Role Description The IT Security Analyst II supports the Credit Union’s information security governance, risk, and compliance programs through various activities. This role helps ensure alignment with regulatory requirements, cybersecurity frameworks, and organizational security objectives while supporting the overall maturity of the Information Security Program. Essential Duties/Responsibilities: - Support the Credit Union’s Information Security Governance, Risk, and Compliance (GRC) program in alignment with FFIEC, NCUA, GLBA, NIST CSF, and CIS Controls. - Assist with the development, review, maintenance, and administration of Information Security policies, standards, and procedures. - Coordinate Information Security risk assessments, remediation tracking, exception management, and control validation activities. - Support internal and external audits, regulatory examinations, and compliance reviews through evidence collection and documentation management. - Prepare recurring security metrics, dashboards, reports, and board reporting materials. - Support governance activities related to incident response, business continuity, disaster recovery, and change management. - Assist with monitoring regulatory changes and compliance impact assessments and remediation coordination. - Support security awareness training initiatives, phishing campaigns, and training completion tracking. - Maintain Information Security documentation, audit artifacts, governance records, and operational repositories. - Track audit findings, remediation activities, risk items, and security-related tasks to completion. - Support administration of GRC platforms, workflow systems, and security request tracking processes. - Coordinate with the IT Security Manager on access review activities, documentation management, and security governance workflows. - Maintain vendor management records, asset inventories, and security operational tracking documentation. - Assist with incident response tabletop exercises, reporting coordination, and documentation updates. - Support recurring operational reporting, committee materials, and executive reporting preparation. Other Duties/Responsibilities: - Participate in continuous improvement efforts for the Information Security Program. - Collaborate with Information Technology, Compliance, Risk Management, Internal Audit, and business units on security initiatives. - Support strategic Information Security projects and governance initiatives. - Stay informed on evolving cybersecurity threats, regulatory requirements, and financial industry security practices. - Attend professional development and security training as required. Qualifications - Working knowledge of Information Security governance, risk management, and compliance frameworks including FFIEC, NCUA, GLBA, NIST CSF, CIS Controls, and PCI-DSS. - Understanding of Information Security policies, audit coordination, regulatory examinations, risk assessments, and remediation tracking processes. - Familiarity with third-party/vendor risk management, security awareness training, business continuity, and incident response coordination. - Familiarity with governance, reporting, and workflow management tools such as Microsoft Office, ServiceNow, Tandem, or similar business applications. Requirements - Vision: A sighted person to read and interpret data. - Speech/Hearing: Ability to communicate verbally and in writing with staff and vendors. - Manual Dexterity: Ability to perform necessary computer-related input. - Physical Mobility: Prolonged periods sitting at a desk and working on a computer. Ability to work flexible hours. - Familiarity in using and managing SIEM tools, endpoint protection platforms, and cloud security technologies. - Strong analytical and problem-solving skills to handle complex incidents. - Excellent written and verbal communication skills for technical and non-technical audiences. Benefits - Ability to prioritize tasks and manage time effectively in a fast-paced environment. - Ability to perform detailed analyses of security incidents and recommend appropriate solutions. - Interpersonal skills to collaborate with technical and non-technical teams effectively. - Ability to produce high-quality, accurate work under pressure. - Capacity to stay ahead of rapidly evolving cybersecurity trends. - Ability to use various IT security tools and devices in a dynamic environment. Company Description Black Hills Federal Credit Union (BHFCU) is committed to improving the lives of our members every day, and we look for people who share that passion. Our onboarding includes an orientation program with ongoing training to help staff further their career at BHFCU by building on their existing strengths.

