Sr Engineer, Insider Risk Program

Overview

Are you looking to take your career from good to great? As an employee of PenFed, every day is an opportunity to thrive, and be part of a team working to ensure our organization is providing world class service to our members, employees, and our communities. We exist to help our members realize their full potential, educate and encourage their dreams, and make every effort to follow our mission and help our members "do better." Joining PenFed is more than being an employee; it's about being a part of the PenFed family.

PenFed is hiring a (Hybrid) Sr Engineer, Insider Risk Program at our Tysons, Virginia; Irving, Texas or San Antonio, Texas location. The purpose of the role of Senior Engineer is to investigate insider risk-related matters while ensuring the established processes and governance is followed for event triage, analysis and reporting. Drawing on their significant investigative experience, the Senior Engineer may be tasked with assisting less experienced team members with case-related matters. The Senior Engineer will provide oversight of the case management system and other insider-risk platforms / programs as deemed appropriate. Using their technical skillset, the Senior Engineer will continually deploy, maintain, and tune countermeasures in response to new or changing insider threat tactics, techniques, and procedures (TTPs), and investigate / report anomalies as warranted. As the role requires interaction with senior leaders and teams from across PenFed, the Senior Engineer must possess outstanding interpersonal, oral and written communication skills.

Responsibilities

Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. This is not intended to be an all-inclusive list of job duties, and the position will perform other duties as assigned.

Provide subject matter expertise for internal risk and threat analysis to give value-added information to assist in various situations.

Review events of concern and produce leads that document issues on computer misuse, various violations of policies, counterintelligence concerns, foreign influence, financial stressors, threats to self or others, and other insider threat concerns.

Lead and conduct investigations by analyzing and verifying information utilizing log analysis, digital evidence collection and forensic procedures.

Use Network and Host based tools to monitor and detect potential threats and unauthorized activity across a wide range of IT systems and environments.

Utilize a variety of databases to conduct research regarding employees whose behavior may potentially pose a risk to an organization.

Assist entities in support of formal investigations and / or inquiries to resolve insider threat related matters, employee misconduct, or violations of law.

Lead efforts in the proactive identification of new collection methodologies for the Program.

Execute and maintain Standard Operating Procedures (SOPs) for the Insider Risk Program.

Document and report findings to PenFed management.

Brief team members on emerging threats and indicators.

Support efforts to help ensure the Insider Risk programs are in compliance with PenFed and regulatory policies, directives, instructions and procedures.

Help maintain and manage the Insider Risk Program's technology suite of tools, report findings back to the Insider Risk Program Senior Manager and assist PenFed leadership with conducting investigations for reported incidents.

Qualifications

Equivalent combination of education and experience is considered.

Bachelor's degree in Information Security / Technology, Computer Science, Engineering, Criminal Justice, Social / Physical Science, or other related fields.

Minimum of fifteen (15) years of work experience in Law Enforcement, Cyber Security, Insider Risk, or Intelligence field in a large, highly regulated enterprise.

Minimum of ten (10) years of experience conducting complex investigations.

Knowledge of cyber security response operations, threat identification and intelligence lifecycle, supporting technologies, and required processes.

Supervisory Responsibility

This role will not supervise employees.

Preferred Licenses and Certifications

Certifications in the field of information security from a respectable security organization. Desirable certifications include, but not limited to :

GSEC, GCIH, GCIA, GCFE, GREM, GCFA, CEH, CISSP, CASP or equivalent Certifications

Industry standard Insider Threat Training Courses and with completion certificate from any of the following organizations :

CMU SEI, CDSE, NITTF

Work Environment

This is a hybrid role with mandatory in-office days required each week. While performing the duties of this job, the employee is regularly exposed to an indoor office setting with moderate noise.

Most roles require working in an office setting with moderate noise and the ability to lift 25 pounds.

Travel

Limited travel to various worksites is required.

About Us

Established in 1935, PenFed today is one of the country's strongest and most stable financial institutions with over 2.9 million members and over $31 billion in assets. We serve members in all 50 states and the District of Columbia, as well as in Guam and Puerto Rico. We are federally insured by NCUA and we are an Equal Housing Lender. We are available to members worldwide, via the web, seven days a week, twenty-four hours a day. We provide our employees with a lucrative benefits package including robust medical, dental and vision plan options, plenty of paid time off, 401k with employer match, on-site fitness facilities at our larger locations, and more. Equal Employment OpportunityPenFed management will maintain and observe personnel policies which will not discriminate or permit harassment or retaliation against a person because of race, color, creed, age, sex, gender, gender identity, gender expression, religion, national origin, ancestry, marital status, military or veteran status or obligation, the presence of a physical and / or mental disability or medical condition, genetic information, sexual orientation, and all statuses protected by applicable state or local law in all recruiting, hiring, training, compensation, overtime, position classifications, work assignments, facilities, promotions, transfers, employee treatment, and in all other terms and conditions of employment. PenFed will also prohibit retaliation against individuals for raising a complaint of discrimination or harassment or participating in an investigation of same. PenFed will also reasonably accommodate qualified individuals with a disability so that they can apply for a job or perform the essential functions of a job unless doing so causes a direct threat to these individuals or others in the workplace and the threat cannot be eliminated by reasonable accommodation or if the accommodation creates an undue hardship to PenFed. Contact human resources (HR) with any questions or requests for accommodation at 402-639-8568.

LI-Hybrid