The Cybersecurity Analyst supports the day-to-day protection of the organization’s systems, networks, and data within a regulated financial services environment. This role is responsible for monitoring security alerts and logs, investigating suspicious activity, assisting with incident response and containment actions, and helping maintain the tools and processes that enable timely threat detection and remediation. The analyst works closely with Infrastructure, Applications, and Compliance to identify vulnerabilities, validate security controls, and ensure security practices align with organizational policies and regulatory expectations.

This position also contributes to audit readiness and continuous improvement by documenting findings, assisting with evidence collection, and creating and maintaining cybersecurity procedures and runbooks to ensure consistent, repeatable response workflows. Success in this role requires curiosity, strong analytical skills, attention to detail, and the ability to communicate clearly while operating with a high degree of integrity and urgency.

Systems, Network and Identity Security

• Monitor and analyze system and network logs using SIEM and vulnerability detection tools to identify suspicious and unknown activity; support proactive threat hunting activities.
• Perform routine reviews of firewall, network, server, and endpoint configurations; document findings and coordinate remediation actions with Infrastructure and application owners.
• Participate in incident response activities including triage, investigation, containment support, evidence collection, and post-incident documentation; assist with tabletop exercises and basic forensic analysis as needed.

Security, Risk and Audit

• Administer and support security systems and controls, validating that system, network, and vendor configurations align with internal policies, regulatory requirements, and security best practices.
• Assist with vendor security due diligence by reviewing security documentation, completing questionnaires, and documenting risks and recommended control requirements.
• Support third-party audits and NCUA examinations by gathering evidence, preparing documentation, participating in interviews as needed, and tracking remediation items to closure.
• Contribute to internal audits and risk assessments by testing controls, documenting findings, and helping compile periodic risk and compliance reporting.
• Assist with security policy and standards maintenance by recommending updates based on new threats, control gaps, or audit findings.
• Support the security awareness program by helping manage phishing/social engineering tests, updating training content, and partnering with Marketing on member-facing education materials.
• Maintain current knowledge of emerging threats, tools, and best practices; share relevant updates with the team and incorporate into procedures where appropriate.

Business Continuity

• Assist with the review and testing of disaster recovery and business continuity plans, including evidence collection and documenting test results and improvement actions.
• Create, maintain, and update cybersecurity procedures and runbooks; ensure guidance is version-controlled, periodically validated, and aligned to current tools and response workflows.
• Perform other duties as assigned to support organizational security objectives.

Education & Certifications

• Bachelor’s degree in Computer Science, Cybersecurity, related field, or equivalent experience.
• CompTIA Security+ and CompTIA CySA+ are required within 180 days of employment. Candidates without current certifications are encouraged to apply.

Professional Experience

• Hands-on experience with incident response (triage, containment, eradication, post-incident reporting) and leading tabletop exercises.
• Experience operating and improving security monitoring capabilities (SIEM/EDR/XDR), including alert tuning, escalation paths, and operational metrics.
• Proven track record managing vulnerability management and remediation programs (scanning, prioritization, patch coordination, verification).
• Demonstrated experience in risk management and governance: policy development, exception handling, control validation, and reporting to senior leadership.
• Experience leading third-party risk management / vendor due diligence, including security assessments, contract/security addenda review, and onboarding approvals.
• Direct experience supporting and responding to audits/exams (e.g., internal audit, external auditors, regulators), including evidence gathering, management responses, and remediation tracking.

Systems Knowledge

• Familiarity with Windows Server and Linux Operating Systems.
• Familiarity with M365.