Senior Information Security Analyst

Position Summary:

The Senior Information Security Analyst implements and supports security policies and architecture to ensure the confidentiality, integrity, and availability of all Technology Credit Union’s (Tech CU’s) assets under the guidance of the Information Security Officer. This position contributes to protecting the Tech CU brand, customers, and its business operations. Success in this role requires a desire to work with a broad range of technologies in a small team to protect critical infrastructure.

Essential Duties

• Develops and implements security strategies and tools appropriate to business needs.  
• Works with system administrators and vendors; analyzes, recommends, plans and provisions appropriate types of security technology to meet security requirements. 
• Supports the implementation, administration, monitoring and continuous improvement of security architecture, technology processes and solutions including security information and event management, anti-malware, intrusion detection, data leak prevention and identity and password management solutions.  
• Ensures security options are properly configured, documented, tested and successfully executed to maximize the overall benefit for the organization in adherence to change management standards. 
• Conduct security analysis and monitor activities in cloud environments including, but not limited to, MS Azure and SaaS applications, and support the implementation of cloud security policies and best practices.
• Conducts security/risk assessments, day-to-day observation of security tools, vulnerability testing, and phishing tests; researches emerging threats, performs data analysis, prepares metrics, and reports and advises on mitigation controls.  
• Develops policies, procedures and standards that meet existing and newly developed policy and regulatory requirements including Federal Financial Institutions Examination Council (FFIEC), the Sarbanes-Oxley Act (SOX), and/or Payment Card Industry (PCI) guidance. 
• Advises stakeholders on Information Security initiatives, security operations, compliance, security awareness and training. 
• Identifies opportunities for efficiencies in information security tools, process and procedures. 
• Develops, maintains and tests incident response plans against variety of scenarios. Also participates on Incident response team for security incidents.
• Serves as project manager/lead within information technology (IT) security projects. 
• Provides support for internal and external audits and examinations. 

Work Schedule

• Full-time; typically 40 hours/week
• Flexible schedule within core business hours, Pacific Time, M-F
• Flexibility to occasionally work early or late hours, and extended weekend hours, typically with advance notice.

Workplace Essentials

• Supports Tech CU’s Mission and Vision and consistently demonstrates Tech CU’s Values (Accelerate, Collaborate, Innovate, & Cultivate).
• Meets with manager on a regular basis to discuss goal alignment, performance metrics, and development plans.
• Complies with Tech CU policies and procedures.
• Upholds employee Code of Conduct and Business Ethics and ensures confidentiality of the workplace.
• Complies with requirements imposed by federal, state and local regulatory agencies.
• Adheres to internal control and security measures designed to ensure regulatory compliance and mitigate losses and errors.

Education: B.S. Degree in Information Technology, Computer Science, emerging technologies or related technical/business discipline. Masters’ Degree helpful.

Experience:  5+ years’ professional, technical experience in the information technology or security field utilizing a mix of security technology such as:  Intrusion Detection and Prevention Systems (IDS/IPS), firewalls and log analysis, Security Information and Event Management (SIEM), network behavior analysis tools, antivirus and network packet analyzers, system administration, vulnerability and patch management, change and configuration management, digital forensics tools in an enterprise environment, cyber incident response activities in an enterprise environment.

Knowledge/Skills/Abilities:

• Advanced knowledge of the TCP and IP protocol suite, security architecture, DNS and remote access security techniques and products.
• Solid understanding of network security concepts and defense in depth.
• Solid familiarity with intrusion detection / protection, firewalls, and anti-virus systems.
• Solid understanding of cloud security architecture and best practices.
• Proven understanding of network protocols.
• Superior analytical skills.
• Strong organizational skills and the ability to handle multiple tasks concurrently.
• Solid ability to work well in a team environment.
• Good ability to document events and analysis in a clear and concise manner.
• Excellent balance as Individual Contributor and Team Player.
• Consistent self-starter who demonstrates initiative and is willing to assume responsibility.
• Strong verbal/written communication and data presentation skills, including an ability to effectively develop and communicate clear, thoughtful, and comprehensive analyses.
• Demonstrated ability to manage and prioritize workload and roadmaps.
• Strong ability to identify patterns in data and relay findings as value-added information to business owners.
• Strong problem solving skills, with a high level of attention to detail and organization.
• Highly adaptive and open to changes as the organization grows and its needs evolve.

Licensing/Certifications:  Certification such as GIAC Security Essentials Certification (GSEC), CompTIA Security+ or equivalents desired.

Travel:  May be required to travel occasionally to Tech CU locations outside of headquarters, typically with advance notice. May be required to occasionally attend offsite training, meetings or events, including some overnight travel, typically with advance notice.

Typical Working Conditions:  Office environment with interaction with a variety of internal and external parties. May work remotely as determined by business need and individual performance.

Equipment Used: Routinely uses standard office equipment, including computer, phone, copier and other devices.

Physical Requirements:

• Sitting for up to 85% of the day.
• Reading a computer screen and perform keyboarding tasks for up to 90% of the day
• Frequent speaking and listening to interact with team, management, vendors and authorities in person or via phone
• Mobility to attend meetings within office building and offsite.

EQUAL EMPLOYMENT OPPORTUNITY

Technology Credit Union is an Equal Opportunity Employer. All qualified employees and applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetic information, age, disability, veteran status or any other legally protected basis. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, and transfer, leaves of absence, compensation and training.

This is a grade 108 position, with a salary range from $127,200 to $184,800 with bonus potential of 15%. The anticipated range for new hires is between the low-end and midpoint of the range, depending on experience. Tech CU is a pay-for performance organization that benchmarks base pay to the 50^th percentile of our market and we provide incentive-based compensation aligned with successful accomplishment of individual and corporate goals. The salary mentioned above is based on working in San Jose, CA. Salaries are based on the geographic location in which you live if working remotely.

Additionally, Tech CU provides health care benefits, life and disability insurance, 12 paid holidays and 401k with a company match; along with employee paid voluntary benefits. 7.08 Paid Time Off (PTO) hours accrue per bi-weekly paycheck (23 days per year) and will increase with length of service. Eight hours of Voluntary Time Off (VTO) are granted to full time employees annually to dedicate time to charitable organizations. Leaves of absences are available in adherence with state and federal regulations.