Summary: Under the direct supervision of the Information Security Manager (Information Security Officer), this position provides advanced technical cybersecurity support to Noble Credit Union’s Information Security Program, including information security processes, information security policy/procedure review and development, evaluating, implementing, fine-tuning, monitoring information security systems, performing incident response, advanced threat analysis and threat hunting, vulnerability management, risk assessment, and participating in IT and business technology solution implementations by providing appropriate security advisory functions to ensure the protection and compliance of Noble’s information infrastructure, systems, and data in accordance with Noble Credit Union policies, cybersecurity best practices, privacy, financial and compliance regulations and requirements.
Essential Duties and Responsibilities:
Provide technical expertise and serve as senior cybersecurity expert while performing functions in all cyber security related matters to include but not limited to the following cybersecurity related areas of functions:
- Systems, network and internetwork security
- Data security and protection, securing data at rest and in-transit
- Cloud platforms and security, such as Microsoft Azure and related cloud applications, services, and cloud security, plus knowledge of other cloud services, SaaS, IaaS, PaaS in general.
- Supporting various enterprise security management practices and solutions, such as endpoint detection and response (EDR and XDR), SIEM, email protection, DLP, encryption, web filtering, IDS/IPS, and related.
- Security risk, compliance, and auditing assessments and functions, including PEN testing and social engineering assessment
- Vulnerability and patch management, risk mitigation and remediation
- Firewalls, remote access, general secure network topologies
- Identity access management strategies and methods
- Policies and procedures development and technical documentation
- Technical information security project management and execution
- Cybersecurity training and awareness
Collaborate with the Information Security Manager (Information Security Officer) on Information Security Program planning, strategies, operation functions and improvements, and project execution.
Recommend, evaluate, implement, maintain, and fine-tune computer security systems and technologies per the organization’s information security program, policies and regulatory compliance and requirements.
Perform advanced and complex threat analysis and threat hunting, resulting from alerting, monitoring, triaging and issue escalation, ensuring completeness of documentation.
Participate and provide security consultations or advice for technology solution projects, including solution evaluations, risk assessments, vendor SOC reviews and related project team or risk engagements to ensure security and compliance in solution design, implementation, and on-going usage.
Identify security risks, threats, vulnerabilities, trends and escalate or send appropriate data reports to management as necessary, including recommendations and leading mitigation and remediation efforts.
Perform incident response by following established IR runbooks and processes, including collection and analysis of logs and artifacts, forensic analysis, guiding remediation efforts, review and validation of recovered or remediated systems for potential secondary compromise or further threat activities.
Review, improve, or develop security policies, procedures, technical guides, and processes as appropriate to reflect current and future security requirements, ensure secure operational practices, and address compliance requirements.
Provide lead technical cybersecurity and risk guidance, consultation, and support to other information security analysts as well other teams, projects, and technology initiatives.
Ensure compliance with all safety, security and compliance programs including but not limited to BSA, AML, OFAC, Branch Security and Safety.
Perform all other related duties as assigned.
Supervisory Responsibilities:
This job has no direct supervisory responsibilities but will serve as senior technical lead and provide advanced technical expertise and guidance for other information security professionals and project teams as appropriate.
