Security Engineer

Volunteer Corporate Credit Union

Established in 1981, VolCorp is a not-for-profit financial cooperative based in Nashville, TN serving over 330 natural person credit unions nationwide. VolCorp's mission is to serve as the primary financial partner for credit unions by providing superior products, services, and support. For more information about VolCorp, please visit www.volcorp.org.

We are currently recruiting for a Security Engineer.

Hybrid & Remote Work Environments:

Option available based on position and the location of incumbent.

• Generous time off- VolCorp offers a generous allotment of pro-rated vacation, discretionary and sick time to any part time employee who will work an average of 24 or more hours in a week. In addition, we follow the Federal Reserve guidelines with 11 holidays per year.
• Culture- We pride ourselves on striving to maintain and achieve a culture that lives and breathes our operating principles daily. Those principles include Accountability, Vision, Trustworthiness, and Unity while remaining Results Focused. Our culture is reflected in our average length of service which is currently running at 14 years. We strive to do it right!
• Benefits- Medical, Dental, Life, Disability, Vision, Health Reimbursement Accounts, Health Savings Account, Flexible Spending Accounts are all part of the Benefit Package for any part time employee who averages 24 or more hours per week.
• Retirement Plans- Once you enter our retirement plans the company will make a 3% contribution to your 401K plan and a 7% contribution to a Retirement Savings Fund Plan which is a combined total contribution of 10%. The contribution takes place even if you choose to not personally contribute. Should you choose to contribute you have contribution platforms such as Roth or tax deferred investment options. This option is available for any employee who completes 1,000 + hours in a 12 month period.
• Community Giving- VolCorp is paired with a local charitable organization where we "give back" to the community. Paid time off provided to work with the organization and fundraisers held yearly for their benefit.
• Sign on bonus- $1,000 sign on bonus after completion of 60 days

POSITION SUMMARY:

Responsible for the day-to-day operation of VolCorp's Information Security program, including assisting in designing, planning, implementing, and supporting security solutions across the enterprise, including networks, servers, communications, workstations, and cloud environments. This position plays a key role in maintaining the corporate's overall security posture and defending against security threats.

The Security Engineer will work closely with the Information Technology, Software Development, Risk Management, Security, Compliance, and Internal Audit teams to ensure secure architecture design, monitoring and response, and vulnerability management meet the desired risk appetite set by the organization.

PRIMARY RESPONSIBILITIES:

• Assist with internal security consultation for planning, implementing, and hardening of endpoints within the network. Partner Security and IT teams with deploying, configuring, and maintaining network security tools and technologies – Firewalls, Web Application Firewalls (WAFs), IDS/IPS, Endpoint Detection and Response (EDR), SIEM/SOAR platforms, and virtual Security Operations Center (vSOC).
• Monitor network infrastructure/systems for security threats, establish procedures for identifying and isolating threats, reducing threats/attack surface.
• Assist with any security breach investigations, document the security incidents, assessing damage, root cause analysis, support for necessary breach notifications, and establishing chain of custody for forensics.
• Assist with the performance of penetration testing, documentation of alerts during the test, and work with Security, IT Operations and Software Development to resolve gaps in security posture.
• Assist with the design, planning, and implementation of security systems, network, applications, and cloud infrastructure to meet the information security program and board appetite.
• Assist with defining security baselines, follow industry leading practices, compliance with regulatory and internal policy frameworks, such as NIST CSF.
• Responsible for performing vulnerability scans, validation of vulnerabilities, and collaborating with IT Operations and Software Development on remediation efforts.
• Assist IT Operations and Software Development regarding patch management programs by identifying gaps, providing guidance on mitigations, meeting established metrics for reporting, baseline hardening, and continuous development of security posture.
• Perform threat hunting/modeling within our environment, documenting associated risk within the risk assessment, prioritize vulnerabilities and remediations based on impact to the corporate, exploitability and risk appetite.

RELATED DUTIES:

• Maintain contact with software vendors to research security products and discuss new applications.
• Develop external contacts to form sound relationships with other (companies or individuals) in the information security field.
• Maintains working knowledge of external threats as well as new emerging threats targeting the financial services industry.
• Research and recommend security tools and technologies for annual budget to improve the corporates information security posture.
• Acting as a liaison between end users, management, IT and Software Development staff on matters relating to information security and cybersecurity.
• Collaborate with IT and Software Development teams to ensure secure deployment, configuration, and operation of applications and security tools across the environment. Assist in post deployment support and troubleshooting efforts.
• Perform other related duties as required.
• Adhere to company and governmental policies and regulations including those related to Equal Employment Opportunity and Affirmative Action Plan compliance.

EDUCATION AND EXPERIENCE:

Bachelor's Degree in area of specialty or equivalent years of directly related experience.

2 or more years of hands-on experience in information security, with exposure to security tools, practices, and frameworks.

SKILLS, KNOWLEDGE, and ABILITIES:

• Wide knowledge of computer security architectures and networking protocols
• Knowledge of administration of firewall, WAF, Intrusion Detection System, and VPNs technologies (Palo Alto Network Firewall preferred), Juniper Switches, and wireless networking protocols.
• Knowledge with virtual environments (server virtualization and VDI)
• Knowledge of Microsoft Operating systems (Windows Server and Desktop), M365, Azure, EntraID
• Knowledge of Endpoint Detection and Response, NGSIEM/SIEM platforms, and securing cloud implementations.
• Working knowledge of information security frameworks – NIST CSF, CIS, PCI-DSS
• Knowledge of compliance and data privacy frameworks – GLBA, CCPA, GDPR, NIST
• Ability to produce accurate detailed systems documentation
• Effective interpersonal, verbal, and written communication skills
• Excellent time management skills with the ability to plan, prioritize, and manage multiple security related projects with daily tasks
• Self-motivated

PHYSICAL DEMANDS:

No unusual physical demands

WORKING CONDITIONS:

Basic office setting

VEVRAA Federal Contractor; Equal Opportunity Employer, including disability and veteran