Cyber Security Engineer

University Credit Union is growing and we have an exciting opportunity for an awesome Cyber Security Engineer to join our fabulous technology team.  You’ll be responsible for managing the company’s Information Security and Cybersecurity Program, including the implementation of Logical Access Controls (Management, Authentication, Authorization and Protection), as well as the monitoring, administration and development of, and incident response for, IT Security and risk based monitoring systems including, but not limited to, online banking anomaly detection, ISD/IPS, Security Information & Event Management, vulnerability management, environmental monitoring and user activity. Responsible to advise and assist in the development, deployment, and maintenance of corporate information security strategy. In the event of an IT security incident or breach, responsible for participating as a member the IT Security Incident Response Team.

This role needs someone who has a clear strategic perspective, yet who is willing and able to roll up their sleeves and deliver on the day-to-day cyber security needs. 

Location:

We are passionate about attracting great talent to our team, so this position can be Remote, or based in our fabulous Los Angeles offices on S. Sepulveda Blvd, or a hybrid arrangement.

About University Credit Union:

University Credit Union (UCU) is a purpose-driven financial cooperative dedicated to providing everyone in the university community a financial advantage.

UCU was founded in 1951, on-campus, by a group of UCLA employees.  Over 70 years later, we continue to exclusively serve the university community and have expanded our reach beyond UCLA.  We continue to align ourselves with universities and have expanded our reach to numerous universities across California, the West Coast Conference, and the Big West Conference.

UCU’s focus has been diversifying and building a foundation for future growth.  By partnering with the university community, we can provide products and services tailored to their unique needs.  To best serve our member-owners, UCU delivers on our purpose, to give every member in the university community a financial advantage, by following our three key differentiators:

• We were founded by the University Community for the University Community
• We provide conflict-free unbiased financial advice from certified professional coaches
• We guarantee our rates on auto loans, credit cards, consumer loans, and HELOCs are ALL within the top 1% lowest nationwide of all federally insured financial institutions.

Key Duties and Responsibilities

• Manage and administer the Security Information and Event Management (SIEM) system, ensuring it is always operating with current and complete configuration information, is collecting and analyzing security data, and is generating regular reports and security alerts. Take prompt action on alerts so that anomalies and abnormal behavior can be investigated.
• Manage and administer the Vulnerability Management system to ensure the discovery, management, and remediation of vulnerable assets in the enterprise. Communicate vulnerability findings with the owners of assets or applications for remediation and provide guidance on criticality and remediation efforts. Assist with implementation of approved remediation steps on applicable systems.
• Lead and assist with the proper operation, maintenance, and management of Endpoint Protection systems (anti-virus, malware, threat detection, firewalls, etc.).
• Be a thought leader and assist with monitoring and enforcement of system hardening efforts.
• Ensure effective UCU employee security awareness training programs and educational efforts are in place and regularly completed.
• Ensure monitoring processes are in place for system administrators and end-users.
• Ensure a consistent and rigorous user access governance process is followed for the addition, modification or disposition of system access for employees, consultants or third-party providers to the bank’s network, operating systems and databases.
• Manage and ensure adherence to policy for the procedures applied to authenticate users (e.g. passwords, tokens, smart cards, certificates), including evaluation of system capabilities, such as read vs. read/write access, compliance with a role-based-least-privilege standard, regular review and evaluation of system access rights to ensure proper functional segregation of duties are observed, and ensure effective use of encryption during input, transmittal and storage of sensitive data.
• Manage and monitor the use of Computing Assets by employees and other stakeholders, including appropriate use of electronic mail, Internet and information assets. Working with the Network Administrator to monitor and continuously strengthen Network and Communication Security, with particular emphasis on hardware and system software defenses (e.g. Firewall implementation, configuration and monitoring, intrusion detection and incident response, data loss prevention controls) for the detection, reporting and mitigation of unauthorized attempts to access internal systems and resources.
• Monitor and maintain Server and Desktop Computer Security, including policies and procedures on client-server environments.
• Review alert logic and virus reports on a daily basis. Perform daily monitoring for the occurrence of security incidents, as well as follow up to confirm remediation of issues. Where applicable, perform operating system, network and application vulnerability assessments to identify and prioritize security exposures in the environment.
• Responsible for the ongoing monitoring of security controls to protect information systems and assets (e.g. infrastructure, network, applications, hardware).
• Liaise with IT and third-party service providers to gain an understanding and maintain documentation of infrastructure and systems security controls, including; routers and switches, network structure and configurations, web server configuration, application configurations, database location and configurations, firewall configurations, router/switch configurations, monitoring and alerting reporting systems, server hardening/securing, clean desk policies, document destruction programs, among others.
• Prepare reports, special assessments and dashboards to report the effectiveness of the security controls and facilitate Management oversight.
• Assist with the preparation of presentation materials for Management and the Board.
• Interact with internal and external auditors, consultants, regulatory examiners and other stakeholders, as needed.
• Responsible for application risk assessments, planning/scheduling and timely completion of user entitlement reviews for critical systems and applications.
• Comply with all company policies and procedures, applicable laws and regulations, including but not limited to, the Bank Secrecy Act, the Patriot Act, and the Office of Foreign Assets Control.

