with ISO, RSA, SANS, ISSA, etc. and information security solution vendor partners.
Collaborates with other IT and business teams on security program initiatives and resolves security related issues.
Monitors intrusion prevention system technologies and performs vulnerability scans.
Escalates incidents when applicable and tracks completion of full event lifecycles.
Supports efforts and processes focused on investigations and misuse of company data.
Captures evidence that is admissible in a court of law for unauthorized activities.
Uses approved AI tools responsibly to improve productivity and support job-related duties, while maintaining data privacy, security, and compliance with applicable policies.
Harnesses approved AI capabilities to strengthen the organization’s security posture (e.g., improving threat detection, triage, and response), while ensuring data privacy, security, and compliance with applicable policies.