Apply on Employer Site

Compeer Financial · 2 months ago

Prin Security Analyst

MN-Mankato

Full-time

Hybrid

Senior Level, Lead/Staff

$103K/yr - $156K/yr

Compeer Financial is a member-owned cooperative focused on providing financial services to agriculture and rural communities. The Prin Security Analyst role involves creating and maintaining security programs to enhance the organization's security posture, providing guidance on information protection, and mentoring less experienced team members.

FinanceFinancial ServicesRentalRisk Management

Work & Life Balance

No H1B

Responsibilities

This position creates, implements and maintains corporate-wide security programs that assist in improving overall security posture of the organization

Provides guidance, assurance and information protection to maintain the confidentiality, integrity, and availability of Compeer critical resources

Contributes knowledge and expertise to ensure that information assets are protected and secure

In this position, you will guide solutions to promote secure business-to-business initiatives, third-part relationships, outsourced solutions and vendors

Provides mentorship and guidance to less experienced team members

Remains current with new security threats and assess systems and solutions to ensure they can defend the business

Researches capabilities of current and new disruptive solutions on the market and makes recommendations to security group on a consistent basis

Develops security team standards, policies, procedures and processes

Support and provide direction for use of technical systems, monitors for unusual and suspicious activity across a wide range of products, data centers, and cloud systems

Partners with Business Technology on security configuration standards for systems and business applications

Participates in technical and non-technical projects requiring information security oversight and to ensure policies and procedures are met

Provides cybersecurity guidance to leadership

Ensures that cybersecurity-enabled products or other compensating security control technologies or processes reduce identified risk to an acceptable level

Performs security reviews, identifies gaps in security architecture, and develops a security risk management plan

Implements security measures to resolve vulnerabilities, mitigate risks, and recommend security changes to system or system components as needed

Analyzes and reports system security posture trends

Analyzes cyber defense policies and configurations and evaluates compliance with regulations and organizational directives

Prepares audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions

Leads the Incident Response Team during activations for security or operational events

Coordinates, leads and conducts adversary simulation, hunt teaming, assumed breaches and whitebox penetration tests

Develops and executes attack plans, scripts, tools and methodologies to strengthen the offensive operations

Plans and coordinates the delivery of classroom techniques and formats (e.g., lectures, demonstrations, interactive exercises, and multimedia presentations) for the most effective learning environment

Qualification

CISSP certificationRisk managementCloud computingVulnerability testingSecurity architectureIncident responseSecurity InformationEvent Management (SIEM)Amazon Web Services (AWS)Microsoft AzureAnalytical skillsTraining principlesCommunication skillsMentorship

Required

Bachelor's degree in security management, cybersecurity, computer science, management information systems, or business with technical training in networking, technical support or security or an equivalent combination of education and experience sufficient to perform the essential functions of the job

Expert-level experience in physical asset security, information technology, risk management, security services, or infrastructure technology

Ability to adapt and stay a step ahead of cyber attackers and stay up to date on the latest attack methods

Expert experience driving measurable improvement in monitoring and response capabilities at scale

Expert ability to identify and resolve problems, utilizing strong analytical skills

Advanced experience in cloud computing technologies, including software, infrastructure and platform-as-a-service, as well as public, private and hybrid environments

Expert knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), identity and access management (IDAM) systems, antivirus and firewalls, in addition to endpoint detection and response (EDR), threat intelligence platforms, data loss prevention (DLP), security automation and orchestration, deception technologies, application controls, and other network and system monitoring tools

Experience with purple teaming (red and blue) to train, identify and remediate issues cohesively

Advanced experience with Amazon Web Services (AWS) or Microsoft Azure

Expert experience conducting risk analysis to protect the business and adhere with compliance requirements and privacy laws

Expert experience with vulnerability and penetration testing engagements

Advanced knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)

Expert knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities

Knowledge of multiple cognitive domains and tools and methods applicable for learning in each domain

Knowledge of media production, communication, and dissemination techniques and methods, including alternative ways to inform via written, oral, and visual media

Knowledge of training and education principles and methods for curriculum design, teaching and instruction for individuals and groups, and the measurement of training and education effects