Senior Information Security Analyst

Connexus Credit Union - Who We Are: Serving members across all 50 states, Connexus Credit Union is a member-focused cooperative that is proud to return profits to member-owners through high yields for checking accounts and deposit products, as well as competitive rates on our loans. We are a remote first employer with the majority of our employees residing in the upper Midwest. As an employer we foster collaboration and high performance to achieve excellence. We holistically care for and develop our employees to thrive personally and professionally. We are proud to share our success with our employees and those we serve. Connexus offers an Amazing Benefits package: 25 days of paid time off and 8 paid holidays

16 hours of paid Volunteer Time Off

401K Retirement with up to 6% employer match

Excellent Health, Dental, Vision insurance, including multiple plan options

Health Savings Account with generous employer contributions

Employer paid Life insurance, Short-Term and Long-Term Disability

Tuition Reimbursement from $4,000 - $7,000 per calendar year

Robust Learning and Development program that includes an annual professional development stipend

Responsibilities: Security Operations & Administration Investigate security alerts escalated by junior analysts/SOC/MDR

Serve as third escalation point for 3rd party SOC/MDR provider and level 1 analysts

Perform investigative forensics to collect and retain evidence(s) related to security incidents

Perform quality assurance on security alerts worked by security analysts to ensure proper evidences are collected, documented, and processed

Identify and assist security engineering with tuning to improve detection engineering capabilities and reduce security alert false positive rate(s)

Oversee development and maintenance of security incident response runbooks/playbooks based on historical security incident investigations and latest best practices for various threat type(s)

Perform vulnerability remediation activities in partnership with IT operations team(s)

Perform metrics and report generation based on security threats and other activities as needed

Lead the investigation and remediation of potential threats as part of Cyber Incident Response Team (CIRT)

Provide threat and vulnerability analysis as well as security advisory services for various systems/applications

Support the technology risk assessment process and control design in partnership with GRC team

Lead Cybersecurity vulnerability remediation efforts for network devices and systems

Interpret, monitor, and assess security systems and related projects for potential risks, violations, and adherence to the Information Security Program Standards

Ensure that alerts across all IT and/or security systems are configured in accordance to information security policy and processes

Perform threat and vulnerability assessments, in some cases followed by appropriate remedial action, to ensure that systems are protected from known and potential threats and are free from known vulnerabilities

Act as the front line of defense protecting Connexus members, employees, assets, and brand from threat actors

Assist with the development, support, and monitoring the controls to protect data from accidental or unauthorized modification, destruction, or disclosure

Assist with the development, support and monitoring of the server, desktop, laptop and mobile device security controls

Perform system security administration on various platforms, including operating systems, applications, and network security devices, in accordance with the defined policies, standards and procedures of the organization, as well as with industry best practices and vendor guidelines

Assist in the design, implementation, management, and documentation of security technologies deployed by Connexus: Anti-Malware, XDR, SIEM, Firewalls, IDS, IPS, Web filtering, and other security-related solutions

Create and maintain the internal documentation library, ensuring that procedures and other documentation is regularly updated to reflect the latest operational processes and requirements

Assist enterprise customers in adoption of security tools and procedures

Monitor, detect, and respond to security events and incidents that affect the organization

Investigate detected events when the Managed Security Service Provider (MSSP) or when a Connexus Security Analyst escalates an incident

Participate on the Connexus incident response team and assist in the development and facilitation of the Security Incident Response Plan in response to potential security incidents

Design, implement, and report on security systems and end user activity audits

Measure the efficacy of alerts and alert processes to filter out the noise and improve operational response

Security Governance, Risk & Compliance Assist and support federal exam/3rd party audit efforts by gathering and compiling requested evidence(s)

Assist and support audit/exam finding remediation activities and adhere to committed timelines for resolution in partnership with GRC and internal audit team(s)

Assist and support rollout of technical hardening controls (CIS benchmarks, golden image mgmt., secure environment configurations, etc.) driven by internal policy and compliance initiatives

Report on technical control gaps across applications/systems and assist in driving remediation efforts via IT Exceptions process

Support the technology risk assessment process with the goal of ensuring alignment with the organizations risk tolerance and risk profile

Assist in developing and delivering security awareness training, development of information security documentation and the maintenance and testing of disaster resiliency strategies and procedures.

Support activities to assess adherence to the information security policies and procedures

Support security-based risk assessments of business and technology sponsored projects and initiatives, including engagements with third parties

Assists with general information system control reviews, risk, and vulnerability assessments to identify weaknesses and assess the effectiveness of existing controls, recommends remedial action as needed

Advise and support the VP, Information Security with defining specific information security controls and policies

Ensure infrastructure, applications and data security/privacy controls are maintained in compliance with regulatory policies

Security Architecture & Engineering Assist and support system design and implementation for security programs and tooling

Assist and support workflow, process, and procedural development and maintenance efforts relating to security tooling and initiatives

Provide Information Security guidance through all phases of a project when identified as a necessary resource to design/build/run, improve or maintain software, systems and processes

Conduct periodic reviews of deployed security technologies to ensure that the solutions continue to provide the intended protections efficiently and effectively

Develop automation to drive operational efficiency across SecOps tooling

Other Responsibilities Provide mentorship and coaching to L1/2 security analysts

Perform continuing education as needed on latest security threats, best practices, and emerging technologies

Staying current with industry trends, identifying and researching new technologies

Work on projects that may be assigned on an ad hoc basis and may assist other corporate initiatives as necessary

Assist business continuity and disaster recovery testing efforts across the business. Identify and report opportunities for process improvements and solicit recommendations

Position Requirements: This position is Remote.

Bachelor's degree or commensurate experience is Required

One or more of the following security certifications is required: GSEC, GCLD, CISSP, CISA, GCIH, Security+ is Required

5+ years of Security Engineer/Security Analyst experience is Required

Experience with securing Linux operating systems is Required

Understanding of industry compliance standards and regulations (ISO, NIST, PCI DSS, SOC II Type 2, CIS, GLBA, CCPA, etc.) is Required

Must be available to work on on-call rotation, approximately one week a month is Required

Connexus Credit Union's Employer Recognitions: 2024 Best in Class Employer, Gallagher

2025 Best Place to Work in IT, Computer World

Equal Opportunity Employer/Disabled/Veterans/41 CFR 60-1.4, 41 CFR 60-1.35