Information Security Engineer - Wausau, United States - Connexus Credit Union
4 weeks ago
Description
Information Security Engineer page is loadedInformation Security Engineer
Apply
locations
Remote
time type
Full time
posted on
Posted Yesterday
job requisition id
JR1270
Connexus Credit Union - Who We Are:
Serving members across all 50 states, Connexus Credit Union is a member-focused cooperative that is proud to return profits to member-owners through high yields for checking accounts and deposit products, as well as competitive rates for personal, home, and auto loans.
From its early beginnings on through the years, Connexus has remained a strong, growing, and secure financial institution that remains committed to serving the financial needs of our member-owners across the country.
Connexus offers an Amazing Benefits package:25 days of paid time off and 7 paid holidays16 hours of paid Volunteer Time Off
401K Retirement with up to 6% employer match
Excellent Health, Dental, Vision insurance, including multiple plan options
Health Savings Account with generous employer contributions
Employer paid Life insurance, Short-Term and Long-Term Disability
Tuition Reimbursement from $4,000 - $7,000 per calendar year
Robust Learning and Development program that includes an annual professional development stipend
Connexus has a Values-Based Culture :
Our Values of
Integrity, Respect, Transparency, Wellbeing
and
Synergy
aren't just words on a page; our values dictate the actions of the organization and everyone within it. We demonstrate our values in every personal interaction, phone call, and email ‐ every day.
About the Role:
The Information Security Engineer will design, implement, and maintain security systems and controls to ensure the confidentiality, integrity, and availability of computer networks, systems, and applications.
The Information Security Engineers job requirements include but are not limited to designing, implementing, operating, and monitoring of the enterprise security solution stack; support ongoing information security initiatives; analyze, verify, and track information technology risk and facilitate the remediation of identified vulnerabilities.
The Information Security Engineer is a member of the Information Security team and reports to the Manager of Information Security.
This position will work closely with the broader Business Technology (BT) team and key business stakeholders across all departments to support a comprehensive information security program.
This includes ensuring the compliance to defined security policies, processes, and standards.As a member of the Information Security team, the Information Security Engineer will elevate the Information Security program by utilizing "secure-by-design", "defense-in-depth", and "least-privilege" practices in support of cybersecurity best practices, industry standards, frameworks, regulations, policies, and procedures.
Responsibilities:
Security Architecture & Engineering: 50% of typical work volume
Guide the evaluation of cybersecurity products, principles, processes, and controls to ensure effective data protection.
Design, implement, and improve security protective controls, including monitoring, detection, and response infrastructure.
Conduct periodic reviews of deployed security technologies to ensure that the solutions continue to provide the intended protections efficiently and effectively.
Serve as an information security consultant on organizational project work and advise the business partners on the appropriate technology security controls.
Participate in business continuity and disaster recovery planning and testing.
Assist in the governance and monitoring of firewalls, intrusion detection systems, switches, and routers.
Maintain comprehensive security engineering documentation.
Security Governance, Risk & Compliance: 20% of typical work volume
Collaborate with the Compliance, Risk, and Audit teams.
Support the technology risk assessment process and control design with the goal of ensuring alignment with the organizations risk tolerance and risk profile.
Lead Cybersecurity vulnerability remediation efforts for network devices and systems.
Consolidate security related findings, tracks KPIs, and presents results to information security and appropriate business leaders.
Provides support in the investigation and remediation of potential threats and assists with general information system control reviews, risk, and vulnerability Assessments to identify weaknesses and assess the effectiveness of existing controls, recommends remedial action as needed.
Support activities to assess adherence to the information security policies and procedures.
Support security-based risk assessments of business and technology sponsored projects and initiatives, including engagements with third parties.
Interpret, monitor, and assess security systems and related projects for potential risks, violations, and adherence to the Information Security Program Standards which includes but not limited to: intrusion protection, secure file transfer, data loss prevention, email encryption, firewalls, log
management/correlation,
secure password storage/retrieval, application whitelisting, and
vulnerability management.
Coordinate regular penetration testing of systems and social engineering testing of staff.
Review, assess, and mitigate penetration tests and vulnerability assessments.
Ensure that alerts across all IT and/or security systems are configured in accordance to information security policy, standards, and procedures.
Lead the development, support, and monitoring the controls to protect data from accidental or unauthorized modification, destruction, or disclosure.
Lead the development, support and monitoring of the server, desktop, laptop and mobile device security controls.
Perform system security administration on various platforms, including operating systems, applications, and network security devices, in accordance with the defined policies, standards and procedures of the organization, as well as with industry best practices and vendor guidelines.
Create and maintain the internal documentation library, ensuring that procedures and other documentation is regularly updated to reflect the latest operational processes and requirements.
Participate on the Connexus incident response team and assist in the development and facilitation of the Cybersecurity Incident Response Plan in response to potential security incidents.
Responsibilities:
15% of typical work volume
Serve as an escalation point and mentor for junior staff to guide junior analysts and engineers on
implementing/monitoring
security controls.
Staying current with industry trends, identifying, and researching new technologies.
Work on projects that may be assigned on an ad hoc basis and may assist other corporate initiatives as necessary.
Identify and report opportunities for process improvements and solicit recommendations.
Establish and maintain effective relationships with managed service providers and other solution vendors.
Position Requirements:
This position is Remote.
Participate in operational support including on-call rotation.
Associate Degree in computer science, information systems, or technology field; or commensurate cybersecurity experience is Required.
5+ years of experience within cybersecurity experience is Required.
Experience in cloud environments and cloud security is Required.
Experience with securing Windows and Linux operating systems is Required.
Understanding of industry compliance standards and regulations (ISO, NIST, PCI DSS, SOC II Type 2, CIS, GLBA, CCPA, etc.) is Required.
Connexus Credit Union's Recent Recognitions:
2024 Best Credit Union – NerdWallet
2024 Best Credit Union – Bankrate
2023 Best-In-Class Employer - Gallagher
2023 Best Credit Union – Kiplinger
Fourth Largest Credit Union in Wisconsin (by asset size)
Equal Opportunity
Employer/Disabled/Veterans/41
CFR 60–1.4, 41 CFR
#J-18808-Ljbffr