United Federal Credit Union Senior Security Engineer in Niles, Michigan
Senior Security Engineer
Niles Corporate Building - Niles, MI
GENERAL SUMMARY(What is done and why)
The Senior Security Engineer will join a dynamic team of security professionals to identify and mitigate risk across the Credit Union environment, thus allowing for the enablement of business technologies. The Senior Security Engineer’s works collaboratively with other teams to identify risks with security impact to the company, communicate that impact to teams and management, and engineer solutions.
Primary duties include defining system security requirements, development of secure products and software tools used for design, and development and maintenance of infrastructure and platforms.Provides information assurance support for the development and implementation of security architectures to meet new and evolving security requirements. Other duties may also include, but are not limited to, managing and enforcing security policies, training and educating end-users on proper security practices, conducting security and risk assessments, mitigating risk via security controls, testing and evaluation to certify and accredit commercial security products, ensuring privacy of data throughout its lifecycle, vulnerability management (scanning, assessment, reporting, and mitigation verification), and business continuity and disaster recovery.
ESSENTIAL FUNCTIONS, IN PRIORITY ORDER(Majority of duties, but not meant to be all inclusive or prevent other duties from being assigned as necessary)
Participate in architectural reviews and break down the vision to technologies and services needed for protecting customer data and enabling internal and external users to do their work more accurately and efficiently. 25%
Evaluate any proposed technology solution for adherence to documented company standards, policies, and regulatory responsibilities, as well as, engineer and build enterprise solutions in support of the security program. 20%
Implement and continually improve the IT and security frameworks in order to integrate security into the long-term strategic vision of the credit union in support of overall business strategy and vision, including budgeting for short term and long-term security initiatives. Time: 15%
Serve as lead on business related and cross-functional projects managing time, cost, human and technical resources, and scope while ensuring that security policies, standards and procedures are implemented effectively within projects. Time:15%
Support developers and development teams with training and awareness around the secure development lifecycle. 10%
Serve in a supervisory capacity by participating in strategic and tactical planning, budget input, structured and unstructured training, as well as direction and guidance of staff. Time: 10%
Evaluate audit findings and collaboratively work with Risk & Compliance and Information Technology teams to arrive at balanced solutions where findings indicate recommended remediation steps. Time: 5%
EDUCATION(Minimum education required to perform the duties of this position)
Bachelor's degree in Computer Science or related field or two years of related work experience required.
EXPERIENCE(Minimum experience required to perform the duties of this position)
In additionto the education requirement:
Seven or more years direct experience in information security including security design, implementation, and consulting required.
10 or more years hands on experience installing, configuring and troubleshooting server, networking, and application environments required.
Two advanced security certifications such as CISSP, CISM, GIAC, CASP, etc. required.
Additionally, one advanced IT certification (MCSA, MCSE, CCNA, CCNP, etc.) is required.
Industry recognized project management certification preferred (CompTIA Project+, CAPM, PMP)
KNOWLEDGE, SKILLS AND ABILITIES(Minimum technical and communication skill levels and licenses/certificates normally required to perform the duties of this position)
Must be familiar with and have recent experience with security specific products such as SIEM, IDS/IPS, data loss prevention, application white listing, anti-virus, firewalls, MDM, proxies, etc.
Must have recent experience with various firewall products including CheckPoint, Juniper, Cisco, SonicWall, PaloAlto, etc.
Must demonstrate experience and proficiency with vulnerability scanning and assessment tools and methodologies.
Must be familiar with risk assessment methodologies and practices.
Understand regulatory compliance in the areas of Gramm-Leach-Bliley Act and PCI DSS.
Experience with project and time management methodologies.
Experience with and ability to present various technical and non-technical concepts to all levels of management within the organization.
Experience with Microsoft server products, Active Directory configuration as well as Cisco networking.
Dealing with Ambiguity
Drive for Results
Integrity and Trust
Analysis and interpretation of systems (hardware and software) used within the organization in order to implement system performance, security and efficiency standards.
Strong conceptual, practical application, and problem-solving skills and techniques.
Ability to identify needs and analyze appropriate options.
Ability to use good judgment and make sound decisions quickly.
Ability to work under pressure.
Ability to understand strategic objectives so that technology initiatives support and help drive the actions.
Ability to grasp the concepts of various technologies.
Tools and Equipment Used
Intrusion detection and prevention systems
Networking equipment (routers, switches, etc.)
Communication technologies (web, email, IM, etc.)
File, print and application server systems
Network management and monitoring tools
Personal Computers (desktop and laptops)
Workstation and networked peripherals
Scripting and policy configuration tools
Diagnostic and benchmarking utilities
Carry and respond to pager and/or cellular phone as determined by supervisor
WORKING RELATIONSHIPS/CONTACTS(Positions with which incumbent has frequent contact)
Daily, personal/written/phone contact with management.
Daily, personal/written/phone contact with Credit Union staff.
As necessary, personal/written/phone contact with strategic partners, vendors, auditors, and examiners.
PHYSICAL DEMANDS(Physical effort generally associated with this position)
Work involves standing and walking for brief periods of time, but most work is done from a seated position. There is potential for eyestrain from prolonged work at the computer. Individual must be able to travel to complete applicable assignments, projects and training. Deadlines, workloads and pressure to achieve goals may cause increased stress levels. Occasionally may be required to lift 50-100 pounds. Individual must be capable of maneuvering under and around office furniture.
WORKING CONDITIONS(Typical working conditions associated with this type of work and environmental hazards, if any, that may be encountered in performing the duties of this position)
Internal- Work is normally performed in climate controlled office environment, where exposure to conditions of extreme heat/cold, poor ventilation, fumes and gases is very limited. Noise level is moderate and includes sounds of normal office equipment (computers, telephones, etc). No known environmental hazards are encountered in normal performance of duties. Length of day is unpredictable; long hours may be required to accommodate deadlines, special meetings, and manage incidents.
External- Some travel is required; however, information on environmental conditions is not available.