Ethical Hacker / Penetration Testing

This role is essential for safeguarding the Credit Union's digital assets by performing comprehensive security assessments, including network penetration tests, web and mobile application evaluations, and phishing tests. The role identifies and addresses security vulnerabilities, ensuring compliance with industry best practices and internal policies, thereby preventing system compromise and protecting sensitive information. Additionally, the role promotes a culture of security awareness and supports strategic initiatives to enhance the Credit Union's cybersecurity posture, ultimately building trust and confidence among members.

Work Arrangement - This position is a fully remote role within the state of Michigan.

Schedule - Monday - Friday 8:30am - 5:00pm ET

An offer of employment with MSU Federal Credit Union and affiliates is contingent upon the agreed work arrangement (onsite/hybrid/remote) and work location. MSU Federal Credit Union may or may not be able to accommodate temporary or permanent changes to work arrangements or allow employment outside the city and/or state of residency in which the new hire resides at the time of offered employment.

Compensation & Benefits:

• 100% Company-Paid Health, Dental, Vision, Life, and Long-Term Disability Premiums
• Up to 26 days of PTO within your first year, as well as Volunteer Time Off & 11 Paid Holidays
• 401(k) with a company match
• Tuition Reimbursement
• Up to 12 Weeks of Paid Parental Leave
• Learn more about our benefits here

Essential Duties and Responsibilities:

• Ethical Hacker I:
  • Perform network penetration tests, web application security assessments, mobile application security assessments, and phishing tests for the Credit Union within scheduled time frames following industry best practice methodologies.
  • Identify, develop, and document security issues and recommendations using independent judgment concerning areas being reviewed.
  • Communicate results, suggestions, and/or findings via written reports and oral presentations to Credit Union management, the President/CEO and the Board of Directors.
  • Conduct security assessments of third-party applications utilized by the Credit Union within scheduled time frames.
  • Stay updated with the latest cybersecurity trends, tools, and techniques to continuously improve testing methodologies and security practices.
  • Assist with the coordination and performance of all contracted penetration testing projects and services conducted by third-party vendors.
  • Evaluate the Credit Union's risk areas and provide key input to the development of the annual penetration testing plan.
  • Promote a culture of security awareness within the organization through administration of phishing simulation and other best practice and emerging threat training sessions.
  • Understand the Credit Union's policies and procedures to ensure compliance and accountability for managing operational risks. Adhere to established internal controls and procedures to safeguard assets, prevent fraud, and maintain the integrity of credit union operations.
  • Perform other duties as assigned
• Sr. Ethical Hacker:
  • Develop, implement, and refine advanced penetration testing techniques to identify vulnerabilities in our systems. Apply ethical hacking tools in an innovative and comprehensive manner to increase the Credit Union's cybersecurity posture.
  • Support the Credit Union strategic direction and initiatives while helping others understand the purpose of decisions and direction.
  • Proactively seek out and identify new areas of potential risk and opportunities for security improvements. This involves conducting thorough assessments of emerging threats and vulnerabilities and recommending strategic initiatives to enhance our security posture.
  • Serve as a recognized subject matter expert across the Credit Union and contribute security and control insights on strategic and innovative projects.

Job Requirements:

• Ethical Hacker I:
  • High School Diploma or equivalent required.
  • This position requires a Bachelor's degree or equivalent experience in computer science, information technology, or related field.
  • GIAC GPEN, GIAC GWAPT, or pursuit of similar designation is preferred.
• Sr. Ethical Hacker:
  • GIAC GPEN, GIAC GWAPT, or pursuit of similar designation is required.

Competencies:

• Core Competencies that must be demonstrated by all include Communicate, Navigate Change & Evolve, Solve Problems & Make Decisions, Plan, Prioritize, and Achieve, and Collaborate.
• Functional Competencies:
  • Digital Literacy - Adopts, effectively uses, and champions new technology. Understands and shares technological information used within the position.
  • Time Management - Manages time and resources to ensure that work is completed efficiently.
  • Critical Thinking - Takes outside knowledge into account while evaluating information.
  • Initiative - Takes proactive and prompt action to accomplish work goals. Takes action to achieve results beyond requirements.
  • Knowledge Sharing - Uses formal, informal, and systematic methods to impart information onto others.
  • Organization - Arranges work in a systematic way either on small or large scales.
  • System Knowledge - Demonstrates knowledge of specific Credit Union programs and applications and successfully navigates these systems.
  • Detail Oriented - Ensures information is complete and accurate. Adheres to processes as outlined. Follows up to ensure quality and completion of work.
  • Resourcefulness - Creatively copes with difficult situations or unusual problems. Solves problems and achieves results in the face of obstacles and constraints.
  • Process Improvement - Spots processes that need improving and can implement those changes.

Physical Demands and Work Environment:

• May be required to remain in a stationary position for an extended period.
• Ability to operate standard office technology, equipment, and tools, which may include many hours of computer and phone usage.
• Occasionally needs to move about inside of an office area.
• Exposure to potentially hazardous condition, i.e. robbery. Receives detailed instructions and procedures to be followed to minimize the exposure.
• This position can work in hybrid or remote working arrangements.

Disclaimer:

• Please note this job description is not intended to be construed as an exhaustive list of all functions, responsibilities, skills, and abilities. Additional functions and requirements may be assigned by supervisors as deemed appropriate. This document does not represent a contract of employment, and MSU Federal Credit Union reserves the right to change this position description and/or assign tasks for the employee to perform, as MSUFCU may deem appropriate.
• MSUFCU is an affirmative-action, equal-opportunity employer.
• To perform this job successfully, an individual must be able to perform each essential job duty satisfactorily. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform essential job functions.