Direct Federal Credit Union

Cybersecurity Engineer

Direct Federal Credit Union$80K — $110K *
Winston Salem, NC 27107In-Person
Finance & Insurance
Less than 5 years of experience
1 month ago
Job Overview by Ladders

Qualifications

  • Bachelor's degree in relevant field like Information Systems or Computer Science.
  • 3-5 years of experience in information security, SOC operations, or incident response.
  • Hands-on knowledge of incident response practices including triage and recovery.
  • Familiarity with regulatory requirements in financial services such as GLBA, PCI DSS.
  • Experience with security monitoring tools and alert tuning.

Responsibilities

  • Monitor security tools and triage alerts to assess risk.
  • Investigate suspicious activities and document findings in tickets.
  • Execute containment and recovery actions in collaboration with IT teams.
  • Collect incident evidence and support forensic investigations.
  • Develop and improve incident response playbooks and conduct post-incident reviews.
  • Tune detections and recommend improvements to alert logic.
  • Support vulnerability response by coordinating remediation for critical findings.

Benefits

  • Opportunity to work with cutting-edge security technologies.
  • Chance to develop and refine incident response skills with real-world scenarios.
  • Engagement in continuous learning to stay ahead in the cybersecurity field.
  • Collaborative environment with inter-departmental and external partnerships.
Full Job Description
Role Accountability

In this role, you will support the Credit Union's cybersecurity operations with a primary focus on incident response by monitoring for threats, triaging alerts, investigating suspicious activity, coordinating containment and remediation, and partnering with internal teams and our managed detection and response (MDR) provider to reduce risk and improve resilience.

Specific Accountabilities
  • Monitor security tooling (e.g., SIEM, EDR, email/web security, firewall/VPN logs) and triage alerts to determine scope, severity, and required response actions.
  • Investigate suspicious activity by analyzing logs and telemetry, correlating events across systems, and documenting findings in tickets and incident records.
  • Execute incident response actions (containment, eradication, and recovery) in partnership with IT and application teams, including isolating hosts, blocking indicators, and supporting remediation.
  • Collect and preserve incident evidence (logs, timelines, indicators) and support forensic activities as needed while maintaining chain-of-custody expectations.
  • Develop, maintain, and improve incident response playbooks and procedures; participate in tabletop exercises and post-incident reviews to drive corrective actions.
  • Tune detections and reduce false positives by partnering with tool owners; recommend improvements to alert logic, correlation rules, and response automation.
  • Support vulnerability response by validating exposure, tracking remediation, and coordinating patching or mitigating controls for critical findings.
  • Coordinate with internal teams and external partners (including our managed detection and response (MDR) provider, technology vendors, and law enforcement as directed) during investigations and response activities.
  • Implement and validate security changes that support incident response outcomes (e.g., blocks, access adjustments, segmentation changes) and follow through on hardening items identified during investigations.
  • Participate in an incident response on-call rotation (as required), provide timely escalation and status updates to stakeholders, and support incident communications aligned to severity and business impact.
  • Leverage frameworks such as MITRE ATT&CK and perform light threat hunting (hypothesis-driven investigations) to proactively identify malicious activity and validate control effectiveness.
  • Stay current on the threat landscape, attacker techniques, and incident response best practices; recommend process and control improvements based on lessons learned.


Requirements

Knowledge, Skills and Abilities

  • Strong problem solving and analytical skills; must possess the ability to make quick decisions and use good judgment during incident response.
  • Strong verbal and written communication skills; can clearly and confidently communicate information security concepts to all areas of the business.
  • Highly adaptable to a constantly changing business and technology environment.
  • Familiarity with regulatory and legal security standards and requirements relevant to financial services/credit unions such as GLBA, NCUA, FFIEC guidance, PCI DSS, and Sarbanes-Oxley (as applicable).
  • Hands-on knowledge of incident response practices (triage, investigation, containment/eradication, recovery) and the ability to follow and improve playbooks and procedures.
  • Ability to analyze security telemetry (Windows/Linux logs, firewall/VPN logs, DNS, proxy, authentication logs) to identify indicators of compromise and suspicious behavior.
  • Experience with security monitoring and detection tools (e.g., SIEM queries/dashboards, endpoint detection and response) and familiarity with alert tuning and correlation concepts.
  • Knowledge of Identity and Access Management concepts (MFA, privileged access management) and common investigation points for authentication-related incidents.
  • Familiarity with data protection controls (e.g., DLP) and how to investigate and respond to potential data exposure events.
  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk) and how incidents impact business risk.
  • Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of specific operational impacts of cybersecurity lapses.
  • Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Knowledge of network traffic analysis concepts (tools, methodologies, processes), including basic packet capture/analysis and web filtering technologies.
  • Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.
  • Working knowledge of networking fundamentals used in investigations (TCP/IP, DNS, HTTP/S, routing, VPN concepts) and common attacker techniques in enterprise environments.

Education and Experience
  • Bachelor's degree in Information Systems, Information Technology, Management Information Systems, Computer Science, Computer Engineering, or related field.
  • 3-5 years of experience in information security, SOC operations, or incident response, including hands-on investigation and response to security events.
  • Professional certifications preferred: Security+, CySA+, GCIH/GCIA (or similar), or CISSP/CCSP (a plus).

About Direct Federal Credit Union

Direct Federal Credit Union is a federally chartered credit union based in Needham, Massachusetts. It was founded in 1953 and has grown to serve over 25,000 members. The credit union offers a range of financial products and services, including checking and savings accounts, loans, mortgages, and credit cards. Direct Federal Credit Union is committed to providing its members with personalized service and competitive rates. The credit union is also actively involved in the local community, supporting a variety of charitable organizations and initiatives.
Learn more about Direct Federal Credit Union
Size
120 employees
Industry
Finance & Insurance
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at Direct Federal Credit Union

More Finance & Insurance Jobs

Find similar Cybersecurity Engineer jobs:

NationwideWinston Salem, NC