Job Description Summary

Develops, secures, and maintains the security stack of the cloud infrastructure to support Credit Union business needs. Supports operational innovation and provides security direction to elevate the Credit Union’s security posture within a cloud computing infrastructure. Helps ensure applications are secure while supporting business initiatives. Utilizes advanced knowledge and troubleshooting skills to assist with the planning, designing, and implementing of procedures and ongoing maintenance.

Collaborates with security leadership to consistently assess the threat landscape and to adapt quickly to protect the business from risk.

Job Description

Essential Duties and Responsibilities

• Develops, secures, and maintains a resilient enterprise-grade cloud security stack in tandem with cloud network engineers.

• Maintains a consistent, secure environment using configuration management solutions. Conduct rigorous oversight of security systems and security configuration administration to reduce risk to enterprise systems and accounts.

• Manages and maintains cloud Security Incident and Event Management (SIEM) and works closely with our cloud SIEM provider and Managed Security Service Provider (MSSP) to capture logs and security events from cloud infrastructure and applications.

• Administers the Application Programming Interface (API) management tool to ensure APIs are securely implemented and managed and works with Software as a Service (SaaS) security posture management solution.

• Assists with development, maintenance, and utilization of scripts (e.g., Python, Ruby, etc.) to support custom extracts and transform load (ETL) tools, with a security focus for the data flow.

• Leads and conducts analysis of cloud infrastructure to detect security gaps or deficiencies in the cloud environment; recommends and implements solutions for improvements.

• Secures business applications and computing environments across public, private, or hybrid cloud infrastructures. Documents, formulates, and enforces areas of security improvement that balance risk with business operations without impacting efficiencies or innovation.

• Actively monitors, assesses, and recommends tactical and strategic initiatives based on new and emerging threats posing risk to cloud computing environments. Manages remediation efforts after security assessment findings outline weaknesses requiring attention.

• Adheres to the Information Security Program to ensure the confidentiality, integrity, and availability of information assets: ensures proper data classification and compliance.

• Administers security systems to detect and prevent security breaches; monitors network and server intrusion detection systems; conducts vulnerability assessments and identifies areas for improved security management. Maintains accurate records on cyber security threat information, breaches, and discovered security deficiencies. Disseminates complex security information clearly and concisely in a format that both technical and non-technical audiences can easily comprehend.

• Develops, recommends, implements, and manages a variety of cloud security management policies, protocols, systems, and tools; rogue wireless access point detection and Web content filters; network security policies and remote access standards guidelines; ensuring compliance with NCUA regulations. Collaborates regularly with others in the department to correct identified system vulnerabilities to reduce threats to the organization.

• Serves as an expert consultant for all cloud security-related matters. Evaluates problems, identifies root causes; coordinates resources to determine temporary measures and/or permanent solutions, and recommends and/or implements measures to restore full service.

• Installs, configures, tests, and implements system monitoring and management software tools; monitors system alerts, events, changes, and activities that may impact performance or security; researches, troubleshoots, and resolves complex system errors, failures, and other problems.

• Works closely with others in the department to ensure security patches and firmware are up-to-date and proper security measures are in place.

• Acts as a key figure in incident response to track occurrence and resolution, with strict documentation and reporting as well as engagement with security operations and incident response teams.

• Stays apprised of current and proposed security changes impacting regulatory, privacy, and security industry best practice guidance. Applies learned knowledge across key lines of business, including products, practices, and procedures.

• Assists in maintaining strong oversight with cloud computing vendors and solution providers to safeguard against undue risk presented by external entities. Escalates to security management and business unit leads when points of weakness are discovered.

Company Wide Expectations

• Maintains a professional image and demeanor at all times, consistently demonstrating Credit Union RISE Values and adhering to the Code of Ethics.

• Delivers friendly, caring service to internal and external members.

• Complies with all applicable State, Federal, and NCUA rules and regulations and all Credit Union policies and procedures.

• Follows all physical and online security procedures and maintains strict confidentiality of all member information.

• Completes all required regulatory and compliance training and maintains required knowledge of Credit Union products and services.

• Works scheduled hours and maintains punctuality.

• Performs other related duties as assigned or requested.

EDUCATION/EXPERIENCE

To perform this job satisfactorily, an employee must be able to carry out each essential duty competently. The requirements listed below are representative of the education, experience, skills, and abilities required. An equivalent combination of education and experience may be considered.

Education Requirements

• 4 Year / Bachelors Degree - Information Security, Information Assurance, Information Systems, Computer Science, or a closely related field - Required

• Holds or working towards one or more certifications including, CCSP (Certified Cloud Security Professional), AWS Certified Security Specialist, Azure Security Engineer Associate, or similar - Preferred

Experience Requirement

• 5 Years - Responsible experience in a Cloud Security Engineer role or related position with at least exposure to Amazon Web Services (AWS) and Microsoft Azure. Experience in other Cloud Service Providers (CSP) a plus. - Required

• Experience in cloud computing technologies, including software-, infrastructure-, and platform-as-a-service, as well as public, private, and hybrid environments - Required

• Experience in cloud networking architecture and cloud operations, with cloud access security broker (CASB) experience - Required

• Experience in (IDS/IPS), public key infrastructure (PKI), identity and access management (IDAM) systems, antivirus and firewalls, in addition to newer offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration, deception technologies, and application controls - Required

• Extensive knowledge of cloud security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems - Required

SKILLS/ABILITIES

• Self-motivated and directed, well-organized, and able to position controls in anticipation of threats.

• Ability to collaborate with technical and non-technical teams to promote ideas to support business enablement.

• Strong understanding of a wide range of incident response, system configuration, vulnerability management, and hardening guidelines.

• Demonstrates problem-solving abilities to manage complex local and international security requirements.

• Ability to perform complex cloud and firewall administration functions in a cloud network environment accurately and efficiently.

• Strong work ethic, leverage analytical and critical thinking, and be skillful at meeting change requests at a moment’s notice.

• Effectively apply internal and external customer service practices and processes to meet quality service standards and achieve member satisfaction.

• Resolve problems utilizing advanced knowledge and experience.

• Communicate in a professional manner and deliver information clearly and effectively. Actively listen to questions, opinions, and ideas of others. Use tact and diplomacy in sensitive and confidential situations.

• Use correct English including spelling, grammar, and punctuation.

• Operate computers and use business software and other standard office equipment.

• Understand and follow written and oral instructions.

• Set priorities and manage one’s own time effectively.

PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met by employees to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Physical Requirements

• Intermittent standing, sitting, walking, bending, and climbing.

• Using hands repetitively to handle, feel, or operate computers and other standard office equipment.

• Reaching with hands and arms.

• Intermittent lifting and carrying up to 25 pounds.

WORK ENVIRONMENT

An employee in this job will experience the following main work environments, others not listed may also be encountered on occasion;

• Works in a typical technology office environment.

Redstone Federal Credit Union is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran status or status as an individual with disability. All qualified applicants will not be discriminated against on the basis of disability.

We are proud to be a Drug-Free and Tobacco Free Workplace.

About Us

Redstone Federal Credit Union has been serving the communities of North Alabama and middle Tennessee since 1951. We’re a strong, stable, and growing organization looking for ambitious individuals who can collaborate effectively on a team, yet still thrive on their own. You’ll be helping us change our communities by supporting our mission – improving the financial well-being of our members and communities by offering trusted advice, choices, opportunities, and solutions – and ultimately giving members a better experience. Discover a unique opportunity to join an innovative and rapidly growing company today!