Information Security Engineer III-Hybrid

The Information Security Engineer III implements and monitors information security program and controls. Investigates and manages information security incidents. Performs security monitoring, security and data/log analysis, and forensic analysis to detect security incidents and create incident response. Investigates and utilizes new technologies and processes to enhance security capabilities.

Establishes foundational security for staff, members, and partners through scheduled audits of policies and procedures. Identifies gaps for collaborative procedural change within IT and the business.
• Establishes and applies risk management principles for consistent tracking and measurement in compliance with industry standards.
• Supports a near-zero risk enterprise using telemetry from security incident and event management systems and solutions to maintain transparency of risks.
• Tests solutions effectively utilizing industry standard analysis methods. Delivers technical reports and other documentation concerning test results.
• Engineers' security solutions efficiently with a minimal technology footprint where possible. Manages vendor solutions and partnerships with discretion to ensure business and data privacy.
• Audits and reports on identity and access management to ensure a zero-trust framework for production and development business application systems.
• Collaborates with other IT and business teams on security program initiatives and resolves security related issues.
• Performs audits of computing platforms to ensure versioning and patching are compliant and current.
• Supervises changes in software, hardware, facilities, and user needs to ensure no degradation in security. Documents security control requirements for new and existing business systems.
• Revises IT related purchase specifications for software, hardware and services that interface with business and IT teams to ensure all system/program security interface controls are appropriate.
• Provides consistent security guidance that enables new products and solutions to be built securely while validating/measuring the efficiency of our security posture to include technology reviews, vulnerability, assessments, and technical business risk assessments.
• Defines specific Indicators of Compromise (IOC) that identify the potential impact of cybersecurity events. Incorporates lessons learned from analyzing and resolving cybersecurity and privacy incidents, including the emergence of new security threats. Develops Indicators of Exposure (IOE) to understand the potential attack vectors that attackers use.
• Works within and directly impacts their function, occasionally interacts with other departments.

Education

• Min/Preferred: Preferred
• Education Level: 4 Year / Bachelors Degree
• Description: Bachelor's Degree in related field or equivalent experience is required.

Experience

• Minimum Years of Experience: 4
• Preferred Years of Experience: 6
• Comments: Must have at least 4-6 years information security experience preferably in the financial services industry.

Disclaimer

Logix Federal Credit Union is an equal opportunity employer that does not discriminate in employment opportunities or practices on the basis of race, religion, color, sex, sexual orientation, gender identity, national origin, protected veteran or disability status, or any other status protected by law.