Information Security Analyst

Summary: Under direct supervision, provides internal support to Noble Credit Union's Information Security Program, including evaluation, implementation, and optimization of security solutions; monitoring threat alerts, incident triaging and incident response, threat analysis and hunting, vulnerability management, and contributing to security training and awareness initiatives. This role also supports physical security and access management, including security alarm systems; provides security operational support; partners with all divisions to ensure the protection of information infrastructure, systems, and data in accordance with internal policies, cybersecurity best practices, privacy, financial, and regulatory compliance requirements., Performs key functions across all cybersecurity related matters, including but not limited to the following:

• Maintain security of systems, networks, and overall internetworks.
• Data security and protection, including securing data at rest and in transit.
• Cloud platforms and security, including Microsoft Azure and related cloud applications and services, with general working knowledge of cloud model services such as SaaS, IaaS, and PaaS
• Support various enterprise security management practices and solutions, such as Endpoint Detection and Response (EDR/XDR), SIEM, email protection, Data Loss Prevention (DLP), encryption, web filtering, and IDS/IPS.
• Participate in security risk, compliance, and audit assessments and functions, including PEN testing and social engineering assessments.
• Manage vulnerability and patch processes, including risk mitigation and remediation.
• Maintains network security infrastructure, including firewalls, remote access, and general secure network topologies.
• Support identity access management strategies and methods.
• Support technical information security project management and execution.
• Delivers and supports cybersecurity training and awareness initiatives.
• Recommend, evaluate, implement, maintain, and optimize computer security systems and technologies related to the Information Security Program, policies, and regulatory compliance requirements.
• Perform timely alerting, monitoring, triaging, threat analysis and threat hunting, including completeness of issue and incident documentation, and escalate urgent and/or critical matters to Senior Information Security Analysts and/or the Information Security Manager, when appropriate.
• Identify security risks, threats, vulnerabilities, trends, and escalate or send appropriate data reports to management as necessary, including recommendations and remediation efforts.
• Perform incident response by following established IR runbooks and processes, including collection and analysis of logs and artifacts, forensic analysis, guiding remediation efforts, review and validation of recovered or remediated systems for potential secondary compromise or further threat activities.
• Review, improve, and assist in developing security policies, procedures, technical guides, and processes as appropriate to reflect current and future security requirements, ensure secure operational practices, and address compliance requirements.
• Provide primary support of Noble Credit Union security camera systems, infrastructure, ID badging, access management and alarm system.
• Provide general information security advisory and support to the Noble Credit Union team.
• Travel to the various Noble Credit Union branches and/or locations to provide information security support, handle project implementations, and participate in audits.

Other Duties

Ensure compliance with all safety, security and compliance programs including but not limited to BSA, AML, OFAC, Branch Security and Safety. Exercise awareness in regard to suspicious activity, money laundering or fraudulent behavior.

Perform all other related duties as assigned.

Bachelor's degree (B.A.) from a four-year college or university in a related field and two to three years of information security related experience; or an associate degree from a two-year college in a related field with a minimum of three to five years of related information security experience and training. A CEH, CISSP, or CySA+ certification or equivalent certifications are preferred. Experience in Information Security within a financial institution is preferred. Must possess a valid California Driver's License.