Information Security Engineer II

OnPoint Community Credit Union

$85K — $115K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 3+ years of information security experience or 6+ years in information systems, preferably in financial services
  • Able to obtain a relevant security certification within six months (e.g., CEH, OSCP, PenTest+, SC-200)
  • Bachelor's degree in a related field or equivalent experience
  • Advanced computer skills with practical knowledge of computing systems and software
  • Demonstrates conduct aligned with corporate values

Responsibilities

  • Establish risk management principles for tracking and compliance
  • Act as a security engineering advisor for tech initiatives
  • Ensure end-to-end security with various monitoring tools
  • Conduct risk-analysis simulations and communicate findings
  • Support a near-zero risk enterprise with telemetry data
  • Engineer efficient security solutions with minimal tech footprint
  • Audit identity/access management to maintain a zero-trust framework

Benefits

  • Access to professional development and training resources
  • Opportunity to work with cutting-edge security technology
  • Collaborative environment focused on innovative security solutions
  • Engagement with reputable security organizations and communities
  • Supportive company culture aligned with corporate values
Full Job Description
SUMMARY:

Implements and monitors information security programs and controls. Ensures protection of technology and the business against unauthorized access, disclosure, modification and deletion of information. Completes a variety of audit, reporting, information program, policy, procedure, technology and incident mitigation tasks.

ESSENTIAL DUTIES AND RESPONSIBILITIES:
    • Establishes and applies risk management principles for consistent tracking and measurement in compliance with industry standards.
    • Performs as a security engineering technical advisor for all technology initiatives to ensure program conformance.
    • Ensures end-to-end system and data security through the use of perimeter threat event reporting, data loss prevention and anti-spam/anti-virus and phishing simulation solutions.
    • Performs risk-analysis for threat events through simulations and communicates findings and training requirements to management and business (e.g. phishing simulations).
    • Supports a near-zero risk enterprise using telemetry from security incident and event management and other solutions.
    • Tests solutions effectively utilizing industry standard analysis methods. Delivers technical reports and other documentation concerning test results.
    • Engineers security solutions efficiently with a minimal technology footprint where possible. Manages vendor solutions and partnerships with discretion to ensure business and data privacy.
    • Audits and reports on identity and access management to ensure a zero-trust framework for production and development business application systems.
    • Maintains awareness of evolving threats through membership with ISO, RSA, SANS, ISSA, etc. and information security solution vendor partners.
    • Collaborates with other IT and business teams on security program initiatives and resolves security related issues.
    • Monitors intrusion prevention system technologies and performs vulnerability scans. Escalates incidents when applicable and tracks completion of full event lifecycles.
    • Supports efforts and processes focused on investigations and misuse of company data. Captures evidence that is admissible in a court of law for unauthorized activities.
    • Uses approved AI tools responsibly to improve productivity and support job-related duties, while maintaining data privacy, security, and compliance with applicable policies.
    • Harnesses approved AI capabilities to strengthen the organization's security posture (e.g., improving threat detection, triage, and response), while ensuring data privacy, security, and compliance with applicable policies.

QUALIFICATIONS (Education, Experience, Knowledge, Skills & Ability):
    • Must have at least 3 years information security experience or 6 years information systems experience preferably in the financial services industry.
    • Must have or be able to obtain within six months of hire one of the following/equivalent certifications:
      • Certified Ethical Hacker (CEH)
      • Offensive Security Certified Professional (OSCP)
      • CompTIA PenTest+
      • SC-200 Microsoft Security Operations Analyst
    • Bachelor's degree in related field or equivalent experience is required.
    • Must have advanced computer skills and practical knowledge of computing systems and software including support desk solution(s).
    • Must also demonstrate conduct consistently with our Corporate Values:

PHYSICAL DEMANDS - The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

While performing the duties of this job, the employee is frequently required to stand; sit and talk or hear. The employee is occasionally required to walk; use hands to finger, handle, or feel; reach with hands and arms; climb or balance; stoop, kneel, crouch, or crawl and taste or smell. The employee must occasionally lift and/or move up to 50 pounds. Specific vision abilities required by this job include color vision to identify colored labels, cables, and indicator lights.

Use of computer workstations at desk height and use of server consoles while standing. Installation, removal or termination of cabling, in communications closets and office settings. Occasional use of ladder to reach cables or hardware in ceilings or near top of computer hardware racks. Installation or removal of computer hardware into server racks.

WORK ENVIRONMENT - The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.

The noise level in the work environment is usually moderate.

This job description is not designated to cover or contain a comprehensive listing of responsibilities, duties or activities that are required of the employee for this job. Responsibilities, duties and activities may change at any time with or without notice. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Similar Jobs

More Jobs at OnPoint Community Credit Union

More Information Technology Jobs

Find similar Information Security Engineer II jobs: