Cyber Security Analyst

Position Summary

The position of Cyber Security Analyst is established for the operations of the information security program. This position serves as a frontline defense against ransomware attacks, data breaches, and other types of malware. The position involves detecting, investigating, and preventing cyber threats. It has responsibility to maintain the health and functionality of the information security controls to protect the confidentiality, integrity, and availability of the SDCCU information assets. The candidate should demonstrate a sound understanding of information security principles, independent thinking and analytical skills, as well as technical knowledge and abilities. The candidate must show discretion and independent judgement to successfully perform job tasks. This position must also maintain quality service standards set by the organization and a willingness to partner with organizations outside the department.

Minimum Qualifications (Education, Experience, Skills)

• Bachelor’s Degree in Computer Science, Information Systems or equivalent work experience and security certifications
• Minimum 3 years relevant IT work experience, plus two years of field or coursework related to IT (preferably IT Security).
• Possess a high level of integrity
• Experience with Identity and Access Management (IAM) preferred
• SSCP, SCNP, CCSA, CEH, Security+, or CySA+ preferred
• MCSE, CCNP, Network+, or equivalent network certifications preferred
• Experience managing security technologies such as: firewall, Intrusion Detection Systems, anti-virus, web filtering, and multi-factor authentication
• Technical knowledge of encryption technologies, digital certificates, SSL/TLS, VPN, IPsec, TCP/IP, DNS, and web security architecture, network, server, and desktop concepts
• Excellent verbal, written, analytical, organizational, and human relations skills
• Ability to operate in a self-directed manner with strong analytical and technical problem-solving skills
• Ability to work well in a team environment in support of organizational goals

Essential Duties and Responsibilities

• Analyze security breaches and policy violations to determine the root cause
• Facilitate the incident response process to ensure the appropriate urgency and discretion is used and communication is facilitated within the incident response guidelines
• Analyze systems and data to recommend enhancements that meet or exceed information security policies
• Develop processes and procedures to support information security best practices
• Develop innovative and, when possible, automated approaches for completing information security-related tasks
• Ensure security standards are adhered to for areas such as authentication, authorization, encryption, and data access policies
• Provide support and expertise to IT teams for security-related issues
• Train team members in security awareness best practices and procedures
• Participate in IT and regulatory audits and assist with the remediation of findings
• Attend Access Control Committee and Security Steering Committee meetings
• Act as a liaison to Internal Audit, IS Risk and Compliance to monitor and manage outstanding audit and risk register items, ensuring resolution within established timeframes
• Work with application business owners to assist with implementing role-based access and proper separation of duties and least privilege
• Conduct research to keep abreast of latest security issues to anticipate incidents and reduce their likelihood
• Configure, maintain, and install security policies on tools such as: IDS/IPS, Firewalls, internet filtering, email systems, and Data Loss Prevention systems
• Perform digital certificate monitoring and validation of encryption systems
• Maintain documentation of IT security processes, procedures configurations, and diagrams
• Work with outside vendors to resolve product errors or shortcoming and to coordinate security projects and implement services
• Monitor access to sensitive systems and information assets and perform Unified Application Reviews (UARs)
• Participate in Disaster Recovery planning and testing
• Participate in AML/BSA compliance training as assigned. Adhere to credit union AML/BSA policy and procedures including CTR rules and form preparation, identify and refer suspicious activity to the Compliance Department, perform OFAC comparisons, and properly identify individuals in accordance with Branch Operations procedures

Other Duties and Responsibilities

• Provide on-call support for after-hours security-related issues as needed
• Perform other duties as assigned
• Occasional travel

Physical Demands and Work Environment

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee is regularly required to use hands to finger, handle, or feel objects, tools, or controls and talk or hear. The employee is frequently required to stand and reach with hands and arms. The employee is occasionally required to walk; sit; climb or balance; and stoop, kneel, crouch, or crawl.

The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.

The noise level in the work environment is usually moderate.