Cybersecurity Engineer

Description

Role Accountability

Our culture is built on teamwork, integrity, and a shared commitment to delivering a trusted member experience. In this role, you will support the Credit Union’s cybersecurity operations with a primary focus on incident response by monitoring for threats, triaging alerts, investigating suspicious activity, coordinating containment and remediation, and partnering with internal teams and our managed detection and response (MDR) provider to reduce risk and improve resilience.

Specific Accountabilities

• Monitor security tooling (e.g., SIEM, EDR, email/web security, firewall/VPN logs) and triage alerts to determine scope, severity, and required response actions.
• Investigate suspicious activity by analyzing logs and telemetry, correlating events across systems, and documenting findings in tickets and incident records.
• Execute incident response actions (containment, eradication, and recovery) in partnership with IT and application teams, including isolating hosts, blocking indicators, and supporting remediation.
• Collect and preserve incident evidence (logs, timelines, indicators) and support forensic activities as needed while maintaining chain-of-custody expectations.
• Develop, maintain, and improve incident response playbooks and procedures; participate in tabletop exercises and post-incident reviews to drive corrective actions.
• Tune detections and reduce false positives by partnering with tool owners; recommend improvements to alert logic, correlation rules, and response automation.
• Support vulnerability response by validating exposure, tracking remediation, and coordinating patching or mitigating controls for critical findings.
• Coordinate with internal teams and external partners (including our managed detection and response (MDR) provider, technology vendors, and law enforcement as directed) during investigations and response activities.
• Implement and validate security changes that support incident response outcomes (e.g., blocks, access adjustments, segmentation changes) and follow through on hardening items identified during investigations.
• Participate in an incident response on-call rotation (as required), provide timely escalation and status updates to stakeholders, and support incident communications aligned to severity and business impact.
• Leverage frameworks such as MITRE ATT&CK and perform light threat hunting (hypothesis-driven investigations) to proactively identify malicious activity and validate control effectiveness.
• Stay current on the threat landscape, attacker techniques, and incident response best practices; recommend process and control improvements based on lessons learned.

Requirements

Knowledge, Skills and Abilities

• Strong problem solving and analytical skills; must possess the ability to make quick decisions and use good judgment during incident response.
• Strong verbal and written communication skills; can clearly and confidently communicate information security concepts to all areas of the business.
• Highly adaptable to a constantly changing business and technology environment.
• Familiarity with regulatory and legal security standards and requirements relevant to financial services/credit unions such as GLBA, NCUA, FFIEC guidance, PCI DSS, and Sarbanes-Oxley (as applicable).
• Hands-on knowledge of incident response practices (triage, investigation, containment/eradication, recovery) and the ability to follow and improve playbooks and procedures.
• Ability to analyze security telemetry (Windows/Linux logs, firewall/VPN logs, DNS, proxy, authentication logs) to identify indicators of compromise and suspicious behavior.
• Experience with security monitoring and detection tools (e.g., SIEM queries/dashboards, endpoint detection and response) and familiarity with alert tuning and correlation concepts.
• Knowledge of Identity and Access Management concepts (MFA, privileged access management) and common investigation points for authentication-related incidents.
• Familiarity with data protection controls (e.g., DLP) and how to investigate and respond to potential data exposure events.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk) and how incidents impact business risk.
• Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. 
• Knowledge of cyber threats and vulnerabilities. 
• Knowledge of specific operational impacts of cybersecurity lapses. 
• Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). 
• Knowledge of network traffic analysis concepts (tools, methodologies, processes), including basic packet capture/analysis and web filtering technologies.
• Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities. 
• Working knowledge of networking fundamentals used in investigations (TCP/IP, DNS, HTTP/S, routing, VPN concepts) and common attacker techniques in enterprise environments.

Education and Experience

• Bachelor’s degree in Information Systems, Information Technology, Management Information Systems, Computer Science, Computer Engineering, or related field. 
• 3-5 years of experience in information security, SOC operations, or incident response, including hands-on investigation and response to security events.
• Professional certifications preferred: Security+, CySA+, GCIH/GCIA (or similar), or CISSP/CCSP (a plus).