Skip to main content

IT Security Engineer

a person looking at a tablet
Apply Now
Share

Description

Responsible for ensuring strong information security architecture, governance, and compliance, including guiding system/application owners and operators. Acts as a technical expert and lead in the enterprise-wide design of InfoSec engineering strategies. This position reports to the VP of Information Security.

LOCATION

Off-site Utah

SCHEDULE

Full Time

To be effective, an individual must be able to perform each job duty successfully.

  • Architects and designs unique technical solutions in accordance with security policies and procedures; knowledge of Information Security standards, best practices, methodologies, and process associated with the information risk management industry. Cloud-based security is required.
  • Automate and manage enterprise vulnerability and web application program to prioritize vulnerability remediation and track through metrics.
  • Design and document complex IT security architecture to meet a strong information security posture, data security requirements, business objectives, and regulatory requirements.
  • Designs security and rules for data loss protection (DLP) and information rights management (IRM) solutions using cross functional business understanding with long-term strategic context for the Credit Union.
  • Design enterprise-wide strategies for identity and access management (IAM) solutions and processes.
  • Ability to move seamlessly between an expert hacker/attacker mindset and a security engineer/defender mindset in multiple strategic business functions to get tasks done in support of strategic initiatives.
  • Be on the leading edge with respect to a unique mastery of security threats (including web, mobile and, desktop applications), theories and techniques of vulnerability life cycle management, and to align their applicability to business initiatives and strategies.
  • Provide ongoing subject matter expertise and guidance as a recognized authority and “go-to” person to development, support, and infrastructure teams in multiple areas of information security specialization.
  • Act as a mentor and coach for other engineers and information security teammates. Participates in recruiting, interviewing, and hiring new talent.
  • Ability to scope and lead multiple teams and strategic projects.
  • Identify “critical” security issues and risks that may impact multiple or all business units and develop mitigation plans (holistic and highly innovative, not point solutions).
  • Identify, design and lead initiatives across groups and the credit union to implement corrective actions for identified security exposures.
  • Reviews and develops business metrics to gauge operational effectiveness of the Information Security Program.
  • Lead red team testing including developing and executing detailed test plans, analyzing risks, and reporting findings and recommendations.
  • Research, test, and deploy security processes and products to deliver objectives.
  • Coordinate and contract periodic security and risk assessments with third-party vendors for strategic credit union partners that affect critical measure delivery.
  • Proactively assess new and complex high-risk systems for security and data privacy to adapt, create or make security recommendations for the systems.
  • Coordinates, tests, and improves IT physical access controls and processes.
  • Designs security for scalable and redundant complex clusters of networked computers (physical servers, VMs, SAN and storage usage, networking equipment).
  • Update job knowledge by participating in educational opportunities, reading professional publications, maintaining personal networks of other industry professionals, and participating in professional organizations to maintain current market knowledge. Be perceived by external peers as a thought leader who translates expertise to develop creative solutions to organizational challenges.
  • Assists in security testing and preparing for audits and examinations.
  • Receiving, responding to, and handling after-hours calls exercising independent judgment to achieve objectives.
  • Performs other duties as assigned.

KNOWLEDGE, SKILLS, and ABILITIES

The requirements listed are representative of the knowledge, skills, and/or abilities required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions.

Experience

  • 10+ years of experience in Information Security.
  • 5+ years in information technology
  • In-depth experience and understanding of large-scale networks, competition, and proven ability to solve complex challenges facing the financial industry.
  • Experience with regulation compliance and meeting IT security controls standards (e.g., NCUA, FFIEC, Critical Security Controls, NIST, PCI, ITIL, ISO 27001).
  • Strong acumen with scripting (e.g., Perl, Python, Ruby, Shell script, JavaScript, PowerShell).
  • Exceptional experience and very detailed technical knowledge in at least eight of the following areas:
    • information security architecture,
    • web vulnerabilities (OWASP Top 10),
    • operating system (Microsoft Windows, Linux/UNIX, etc.), network security, and database security,
    • Active Directory, GPOs, DNS, DHCP, email security,
    • authentication and security protocols,
    • applied cryptography, encryption at rest, and SSL/TLS certificates,
    • security vulnerabilities and remediation techniques (e.g., penetration testing),
    • PCI compliance or assessments,
    • application layer security testing,
    • secure coding and code reviews for vulnerabilities,
    • cloud, SaaS, and virtualization security,
    • mobile application security,
    • security tools (including Kali Linux, vulnerability scanners, etc.).
  • Credit Union or banking experience is a plus.

Education

Four-year college degree or equivalent experience. Graduate level degree is a plus.

Licenses, Certificates, Registrations

Certifications from recognized security body - CISSP, CEH, CISA/CISM, GIAC, OSCP, or CCNP/CCNA with a strong security background; CISSP preferred.

Computer/Office Equipment Skills

Advanced skills in Microsoft Office including Outlook, Word, PowerPoint, and Excel.

Managerial Responsibility

NONE

Other Skills and Abilities

  • Be able to identify possible significant security weaknesses in systems and processes outside of strictly assigned tasks and to strategically think to solve business problems.
  • Ability to clearly present in public to express and effectively communicate verbally in a manner appropriate for your audience including senior leaders.
  • Establish and maintain relationships with business and functional leaders.
  • Demonstrated ability to clearly express ideas in writing with graphic illustrations.
  • Is accountable for the analysis of initiatives, including impact, financial, and legal outcomes of programs.

PHYSICAL ABILITIES / WORKING CONDITIONS

Physical Demands

Ability to sit, talk, and hear consistently

Ability to use hands to handle or reach frequently

Vision Requirements

Closer vision (clear vision at 20 inches or less)

Distant vision (clear vision at 20 feet or more)

Color vision (ability to identify and distinguish colors)

Ability to adjust focus (ability to adjust the eye to bring an object into sharp focus)

Weight Lifted or Force Exerted

Ability to lift up to 10 pounds consistently

Ability to lift up to 50 pounds occasionally

Noise Environment

Moderate noise (business office with computers and printers, light traffic)

***This Job is not eligible to be performed in Colorado or Connecticut, either remotely or in-person.***

#LI-FB1

a group of people putting their hands together

Join our talent community

Create your profile to connect with our talent acquisition team. You will receive occasional emails about career opportunities that match your interest and skills.

Join now