Information Security Analyst

About The Position

Requirements

• Bachelor’s or Master’s degree in related field (Computer Science, Information Systems, and Information Security) or equivalent experience preferred. Job experience commensurate to educational equivalent will be considered.
• Minimum of four years of experience in Information Security required.
• Relevant security certifications such as GCIH, CISSP, OSCP, etc.
• Prior experience with SIEM tools such as LogRhythm, QRadar, or Splunk.
• Prior experience with Network Access Control (NAC) solutions such as ClearPass or CounterAct.
• Prior experience with Firewall technologies such as Cisco, Juniper, and Palo Alto devices.
• Knowledgeable about access management and identity management.
• Motivated to continue to learn technology and not adverse to self-learning new technologies as the situation dictates.
• Completion of or active pursuit of certification in Information Security.
• Must be available for a flexible work schedule including weekends, nights and holidays.

Responsibilities

• Support the Security Information Event Management (SIEM) system to make sure it is performing optimally and support the ingestion of new data sources and reviews existing data sources.
• Evaluate vulnerabilities in our environment and ensures that they are both timely and appropriately remediating by providing feedback to action plans and proactively identifying potential technology risks.
• Support our end user web filtering systems to make sure that employee access is appropriately monitored and restricted.
• Conduct regular risk assessments for technology systems and processes to make sure systems are inline with the credit union’s risk appetite and business continuity policies.
• Support and usability of these systems.
• Responsible for the monitoring and alters of key Information Security alerts and notifications and ensures they are followed up on in a risk based fashion.
• Implement Network Access Controls (NAC)  according to  security policy and monitor the performance and effectiveness of the system.
• Maintain the Next-Generation Anti-Virus software to ensure operational effectiveness of the tool.  Assists in investigations and remediation’s where appropriate.
• Implement and support the tuning of Information Security systems to better protect Information Security Systems and documents findings and recommendations in memo format.
• Work with Information Technology staff to review project design for security effectiveness of new project efforts.
• Review Firewall and Intrusion Detection Systems and help implement changes to ensure our standards are being met.
• Manage the technical effectiveness of our Single-Sign On solution and other privileged management tool including the support of new integrations.
• Help test and develop hardening standards based upon relevant industry standard templates across all devices with access to credit union data.
• Review log sources to make sure they contain enough information to detect suspicious activity or access and assists in investigating suspicious activities.
• Implement and design solutions to effectively monitor and manage Change Control policy and standards.
• Work with project teams to communicate and provide Information Security design considerations associated with Information Technology and business projects.
• Review business continuity processes and  and works with teams to test existing procedures and to help document any shortcomings of both documentation and design.
• Demonstrate support for the corporate mission, vision and values.
• Maintain a positive working relationship with department personnel, including management, supervisory and all other employees.  
• Meet the current standards as established for the department in the completion of all assigned duties.
• Responsible for abiding and complying with the policy for compliance with the Bank Secrecy Act and anti-money laundering laws and regulations (BSA/AML) and the policy for compliance with office of foreign assets control laws and regulations (OFAC).
• Responsible for department’s participation in every aspect of the Record Retention program. This includes the creation, identification, use, storage, and destruction in accordance with the policy.
• Perform other duties as assigned.