Purpose of the Job
The Information Security Analyst is responsible for identifying and responding to cyber security incidents to protect the information assets of the Credit Union. They seek out weaknesses of the Credit Union systems and infrastructure by analyzing data and recommending solutions to remove, reduce or mitigate risk.
Essential Functions and Responsibilities
- Performs administrative tasks for core security functions, such as firewall, VPN, Malware detection, Intrusion Detection and Prevention (IDS/IPS), Identity Management, Security Information and Event Management (SIEM).
- Ingests and interprets internal and external Cyber Threat Intelligence for determination of potential threat and impact, determines potential scope, and implements mitigations to defend the Credit Union systems and infrastructure.
- Monitors SecureWorks Manage, Detect, and Response services to prioritize and resolve findings across the Credit Union system infrastructure.
- Assists with vulnerability assessments and associated tracking and remediation of findings.
- Assesses new threat vectors, evaluating the effectiveness of current controls and utilizing intelligence analysis to create proactive mitigation around threats and vulnerabilities.
- Conducts research and review for latest security trends, exploits, and patches for Credit Union systems, including zero-day patching.
- Monitors security on HQ and branch application servers, web servers, virtual infrastructures and networks (VMware, others), internal and external firewalls.
- Monitors security for LAN/WAN, wireless, VPN, and remote access for staff, Board of Directors and vendors.
- Monitors security for laptops and removable storage devices to ensure users are adhering to policies and procedures.
- Collaborates with cross-functional teams to prioritize and resolve information security findings.
- Contributes to the prevention of incidents by operationalizing threat intelligence to enhance or develop monitoring and detection strategies.
- Assists in developing and publishing information security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements such as NIST Framework, FFIEC, ISO 27001 or IT internal risk assessment.
- Assists in the ongoing review and improvements to the FFIEC CyberSecurity Risk Profile and Maturity Model.
- Assists in the preparation of annual NCUA audit.
- Assists in the vendor management process to ensure best in class information security products, services and monitoring capabilities.
Other Duties and Responsibilities
- Assists with other tasks and projects as assigned.
Knowledge, Skills, and Abilities
- Must have working technical knowledge of current systems software, protocols, and standards, including the Microsoft Operating system and TCPIP protocol
- Must have extensive network administration knowledge
- Must have knowledge of security issues, techniques and implications across multiple platforms
- Must have knowledge of regulatory agencies’ policies, procedures and laws governing the security of data for financial institutions
- Must have knowledge of penetration testing principles, tools and techniques
- Must have excellent communication skills in English, both verbal and written
- Must be adept at reading, writing, and interpreting technical documentation and procedure manuals
- Must have ability to conduct research into software issues and products as required
- Must have proven analytical and problem-solving abilities
- Must be able to evaluate systems and procedures, implementing efficiency enhancements
- Experience working in a team-oriented, collaborative environment preferred
- Must have ability to understand all business processes within the credit union
- Must be detail oriented and well organized
- Must be able to work in a general office environment
- Must be flexible and able to shift resources and priorities as required
- Must be able to complete all assignments with minimal supervision
- Should possess a strong commitment to providing excellent service to Truliant’s members
- Occasional standing, walking, bending, and stooping required
- Must be able to sit at a desk for long periods of time and use a computer
- Must be able to moderately lift or move up to 5 pounds and occasionally lift or move up to 10 pounds
Education and Background
- Bachelor’s degree required in Computer Science, Information Systems, Cyber Security or other related field; relevant work experience may be substituted for the education requirement.
- Must have up-to-date training and/or certification with related systems (CISSP, CISM, Security+ or CAP)
- Must have a minimum of 2 years of relevant professional experience in configuring, hardening and supporting cybersecurity systems
- Must have 2 years of experience configuring, hardening and vulnerability assessment of network products such as routers, switches and firewalls (Palo Alto and Juniper)