Knowledge and Skills:

Education/Certifications/Licenses/ Experience

• Undergraduate degree in a relevant technical field.
• Minimum 4 years’ relevant experience with direct responsibility for cyber security.
• Minimum 1 year in a position of leadership.
• Evidence of continuous learning specific to cyber security and evolving risks.
• Knowledge & understanding of a breadth of information technologies and information security topics.
• Demonstrated understanding of networking protocols, firewall functionality, host and network intrusion detection systems, and vulnerability assessments.
• Demonstrated ability in the development of solutions and/or mitigations related to security vulnerabilities.
• Experience in application security, penetration testing and user access monitoring required.
• Financial sector experience is a plus.

Interpersonal Skills

Requires strong communication and interpersonal skills to effectively work with executives, leaders, frontline team members, vendors, and others. 

Ability to stay focused, prioritize workloads, and remain organized and calm when handling conflicting demands on time.

Other Skills

Strong attention to detail, natural curiosity, and a solid ‘can do’ approach to resolving complex issues.

Team UCU Benefits:

Investing in people is one of UCU’s strategic priorities and we invest in Team UCU by offering a variety of excellent benefits, in addition to being a great team to work with:

• Competitive compensation
• Work from anywhere options for select positions
• A full 401(k) match up to 6% plus a potential additional annual profit share of up to 4%
• Quarterly Gain Share awards, subject to meeting certain organization goals, with a payout of up to 10% of earnings
• Employee loan discounts
• Generous paid vacation, plus accrual of paid sick time, and additional discretionary floating and cultural holidays
• 12 paid Holidays
• Personal growth development plans tailored to each member of Team UCU

• Choice of medical, dental, and vision plans, including some options that are 100% paid by the Credit Union.
• Complementary Basic Life and Accidental Death and Dismemberment Insurance
• Complementary long-term disability insurance and Employee Assistance Program

UCU’s commitment to diversity, equity, and inclusion:

Diversity, equity, and inclusion play a key part in our dedication to give everyone in the university community a financial advantage. From students, staff, faculty, and alumni, our member-owners are individual in their needs. UCU is committed to ensuring our team brings a variety of skills, ideas, cultural backgrounds, and experience to UCU to align with them. We are dedicated to building trust and understanding with each of our member-owners. We accomplish this by building a community that embraces diverse ideas, backgrounds, and perspectives; this is mirrored in our work and represented in Team UCU.

University Credit Union is committed to creating a diverse environment and is proud to be an equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, or status as a qualified individual with disability.

ADA Requirements:

Physical Requirements

If based remotely, may be required to travel to the UCU HQ in Los Angeles as required by the needs of the business, so must be able to travel and move within buildings to perform primarily sedentary work with limited physical exertion and occasional lifting of up to 10 lbs. Must be capable of climbing / descending stairs in an emergency situation.  Must be able to operate routine office equipment including a computer, telephone, copier, and calculator. Must be able to routinely perform work on a computer for extended periods daily. Must be able to work extended hours whenever required or requested by management. Must be capable of regular, reliable and timely attendance that aligns with the pacific time zone.

Working Conditions

If working onsite, must be able to routinely perform work indoors in climate-controlled shared work area with minimal noise.  If working remotely from a home office, must be able to work in a separate, quiet area, for extended periods on a computer.

Mental and/or Emotional Requirements

Must be able to perform job functions independently or with limited supervision and work effectively either on own or as part of a team. Must be able to read and carry out various written instructions and follow oral instructions. Must be able to speak clearly and deliver information in a logical and understandable sequence. Must be capable of dealing calmly and professionally with numerous different personalities from diverse cultures at various levels within and outside of the organization and demonstrate highest levels of customer service and discretion when dealing with the public. Must be able to perform responsibilities with composure under the stress of deadlines / requirements for extreme accuracy and quality and/or fast pace. Must be able to effectively handle multiple, simultaneous, and changing priorities. Must be capable of exercising highest level of discretion on both internal and external confidential matters.

This Job Description provides a general summary of the position available and is not intended to be exhaustive. It does not form and should not be construed as forming, a part of any contractual or non-contractual terms & conditions of employment.