Cyber Security Engineer

Position Summary:

The Cyber Security Engineer is established as a technical position responsible to develop security for SDCCU’s systems and projects. It has the responsibility to implement and oversee security controls to protect the confidentiality, integrity, and availability of the SDCCU information assets. The employee should demonstrate broad security knowledge, independent thinking and analytical skills, the ability to maintain quality service standards set by the organization, and a willingness to partner with organizations outside the department.

Essential Duties and Responsibilities

• Design and assist with the implementation of firewalls and other intrusion detection systems

• Create new ways to solve security issues and evaluate new threats and vulnerabilities as well as new technologies and processes to enhance security capabilities

• Develop and implement security policies, standards, and procedures to address security requirements for confidentiality, availability, and integrity while enabling business processes

•  Develop scripts to automate monitoring and the handling of incidents

• Serve as an escalation point for complex and sensitive information security issues

• Supervise changes  to hardware and software to ensure security policies remain intact

• Assist with security design and architecture for applications and systems, ensuring business processes meet minimum information security requirements

• Provide guidance for system administration and maintenance for security tools, when necessary

• Perform security risk assessments for systems and provide written reports, including recommendations, for review by business owners and Security Steering Committee members.

• Implement and integrate security tools and controls and formulate a plan for testing and tracking metrics. Report results of testing to management team.

• Design and assist with the implementation of encryption key/digital certificate management

• Participate in security assessments and audits by responding to documentation and evidence requests as required

• Participate in vendor selection for security infrastructure

• Follow AML/BSA guidelines to identify and refer suspicious activity, perform OFAC comparisons, and identify individuals in accordance with branch procedures. Participate in AML/BSA compliance training as assigned.

Other Duties and Responsibilities

• Serve on security-related committees as required and lead technical security projects, using discretion when managing priorities

• Mentor and train team members and others who are essential to the success of the information security program

•  Provide 24X7 on-call support for after-hours security-related issues

Physical Demands and Work Environment

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee is regularly required to use hands to finger, handle, or feel objects, tools, or controls and talk or hear.  The employee is frequently required to stand and reach with hands and arms.  The employee is occasionally required to walk; sit; climb or balance; and stoop, kneel, crouch, or crawl.

The employee must occasionally lift and/or move up to 25 pounds.  Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.

The noise level in the work environment is usually moderate.

Minimum Qualifications (Education, Experience, Skills)

• Bachelor’s Degree in Computer Science, Information Systems, or equivalent work experience and certifications

• Minimum 8 years relevant work experience

• Cloud and network security certifications required

• Certified Information Systems Security Professional (CISSP) preferred

• In depth knowledge of information security frameworks, principles, and practices

• Excellent verbal, written, analytical, organizational, and human relations skills

• Ability to operate in a self-directed manner with strong analytical and technical problem-solving skills

• Ability to work well in a team environment in support of organizational goals