Senior Cybersecurity Engineer

Description

Our culture is built on teamwork, integrity, and a shared commitment to delivering a trusted member experience.

The Senior Security Engineer provides technical leadership and hands‑on engineering to architect, configure, implement, and manage the Credit Union’s core cybersecurity technologies—such as privileged access management (PAM), endpoint detection and response (EDR), firewalls, IDS/IPS, CASB, and related security platforms.

This role partners closely with Network, Infrastructure, and Application teams to design resilient security controls, integrate telemetry into monitoring workflows, and continuously improve security posture through standardization, automation, and lifecycle management.

• Lead design and implementation of security technology solutions, including requirements gathering, architecture, configuration standards, testing, and production rollout.
• Own administration and lifecycle management for assigned security platforms (e.g., PAM, EDR, firewall, IDS/IPS, CASB), including upgrades, patching, backups, high availability, and technical documentation.
• Partner with Network Engineering to design and maintain secure network controls (segmentation, ingress/egress filtering, VPN/remote access, secure routing) and troubleshoot complex connectivity and security policy issues.
• Define and maintain security baselines and configuration standards; ensure changes follow change control and are validated through testing and peer review.
• Integrate security tooling with logging/monitoring workflows (e.g., SIEM, SOAR, MDR) by enabling high‑quality telemetry, building effective alerting, and improving signal‑to‑noise.
• Develop automation and repeatable deployment patterns (scripts, templates, infrastructure‑as‑code where applicable) to improve consistency, speed, and auditability.
• Perform advanced troubleshooting and root‑cause analysis across security and network stacks; lead resolution of high‑impact incidents related to security technologies.
• Support risk and compliance objectives by providing evidence, participating in audits, and ensuring controls align to financial services expectations (e.g., GLBA, NCUA, FFIEC guidance, PCI DSS as applicable).
• Evaluate security vendors and products, contribute to roadmap planning, and manage technical relationships with vendors and service providers.
• Mentor and provide technical guidance to other security team members; contribute to runbooks, knowledge transfer, and continuous improvement.

• Expertise implementing and operating enterprise security platforms (PAM, EDR, firewall, IDS/IPS, CASB, email/web security, vulnerability tooling or similar), including hardening, policy design, and troubleshooting.
• Strong networking fundamentals and hands‑on experience supporting secure network designs (TCP/IP, routing/switching concepts, DNS/DHCP, VPN, segmentation). Familiarity with BGP/OSPF and load balancing is a plus.
• Ability to translate risk and security requirements into implementable technical controls, standards, and reference configurations.
• Experience integrating security tools with monitoring and response workflows (SIEM/SOAR/MDR), including log/telemetry onboarding and detection tuning.
• Strong documentation skills; ability to create runbooks, standards, and diagrams that enable repeatable operations and audit readiness.
• Strong verbal and written communication skills; able to lead technical discussions and coordinate effectively across IT and the business.
• Familiarity with regulatory expectations for financial services/credit unions such as GLBA, NCUA, FFIEC guidance, and PCI DSS (as applicable).

• Bachelor’s degree in Information Systems, Information Technology, Computer Science, Computer Engineering, or related field (or equivalent experience).
• 7+ years of experience in information security and/or network engineering, including hands‑on ownership of security technologies in an enterprise environment.
• Experience designing and implementing at least two of the following at enterprise scale: PAM, EDR, firewall/segmentation, IDS/IPS, CASB/SASE, secure remote access/VPN.
• Professional certifications preferred: CISSP, CCSP, GIAC (e.g., GCIA/GSEC/GCIH), and/or relevant vendor certifications (e.g., Palo Alto, Fortinet, Microsoft, Crowd Strike, Cyber Ark/Beyond Trust, Zscaler).
• Networking certifications (e.g., CCNA/CCNP) or equivalent practical networking experience strongly preferred.