Prin Security Analyst

Empowered to live. Inspired to work.
Compeer Financial is a member-owned cooperative located in Illinois, Minnesota and Wisconsin. We bring together team members with a variety of backgrounds and experiences to help provide financial services to support agriculture and rural communities. Join us in a culture that not only promotes meaningful work and professional development, but provides a flexible, hybrid work environment and excellent benefits, which empower you to thrive both personally and professionally.

How we support you:

• Hybrid model – up to 50% work from home
• Flexible schedules including ample flexibility in the summer months
• Up to 9% towards 401k (3% fixed Compeer contribution plus up to 6% match)
• Benefits: medical, dental, vision, HSA/FSA, life & AD&D insurance, short-term and long-term disability, wellness program & EAP
• Vacation, sick leave, holidays/floating holidays, parental leave, and volunteer paid time off
• Learning and development programs
• Mentorship programs
• Cross-functional committee opportunities (i.e. Inclusion Council, emerging professional groups, etc.)
• Professional membership/certification reimbursement and more!

Casual/seasonal & intern team members are not eligible for benefits except for state-mandated programs.

To learn more about Compeer Financial visit www.compeer.com/careers. 

Where you will work: This position offers a hybrid work option up to 50% remote and is based out of any of Compeer's office locations.

The contributions you will make: 

This position creates, implements and maintains corporate-wide security programs that assist in improving overall security posture of the organization. Provides guidance, assurance and information protection to maintain the confidentiality, integrity, and availability of Compeer critical resources. Contributes knowledge and expertise to ensure that information assets are protected and secure. In this position, you will guide solutions to promote secure business-to-business initiatives, third-part relationships, outsourced solutions and vendors. Provides mentorship and guidance to less experienced team members. 

A typical day: 

• Remains current with new security threats and assess systems and solutions to ensure they can defend the business. 
• Researches capabilities of current and new disruptive solutions on the market and makes recommendations to security group on a consistent basis.  
• Develops security team standards, policies, procedures and processes.  
• Support and provide direction for use of technical systems, monitors for unusual and suspicious activity across a wide range of products, data centers, and cloud systems.
• Partners with Business Technology on security configuration standards for systems and business applications.  
• Participates in technical and non-technical projects requiring information security oversight and to ensure policies and procedures are met.  
• Provides cybersecurity guidance to leadership. 
• Ensures that cybersecurity-enabled products or other compensating security control technologies or processes reduce identified risk to an acceptable level. 
• Performs security reviews, identifies gaps in security architecture, and develops a security risk management plan. 
• Implements security measures to resolve vulnerabilities, mitigate risks, and recommend security changes to system or system components as needed. 
• Analyzes and reports system security posture trends. 
• Analyzes cyber defense policies and configurations and evaluates compliance with regulations and organizational directives.
• Prepares audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.
• Leads the Incident Response Team during activations for security or operational events.
• Coordinates, leads and conducts adversary simulation, hunt teaming, assumed breaches and whitebox penetration tests. Develops and executes attack plans, scripts, tools and methodologies to strengthen the offensive operations. 
• Plans and coordinates the delivery of classroom techniques and formats (e.g., lectures, demonstrations, interactive exercises, and multimedia presentations) for the most effective learning environment. 

The skills and experience we prefer you have: 

• Bachelor’s degree in security management, cybersecurity, computer science, management information systems, or business with technical training in networking, technical support or security or an equivalent combination of education and experience sufficient to perform the essential functions of the job. 
• Expert-level experience in physical asset security, information technology, risk management, security services, or infrastructure technology.  
• CISSP certification preferred.   
• Ability to adapt and stay a step ahead of cyber attackers and stay up to date on the latest attack methods. 
• Expert experience driving measurable improvement in monitoring and response capabilities at scale. 
• Expert ability to identify and resolve problems, utilizing strong analytical skills. 
• Advanced experience in cloud computing technologies, including software, infrastructure and platform-as-a-service, as well as public, private and hybrid environments. 
• Expert knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), identity and access management (IDAM) systems, antivirus and firewalls, in addition to endpoint detection and response (EDR), threat intelligence platforms, data loss prevention (DLP), security automation and orchestration, deception technologies, application controls, and other network and system monitoring tools.  
• Experience with purple teaming (red and blue) to train, identify and remediate issues cohesively.  
• Advanced experience with Amazon Web Services (AWS) or Microsoft Azure.  
• Expert experience conducting risk analysis to protect the business and adhere with compliance requirements and privacy laws. 
• Expert experience with vulnerability and penetration testing engagements. 
• Advanced knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).  
• Expert knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.  
• Knowledge of multiple cognitive domains and tools and methods applicable for learning in each domain.  
• Knowledge of media production, communication, and dissemination techniques and methods, including alternative ways to inform via written, oral, and visual media. 
• Knowledge of training and education principles and methods for curriculum design, teaching and instruction for individuals and groups, and the measurement of training and education effects.

How we will take care of you:

Our job titles may span more than one career level (associate, senior, principal, etc.). The actual title and base pay offered is dependent upon many factors, such as: training, transferable skills, work experience, business needs and market demands. The base pay range is subject to change and may be modified in the future. This role is eligible for variable compensation and other benefits.

Compeer Financial is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Must be authorized to work for any employer in the United States. Compeer is unable to sponsor or take over sponsorship of an employment visa at this time.

Click here to view federal employment laws applicable for applicants.