APGFCU - Your Community Credit Union! For over 80 years, APGFCU has shared our financial experience and provided valuable products and services to build stability and financial independence, one member at a time. We are looking for those who want to join this movement and become a part of a growing organization. We offer competitive pay and great benefits.

SUMMARY: Under the general direction of the VP of IT Infrastructure, the Security Analyst is responsible for the engineering, support, maintenance, and implementation of APGFCU's IT security systems and infrastructure. This includes security system design, hardware & software acquisition, installation, configuration, and ongoing network security maintenance. This person will need to rely on experience and judgment to plan and accomplish corporate goals.

Network Design and Engineering:

• Configure APGFCUs corporate communications network to include network implementation, configuration of routers, switches, firewalls, IPS/IDS, gateways and servers (Linux, HPUX, Microsoft, VMware, VDI); carry out the infrastructure maintenance and equipment configurations for backup/recovery purposes.
• Works directly with firewalls (Meraki/Palo Alto/SonicWALL, Cisco), IDS, IPS, and other security infrastructure
• Uses network monitoring tools and SIEM to carefully examine network traffic and to identify both external and internal threats to ensure security specifications meet the APGFCU infrastructure guidelines.
• Design and implement a multi-layer security strategy to protect APGFCU information assets.
• Perform network troubleshooting as needed; work with vendors and telecommunications service providers to ensure continuous network availability; 24x7x365 to include after hours. Must be available to work after hours and to be on call
• Engineering of security on APGFCUs networks to include LANs, WANs and Internet access points.
• Implement and administer firmware and patch management for all IT hardware and operating systems (Linux, Windows Server, VMware)
• Implement and manage internal and external vulnerability scans and penetration tests and address all findings.
• Work with external vendors and regulatory agencies on internal and external IT audits and resolve any findings.
• Implement controls to maintain data security through enabling/disabling network protocols, port security, restricting access to vLANs, certificate management, MAC filtering, and other security controls.
• Implement and manage VPN, remote access, and MDM systems.
• Participate in the annual execution of disaster recovery testing and provide support for all audits and assessment activities.
• Provide security infrastructure expertise to business applications ensuring they are deployed and implemented securely.
• Oversee, research, and design short and long-term changes and enhancements to the IT infrastructure. Ensure the network and systems dependent upon the communications infrastructure operate efficiently and
• Participate in developing the annual IT strategic plan, review existing infrastructure security configuration, plan and make recommendations for future enhancements.
• Provide recommendations/proposals for security hardware/software and ensure proper installation.
• Provides security engineering support for IIS, SQL, and other web-based server products.
• Maintain all documentation pertaining to the network security infrastructure. Ensure that licensing is accurate and maintained. Maintain accurate network inventory.
• Adhere to the established change management and turnover log
• Inform IT management of security advances affecting the information technology field and make recommendations for improvements in the infrastructure.

Project Management:

• Lead internal technical project teams in the implementation of infrastructure security upgrades such as Firewalls, Antivirus systems, Data Loss Prevention systems, Intrusion Detection systems, Web and email filters and others.
• Evaluate project proposals and implement project life-cycle and manage approved projects.
• Work closely with the VP of IT Infrastructure to ensure technical specifications meet the APGFCU infrastructure guidelines and with the implementation of credit union wide I.T projects.

Professional Development:

• Remain current with developments in information technology and information security and their potential impact on the Credit Union's present and future needs.
• Continue technical professional development through seminars and workshops, membership in technical and professional organizations, and through reading technical publications and journals.
• Network with others in the credit union industry and interface with vendors.
• Maintain certifications requirements and work towards acquiring new certifications as required

Other: Perform additional responsibilities as assigned.

ADDITIONAL: Responsible for completion of applicable training and compliance with federal regulations and APGFCU policies and procedures as related to the duties of this position (Bank Secrecy Act, Information Security as examples, if applicable).

Ability to handle day-to-day operations, troubleshooting network connectivity problems and application issues. Must be skilled in communication, human relations, problem-solving, and organization. Strong understanding on OSI model, TCP/IP, subnetting, routing protocols (EIGRP, OSPF, iBGP), firewall technologies, VPN and remote access, core networking (WAN/LAN/DHCP/VLAN/VXLAN/ /IPv4/IPv6/QOS), encryption(SSL/TLS), scripting (Powershell/Python), virtualization (VMware), content filtering, MDM, VDI.

EDUCATION: Bachelor's Degree in Cyber Security or other related technical field. Experience can be credited in lieu of education. Current certification in one of the following areas is required. (CISSP, MCITP, CCNA, VMware).

EXPERIENCE: Minimum ten years of work experience in a LAN/WAN environment consisting of cyber security or in IT security related field required. Extensive hands-on experience with network infrastructure consisting of firewalls, IPS/IDS, SIEM, web and email filters, data loss prevention, antivirus/antimalware systems, Microsoft servers, virtualization, Linux, Cisco routers, and switches in a enterprise networking environment. Advanced knowledge of networking in a Microsoft Server domain, AD, Group Policy, MS SQL server, IIS, Exchange, Windows networking, virtualization, SAN's, vSphere and certificate-based authentication, passwordless authentication.

PHYSICAL DEMAND: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to stand; walk; use hands to finger, handle, or feel objects, tools, or controls; and talk or hear. The employee frequently is required to reach with hands and arms. The employee is frequently required to sit, stoop, kneel, or crouch. The employee must frequently lift and/or move up to 25 pounds, and be capable of transporting related supplies and equipment. Specific vision abilities by this job include vision, distance vision, color vision, peripheral vision, depth perception and the ability to focus.

APGFCU is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability to Protected Veteran status. Please use the attached link to view the EEO law poster http://www1.eeoc.gov/employers/poster.cfm

APGFCU is committed to working with and providing reasonable accommodations to persons of all abilities, including persons with disabilities. If you need a reasonable accommodation for any part of the employment process, please send to the Human Resources Department and let us know the nature of your request and your contact information. Reasonable accommodations are considered on a case-by-case basis. Please note that only inquiries concerning a request for reasonable accommodations will be responded to from this e-mail address.