Cybersecurity Analyst

About The Position

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, related field, or equivalent experience.
• CompTIA Security+ and CompTIA CySA+ are required within 180 days of employment. Candidates without current certifications are encouraged to apply.
• Hands-on experience with incident response (triage, containment, eradication, post-incident reporting) and leading tabletop exercises.
• Experience operating and improving security monitoring capabilities (SIEM/EDR/XDR), including alert tuning, escalation paths, and operational metrics.
• Proven track record managing vulnerability management and remediation programs (scanning, prioritization, patch coordination, verification).
• Demonstrated experience in risk management and governance: policy development, exception handling, control validation, and reporting to senior leadership.
• Experience leading third-party risk management / vendor due diligence, including security assessments, contract/security addenda review, and onboarding approvals.
• Direct experience supporting and responding to audits/exams (e.g., internal audit, external auditors, regulators), including evidence gathering, management responses, and remediation tracking.
• Familiarity with Windows Server and Linux Operating Systems.
• Familiarity with M365.

Responsibilities

• Monitor and analyze system and network logs using SIEM and vulnerability detection tools to identify suspicious and unknown activity; support proactive threat hunting activities.
• Perform routine reviews of firewall, network, server, and endpoint configurations; document findings and coordinate remediation actions with Infrastructure and application owners.
• Participate in incident response activities including triage, investigation, containment support, evidence collection, and post-incident documentation; assist with tabletop exercises and basic forensic analysis as needed.
• Administer and support security systems and controls, validating that system, network, and vendor configurations align with internal policies, regulatory requirements, and security best practices.
• Assist with vendor security due diligence by reviewing security documentation, completing questionnaires, and documenting risks and recommended control requirements.
• Support third-party audits and NCUA examinations by gathering evidence, preparing documentation, participating in interviews as needed, and tracking remediation items to closure.
• Contribute to internal audits and risk assessments by testing controls, documenting findings, and helping compile periodic risk and compliance reporting.
• Assist with security policy and standards maintenance by recommending updates based on new threats, control gaps, or audit findings.
• Support the security awareness program by helping manage phishing/social engineering tests, updating training content, and partnering with Marketing on member-facing education materials.
• Maintain current knowledge of emerging threats, tools, and best practices; share relevant updates with the team and incorporate into procedures where appropriate.
• Assist with the review and testing of disaster recovery and business continuity plans, including evidence collection and documenting test results and improvement actions.
• Create, maintain, and update cybersecurity procedures and runbooks; ensure guidance is version-controlled, periodically validated, and aligned to current tools and response workflows.
• Perform other duties as assigned to support organizational security objectives.