It's an exciting time to be at Hanscom Federal Credit Union! As a member of our Information Security Department, you will join a dynamic team of purpose-driven individuals committed to delivering exceptional service to our members. Who we are - Hanscom Federal Credit Union
- Members-first - our members are our top priority. We make business decisions with our members at the top of mind.
- Integrity - we're honest and committed to doing what's best for our members and our company. What is right isn't the same as what is easy.
- Teamwork - we are in this together and we all benefit from our success.
- Innovation - we identify new ideas for processes or products that will lead to positive changes and take the initiative to implement the changes
- Empathy - we understand that communication starts by listening, understanding diverse perspectives, and caring about others' sustained success.
What we offer
- A full-time, permanent position that will reward you through an annual bonus program.
- Medical, Dental, Vision, FSA, 401(k), Student Loan Paydown, and paid Sick and Vacation time benefits.
- A flexible hybrid work schedule environment.
- We are committed to fostering career growth and development - when you join our organization it's not just a job.
- We look to develop your skills aligned to our business needs and help you progress in your career.
Who you are - Information Security Analyst 2 You are a dynamic, detail oriented, intuitive person with the ability to develop relationships, build rapport and become a trusted team member.You are able to provide every employee or member you assist or support with a high level of service, have strong organization and multi-tasking skills, and are searching for a rewarding career where you are valued and respected. What you'll do
- Responsible for monitoring the organization Security Information and Event Management (SIEM) and network systems to address security alerts in a timely manner to mitigate cybersecurity threats
- Responsible for the assessment and mitigation of security risks that impact information assets and recommend the appropriate security controls and measures to prevent security breaches.
- Responsible for monitoring the enterprise data loss prevention (DLP) system to ensure compliance with implemented policies to address data leakage and safeguard against unauthorized disclosure.
- Interface with business leaders on security initiatives and collaborate with IT and development on business projects to assess security requirements and ensures that controls are implemented according to security policies.
- Monitor and evaluate security configurations and baselines of infrastructure assets to maintain industry best practices and compliance of security operations and vulnerability management.
- Evaluate users access requirements for the organization applications and external access to ensure the protection of unauthorized access to infrastructure assets.
- Participates in security audits and investigations as required by regulators and external auditors to ensure necessary controls and processes are implemented to uphold the Confidentiality, Integrity and Availability of the organization business obligation.
- Develop security risk assessment, documentation and reporting processes that aligned with NIST CSF and CIS Benchmark to analyze the effectiveness of the controls implemented.
- Performs other tasks or functions as required, requested, necessary or prudent from time to time.
Knowledge/Skills/Experience Required:
- 5-8 years of IT security, IT compliance or IT risk management or the equivalent combination of education and experience
- Experience in information security and systems monitoring, familiarity working with IT Security software, hardware, DLP and Incident Response
- Specific working knowledge and experience in the following work environments preferred:
- SIEM
- Data Loss Prevention
- Microsoft Defender
- Microsoft Purview
- Vulnerability Scanning and Patch Management
- Virus & Malware Protection
- Advance threat protection
- Network Fundamentals
- Firewall Rule Assessment
- NIST CSF and CIS Framework
- Strong analytical, communication and documentation skills
- Highly organized and the ability to work independently.
- Ability to work on multiple projects and perform well under deadlines.
- Enthusiastic, flexible, willing to work in a team environment.
Education/Certifications/Licenses
- Bachelor's degree or equivalent security work experience
- Professional certifications such as CompTIA Network+ and CompTIA Security+ certifications preferred.
Equipment Used:
PHYSICAL REQUIREMENTS Is able to bend, sit, and stand in order to perform primarily sedentary work with limited physical exertion and occasional lifting of up to 10 lbs. Must be capable of climbing / descending stairs in an emergency situation. Must be able to operate routine office equipment including computer terminals and keyboards, telephones, copiers, facsimiles, and calculators. Must be able to routinely perform work on computer for an average of 6-8 hours per day, when necessary. Must be able to work extended hours or travel off site whenever required or requested by management. Must be capable of regular, reliable and timely attendance. WORKING CONDITIONS Must be able to routinely perform work indoors in climate-controlled shared work area with minimal noise. MENTAL AND/OR EMOTIONAL REQUIREMENTS Must be able to perform job functions independently or with limited supervision and work effectively either on own or as part of a team. Must be able to read and carry out various written instructions and follow oral instructions. Must be able to complete basic mathematical calculations, spell accurately, and understand computer basics. Must be able to speak clearly and deliver information in a logical and understandable sequence. Must be capable of dealing calmly and professionally with numerous different personalities from diverse cultures at various levels within and outside of the organization and demonstrate highest levels of customer service and discretion when dealing with the public. Must be able to perform responsibilities with composure under the stress of deadlines / requirements for extreme accuracy and quality and/or fast pace. Must be able to effectively handle multiple, simultaneous, and changing priorities. Must be capable of exercising highest level of discretion on both internal and external confidential matters. ** Must be authorized to work in the US ** Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)