Information Security Engineer

Date posted:

Department:

Information Technology

Location:

Long Island City (HQ) - Queens, NY

Description:

This position is responsible for assisting the AVP, Enterprise Security with the research, development, implementation and maintenance of systems, solutions, and technologies that ensure the confidentiality, integrity and availability of the organization’s systems as well as member, employee and corporate data / information.

An Information Security Engineer has broad expertise in information security concepts, practices and procedures, and expertly performs a variety of complex applications and infrastructure-security related tasks with minimal guidance. Engineers at this level typically work on complex organization-wide, high impact computer programs, systems and/ or projects, deployed with the objective to mitigate risks to the organization.

Accountabilities:

Maintains an understanding of all the systems, solutions, and technologies administered and implemented by the Credit Union for the purpose of Information Security. The systems and technologies include but not limited to Firewalls, Web Application Firewall, Anti-Malware/ Virus, DDoS, Remote Access, IPS, SIEM, DLP, Encryption, Vulnerability Scanning, Content Filtering, etc.

Performs analysis of system logs to identify unauthorized use or access.

Provides in-depth support for information security incidents including internal violations, hacker attacks, malware/ virus, and system outages.

Ability to perform organization wide security risk assessment, including applications used.

Prepares and periodically updates information security policies, architectures, standards, and/or other technical requirement documents.

Develops detailed proposals and plans for new information security systems that would enhance or enable new capabilities for network or host systems.

Recommends and evaluates security tools to identify more efficient and effective security measures.

Addresses and handles higher functions and sensitive administrations, escalated beyond the Information Security Administrators’ scope.

Serves as a resource to the organization in the realm of security and data for any and all projects and advice needed in the advancement of ensuring the security, integrity and availability of the organization’s member, staff and corporate information.

Remains current and proactive with technologies and trends pertaining to the Information Security field.

Interfaces with Information Technology (IT) staff and end-users regarding the development of security specifications. Consistently seeks to identify and implement solutions, which result in increased security and security awareness for the entire organization.

Research, analyze, maintain, document, recommend, and implement specific software and security applications and solutions. Modify processes and procedures to protect against and resolve network and end-user security problems to preserve a high level of security.

Implements and maintains all components of information security requirements for UNFCU Disaster Recovery and Business Continuity plan.

Advises and assists departmental users in defining security issues, requirements and solutions for new and existing products and applications.

Interacts with auditors, examiners, and other regulatory agencies.

Communicates and reports issues, status, and results to management.

Performs such other tasks as may be assigned by the AVP, Enterprise Security, SVP - Finance or the President and CEO.

Qualifications:

An incumbent in this position must be familiar with standard concepts, practices, and procedures within the Information Security field as well as the skills and abilities to fulfill the accountabilities described in this document. A typical pathway to obtaining the requisite knowledge and skills is graduation from a four-year college or university with a degree in Information Technology, Computer Science / Engineering, Computer Management Information Systems, or related Information Security field. A minimum of five years of experience with implementation of computer systems and about three years in the information security field is a requirement. This position requires a strong understanding of applicable business systems, industry trends and an understanding of a layered security approach. The position requires the ability to troubleshoot and prioritize work with minimal assistance. This position also requires experience with stateful inspection firewalls establishing site to site and client to site VPN’s, anti-virus, URL filtering, network security monitoring, IDS/IDP, NAC, Information Security compliance and regulatory requirements. Must possess leadership ability and have proven history of directing others and acting as project manager.

A graduate degree in the relevant subject is highly preferred.
At least one of the following technical certifications is required: CISSP, GIAC, Firewall Certification, CEH, or equivalent recognized industry certifications. CCSA or CCSE certifications highly desired.