Network security engineer

To create joy and ignite Michiganders’
impossible dreams.

At orsa, our commitments start with our purpose and are guided by our vibrantly livedvalues. We walk together toward strategic ends, galvanized by regenerative leadership and a growth orientation which moves us toward our human potential, so that we can support Michiganders in shaping the life they desire.

The network security engineer is responsible for researching, designing, engineering, implementing, and supporting network security solutions. This position will utilize in-depth technical knowledge and business requirements to help design and implement a secure network and secure solutions. This position will regularly collaborate with members of the technology solutions & support team, as well as other leaders across the Credit Union Business Units.

This position has a starting annual rate of $103,100 but your offer amount may be increased with relevant work experience and transferable skills.

As an impact-driven team, our work is collaborative and dynamic. This role, like all positions at orsa, will be counted on to perform a variety of tasks associated with its purpose and as directed by leadership. Some of the core deliverables of this role are:

• Research, design, engineer, implement, and support enterprise network security solutions aligned with industry best practices and organizational risk tolerance.
• Administer and maintain Palo Alto firewall infrastructure, including rule lifecycle management (creation, review, optimization, decommission), policy tuning, threat prevention, URL filtering, and firmware updates.
• Manage and mature the organization's Privileged Access Management (PAM) program, including credential vaulting, session monitoring, access policies, and periodic access reviews.
• Administer and enhance Single Sign-On (SSO) and identity federation configurations, ensuring secure authentication flows across enterprise applications.
• Harden and secure the Microsoft 365 environment, including Exchange Online, SharePoint, Teams, Entra , and Defender suite configurations, aligned with CIS benchmarks and organizational policy.
• Manage Microsoft Intune, including compliance policies, configuration profiles, conditional access integration, and device hardening standards.
• Develop, implement, and maintain system and network hardening standards across on-premises, cloud, and hybrid environments.

• Perform network traffic analysis and anomaly detection across network infrastructure, coordinating remediation efforts with Technology teams.
• Support network segmentation and microsegmentation strategy to reduce lateral movement risk and meet regulatory expectations.
• Support incident detection and response activities from the network layer, including packet capture, log analysis, and forensic support.
• Contribute to compliance and audit readiness efforts related to network and endpoint security controls (e.g., NCUA, GLBA, PCI-DSS).
• Respond to team member security questions, provide guidance on secure practices, and support security awareness efforts.

• Evaluate new technologies, applications, and vendor solutions for security risk, recommending appropriate safeguards to leadership.
• Stay current on emerging threats, vulnerabilities, and industry standards, applying knowledge to continuously improve the organization's security posture.
• Manage relationships with third‑party security vendors, including the organization's Managed Security Services Provider (MSSP) and SIEM platform, ensuring service level expectations are met, alert tuning is current, and escalation processes are effective. Coordinate with vendors on security implementations, assessments, and ongoing managed service delivery.
• Maintain network security documentation, including architecture diagrams, runbooks, hardening baselines, and standard operating procedures.
• Support additional initiatives and priorities as directed by leadership.

As an organization focused on creating belonging, we appreciate that…