IT Risk Mitigation Engineer II - REMOTE

Velera is the nation’s premier payments credit union service organization (CUSO) and an integrated fintech solutions provider. The company serves more than 4,000 financial institutions throughout North America, operating with velocity to help our clients keep pace with the rapid momentum of change and fuel growth in the new era of financial services. Our purpose: We accelerate partners’ success through innovative financial technology solutions and inspired service.

The Opportunity:

As a Risk Mitigation Engineer II, the incumbent will be responsible for assisting in the core, day-to-day functions of the Risk Mitigation (RM) team. In this role the incumbent acts as a technical support specialist within the larger RM team.  This role will promote directives within the team to support IT infrastructure and application teams across the organization to ensure a risk-based approach to vulnerability management is embedded into their daily work. The RM Engineer II will focus the majority of their time on hands-on solutions and tools, such as those that are typically used for monitoring, assessment, tracking, and reporting. The ideal candidate will have excellent technical, organizational, and communication (written and verbal) skills, along with a willingness to assist where needed with overall team tasks. A sense of ownership, and a want and willingness to learn, assume new responsibilities, and an overall initiative-based drive are keys to success in this position and successive/advanced roles within the team.

Day in the Life:

• Assume a critical, supportive, technical role within the RM team.  Assist both technical and team initiatives to shape and guide the focus and execution of remediation solutions that provide effective, accurate, comprehensive, and actionable reporting, best practices configurations, timely patching, etc., toward a goal of overall reductions in vulnerabilities across all department accountable technologies.
• Under guidance, collaborate with Security and IT Infrastructure to maintain or implement risk-based, actionable remediation requirements for all supported, auditable technologies.
• Utilize a breadth of technical background to identify and research the vulnerabilities, then partner with the proper technology team to remediate the findings.
• Assist with or directly maintain and support vulnerability management programs that include reviewing regular scans and assessments of the organization’s systems, network and applications to identify security vulnerabilities.
• Resolve or assist with the resolution of information security vulnerability findings, including zero-day or targeted threats, and/or internal or external weaknesses in IT platforms, appliances, systems, services, applications or configurations.
• Work with multiple teams to align scanning, reporting and tracking in compliance with industry best-practices, regulations, and standards related to vulnerability management, such as PCI-DSS, SOC II, NIST, CIS benchmarks, or other compliance regulations required by either industry mandates or Velera standards.
• Improve reporting maturity through automation, consolidation, and other techniques as necessary.
• Perform or assist with recurring and on-demand scanning of organization systems and cloud environments.
• Maintain detailed documentation regarding Velera’s threat management standards, policies, and procedures
• Improve and automate, wherever possible, existing vulnerability management systems

Qualifications:

• Associates degree or competency-based degree in a related IT discipline preferred
• Relevant industry certifications such as A+, Network+, Security+, CISSP, CISM, or equivalent are a plus
• Experience with Tanium is a plus
• 2+ years of experience in vulnerability management / compliance monitoring or the equivalent as derived from participating in a role that directly included those responsibilities
• Knowledge of and/or experience with technical concepts such those associated within Windows and/or Linux server operating systems, cloud computing, automation, networking, and application development
• Experience reviewing vulnerability scans, penetration tests, network admission control, and/or SIEM systems such as Nessus, Rapid7, Qualys, etc.
• Experience with IT controls monitoring for regulatory and compliance requirements
• Knowledge of vulnerability data management and reporting process automation
• Knowledge of OWASP tools and methodologies a plus
• Knowledge of scripting languages (i.e., Powershell, Python, YAML, etc.) a plus
• Experience with ServiceNow a plus
• Functional knowledge of information security best practices
• Functional knowledge of ITIL principles and practices

#LI-LM1

About Velera

At Velera, inclusion isn’t an initiative – it’s how we work. Guided by a people‑helping‑people philosophy, we cultivate a culture where every employee feels valued, respected and empowered to do their best work. We’re committed to building a diverse workforce and fostering meaningful connection across our teams. Through a remote‑first, flexible environment, we prioritize psychological safety, wellbeing and belonging so individuals and teams can collaborate to thrive. Together, we’re shaping a new era of secure, innovative solutions for the clients and communities we serve. Learn more about what it’s like to work at Velera.

Pay Equity

Actual Pay will be adjusted based on experience and other job-related factors permitted by law.

Great Work/Life Benefits!

• Competitive wages

• Medical with telemedicine

• Dental and Vision

• Basic and Optional Life Insurance

• Paid Time Off (PTO)

• Maternity, Parental, Family Care

• Community Volunteer Time Off

• 12 Paid Holidays

• Company Paid Disability Insurance

• 401k (with employer match)

• Health Savings Accounts (HSA) with company provided contributions

• Flexible Spending Accounts (FSA)

• Supplemental Insurance

• Mental Health and Well-being: Employee Assistance Program (EAP)

• Tuition Reimbursement

• Wellness program

• Benefits are subject to generally applicable eligibility, waiting period, contribution, and other requirements and conditions

Velera is an Equal Opportunity Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state or local law.

Velera is an Equal Opportunity Employer that complies with the laws and regulations set forth in the following "EEO is the Law" Poster. Velera will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the legal duty to furnish information.

Velera is an E-Verify Employer. Review the E-Verify Poster here.  For information regarding your Right To Work, please click here.

This role is currently not eligible for sponsorship.

As an ongoing commitment to reasonably accommodate individuals with disabilities please contact a recruiter at [email protected] for assistance.