Be an early applicantLess than 25 applicants

Company

Golden 1 Credit Union · 1 day ago

IT - Info Sec Analysis and Investigation - Senior Information Security Analyst

Sacramento, CA

Full-time

Remote

Senior Level

$107K/yr - $120K/yr

5+ years exp

Maximize your interview chances

BankingFinance

Insider Connection @Golden 1 Credit Union

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Lead ongoing vulnerability management activities and identification of potential threats. Coordinate and direct technology staff in the identification and remediation of system vulnerabilities across the computing environment. Escalate any immediate and severe issues accordingly to the attention of the Manager – Information Security and appropriate reporting to senior leadership.

Maintain, improve, and develop vendor supported and customized organizational processes supporting information security monitoring of asset, patch, network, vulnerability, change and configuration management.

Prepares for and participates in threat hunting and security incident response activities. This includes working with Golden 1 IT and Information support teams to develop response readiness.

Provide consultative support for technical and non-technical Golden 1 projects and initiatives requiring Information Security oversight to ensure policies, procedures and standards are met

Define and evaluate functional requirements and specifications of security systems for both internal and external business environments.

Partners with IT Development and Support teams to ensure appropriate procedures and processes are in place to provide optimal security monitoring of on-premises and cloud system environments as well as in establishing and managing a functional anti-virus/malware/DLP policy.

Monitor, measure, test and report on the effectiveness and efficiency of information security controls as well as compliance with information security policies and procedure.

Recommend new security solutions as well as effective improvements to existing security controls that do not negatively impact business innovation.

Train colleagues on new Tactics, Techniques, and Procedures (TTP) of cyber-attacks and mentor junior teammates.

Keep management updated on outstanding issues that are not resolved in a timely manner in accordance with established escalation procedures.

Work with internal and external auditors during examinations providing support and assistance in addressing audit recommendations.

Maintains a thorough understanding of state and federal laws and regulations related to credit union compliance including bank secrecy and anti-money laundering laws appropriate to the position.

Performs other job-related duties as necessary.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Information SecurityVulnerability ManagementIncident ResponseSIEMNIST Cybersecurity FrameworkMalware AnalysisOperating SystemsCyber Threat IntelligenceCloud SecurityCertifications CEHCertifications Security+Certifications etc.Network SecurityRisk AssessmentChange ManagementConfiguration Management

Required

Bachelor of Science in Computer Science, Management Information Systems, Information Security Information Assurance, or equivalent industry experience.

Minimum of 5 years or more hands on experience in the management, configuration, administration, installation, and evaluation of network or operating systems software (Microsoft, Linux desired), hardware and applications.

At least 3 years’ experience in organizational information security, information assurance or providing security consulting services.

Demonstrates strong ability to investigate, handle and track incidents, analyze incident logs, assess malware, and understand vulnerabilities and exploits, along with strong operating systems knowledge.

Working knowledge in SIEM, intrusion detection and prevention systems (IDS/IPS), threat intelligence platforms and security orchestration, automation, and response (SOAR) solutions to centralize and manage incident and remediation workflow.

Applicable knowledge of adversary tactics, techniques, and procedures (TTPs), MITRE ATT&ACK framework, CVSS, open-source intelligence (OSINT) and deception techniques.

Applicable knowledge of the NIST Cybersecurity Framework (CSF).

Demonstrates working knowledge of information security principles, risk assessment methodologies, security system standards including but not limited to network topology threats, vulnerabilities, filtering, tunneling, authenticating, access control, cryptography, system, and network hardening.

Demonstrates working knowledge of business, network systems, hardware concepts, and applications including DNS, authentication, virtualization, Database design/hardening, E-mail/secure messaging, Data Loss Prevention, and end point protection.

Strong sense of ethics, integrity, trustworthiness, and high level of professionalism.

Demonstrates the ability to articulate methodologies and concepts; communicate effectively in providing technical guidance and expertise to management and other staff.

Possession of a valid California Driver’s License is required.