Information Security Analyst

Shift Hours: M-W & F 8:30 AM - 5:15 PM TH 8:30 AM - 5:45 PM and On-Call The Information Security Analyst is responsible for working with and providing support to the ISM and IS&T Team in maintaining security best practices and regulatory requirements. Essential Job Duties and Responsibilities • Consistently meet all Shell FCU Service Commitments; Shell FCU Employee Creed and Shell FCU Service Distinctions • Accountable to maintain knowledge of and comply with all applicable rules and regulations required within the scope of duties, including, but not limited to, the Bank Secrecy Act • Required to attend annual training sessions as instructed or scheduled. • Perform job duties and responsibilities in compliance with Shell FCU policies, procedures, philosophy, and standards of performance. • Assist security team in identifying current security and compliance requirements and recommend security solutions or actions. • Assess network threats such as computer viruses and malware, perform vulnerability assessment in support of penetration analysis, operate host and network intrusion/prevention programs, administer access/ monitoring of critical systems, review critical system logs, identify, and document unique local threats/vulnerabilities and recommend remedial action. • Work with ISM/Network Team security standards and practices to install, design, configure and maintain security applications that protect against malware, encrypt information, and ward off hackers and other bad actors. • Maintain the security and health of the network from misuse through neglect, lack of training, or malevolence from internal and external sources. • Monitor programs and processes that keep outsiders from gaining access to Shell FCU private networks and data. • Prepare for and provide rapid response to security threats such as virus, worms, or other malicious attacks. • Assist in the preservation, identification, extraction, and documentation of evidence stored in computers. • Perform log reviews on a predefined basis, to detect anomalous activity. • Perform network vulnerability scans and make recommendations based on findings. Conduct forensic analyses when necessary. • Utilize cybersecurity tools to periodically test the corporate environment and verify end user best practices to maintain strong security practices. • Work with IS&T staff to continually review and maintain security hardening standards within newly deployed systems, codes, updates, upgrades, or patches. • Assist in patch management and firmware updates to maintain optimal levels of security. • Support anomaly detection and trending tools to provide in-depth analysis of events detected by these applications. Included in this position will be the overall maintenance of the environments, configuration upgrades and tuning, incident response escalations, and 1st level NOC support for all alerts detected. • Respond to network security incidents through remediation efforts including implementation of a secure infrastructure, the secure repair of technology components and assist in the development of incident response and recovery processes. • Support IS&T staff on security-related projects including design, configuration, deployment and maintenance of policy enforcement tools, techniques, and reporting. • Participate in business continuity / disaster recovery planning and Change Management / Change Configuration processes and reviews. • Effectively communicate security information gathered from security tools, logs, evolving risks, and reported incidents by employees, to management or security teams. • Perform additional duties, as assigned. Shell Federal Credit Union is an equal opportunity and an affirmative action employer and committed to providing equal opportunity for all employees and applicants for employment, without regard to race, religion, color, sex, sexual orientation, gender identity, national origin, age, citizenship status, marital status, protected veteran status, mental and/or physical disability, pregnancy, or any basis prohibited by State or Federal law. To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Knowledge and Skills Experience: • Three or more years’ strong Windows and Windows Network administration, database systems and network connectivity skills. • Three or more years’ experience performing security related tasks for a medium to large enterprise. Education / Training: • Two-year degree; Cybersecurity degree and/or equivalent related experience or certification. • Two or more years’ systems development, information security, PC support and network/systems administration experience. • Current, Industry standard recognized certification in information security (ex: Security+, CEH certification) • Good knowledge/experience working with following products a plus: • Windows Server Technologies, Cisco Routers/Switches/Firewalls, Websense, Symantec Endpoint Protection, IDS/IPS, Cisco CSA, Windows Active Directory Infrastructure, Linux based systems, Kali Linux, Threat Hunting, Honeypots, Wireshark, NESSUS, Penetration Testing Tools, Dell KACE, working knowledge of Python. Job Requirements: • Knowledge of credit union products and services • Positive, welcoming, and helpful demeanor • Must be able to communicate information technology and security procedures and requirements to users and key Management. • Must possess functional knowledge regarding regulatory issues pertaining to security in a financial institution. • Must have strong analytical and problem-solving skills with the ability to clearly present and communicate technical and management concepts. • Advanced computer skills • Must possess professional verbal communication skills. • Position requires participation in on-call rotations as needed or assigned. • Position will at times require participation in after-hours or weekend work. • Must be prepared to participate in Disaster Recovery, Business Continuity, or Incident Response scenarios. • Ability to multitask in a fast-paced environment. • Ability to handle workloads during emergencies or stressful time sensitive situations. • Ability to work in open-concept workspace/environment. Physical Demands: While performing the duties of this job, the employee is regularly required to bend and stand. May at times be able to lift, carry and/or move up to 15 pounds. Working Conditions Exposure to potential hazardous conditions-robbery. Employees are to receive detailed instructions and procedures to be followed to minimize risk. In accordance with the American with Disabilities Act, it is possible that requirements may be modified to reasonably accommodate disabled individuals. However, no accommodations will be made which may pose serious health or safety risks to the employee or others or which impose undue hardships on the organization. This Job Description is not a complete statement of all duties and responsibilities comprising this position. Job descriptions are not intended and do not create employment contracts. The organization maintains its status as an at-will employer. Employees can be terminated for any reason not prohibited by law. This organization uses E-Verify® in its hiring practices to achieve a lawful workforce.