• AI-assisted security operations. Use AI tools (Claude, copilots, and emerging agentic platforms) as a force multiplier across every part of the job - accelerating triage and investigation, drafting and refining detections, summarizing alerts and incidents, automating repetitive analyst work, and improving the metrics that matter (MTTD, MTTR, dwell time, analyst throughput). Set the bar for how the security team uses AI responsibly in a PHI environment. • Threat hunting. Develop and execute hypothesis-driven hunts across endpoints, cloud workloads, identity, and SaaS. Translate hunt findings into durable detections. Utilize AI and automation to turn Threat Hunting into a powerful, proactive tool. • Vulnerability management. Drive the vulnerability lifecycle - discovery, prioritization (risk-based, not just CVSS), remediation tracking, and reporting. Partner with engineering to close real risk fast. • Attack surface management. Maintain visibility into our external and internal attack surface across cloud, SaaS, third parties, and acquired entities. Find exposure before someone else does. • Incident response and digital forensics. Assist, however necessary, the Lead Incident Responder with investigations and security incidents from triage through containment, eradication, recovery, and post-incident review. Perform host, network, cloud, and memory forensics. Assist with IR playbooks and the evidence chain. • Fraud assessment. Drive deep analysis on the source of digital fraud. From payment card to cyber-initiated fraud, understand the how and why on the digital fraud frontier. • Cross-functional partnership. Work directly with Engineering, IT, Operations, and Compliance. Translate security findings into clear asks with concrete next steps. Attack problems, not people. • Healthcare-specific risk. Apply controls that fit a HIPAA-regulated, PHI-handling environment. Help us move at purposeful speed without breaking what matters.

Role Description ECS is seeking a Senior SOC Analyst (SOC Lead) with demonstrated experience supporting the development of processes, procedures, and automations to rapidly ingest, aggregate, correlate, normalize, analyze event messages to absurdly identify and respond to Indicators of Compromise (IoCs). The ideal candidate is a critical thinker and perpetual learner who is excited to solve some of our clients’ toughest challenges. To be successful the candidate must have experience working in a mature 24x7x365 Security Operation Center. Shift schedule: Mon-Friday, 8AM-4PM ET (subject to change) Responsibilities - Provides subject matter expertise for monitoring and managing threats, disseminating information, and handling, responding to, and investigating all incident escalations from the Security Operations Center. - Ensures all security incidents are tracked and documented appropriately. - Continuously monitors SIEM and on-premises infrastructure/cloud applications for security events to threats & intrusions, including: - SIEM alert queue - Phishing email inbox - Intel feeds via email and other sources (i.e., US-CERT, MS-ISAC) - Incident ticketing queue (Resilient tickets) - Ensures the SOC manager stays informed of any issues or incidents. - Coordinates with SOC staff to conduct incident/policy violation investigations, report infractions, eradicate/mitigate/remediate Indications of Compromise (IoC), and perform continuous monitoring functions. - Leads root cause analysis and post-mortem dialogue after significant events to capture lessons learned and define process or technology improvements. - Owns the successful completion of all daily operational processes and procedures. - Develops and maintains standard operating procedures (SOPs), technical playbooks and operational run books to support SOC operations and incident response activities. - Conduct follow-up meetings of escalated or noteworthy cases and modifies SOPs and playbooks based on policies, standards and best practices learned from previous cases. - Works in conjunction with SOC and infrastructure management teams to administer and manage the SOC security technologies. - Evaluates Common Vulnerabilities and Exposures (CVE) as a potential internal/external attack vector, develop recommendations to eliminate vulnerability/weakness if present. - Work closely with Cyber Threat Intel to provide information on detection patterns for new upcoming threats. - Oversees threat hunting initiatives and reviews hunt reports that are provided by SOC analysts. - Provides training and mentorship to SOC analysts to improve the incident handling capabilities. - Provides guidance for all internal stakeholders for reporting and visualizations that supports SOC goals and objectives to identify and correct gaps. - Reconfigures analytic objects (e.g., fields, extractions, tags, event types, lookups, workflow actions, aliases). - Develops reports for operational activities to meet SOC and cybersecurity leadership requirements and directives. - Provides extensive knowledge of cybersecurity, incident response, digital forensic analysis and educate personnel on effective SOC searches, reporting, and visualization development. - This role involves shift work schedule to support our 24/7 operation, including weekends and holidays. Candidates must be flexible in their availability. While we make every effort to accommodate individual preferences, it's essential to understand that specific shift requests are not guaranteed and are assigned based on operational needs. Qualifications - 5+ years of experience in cybersecurity operations & incident response, with at least 3+ years in a SOC environment and 2+ years in a leadership role. - Ability to interpret complex cybersecurity topics and effectively communicate or present information to various groups of stakeholders (Executives, SOC, etc.). - In-depth knowledge of SIEM technologies (i.e. QRadar, Splunk), EDR (i.e. CrowdStrike), IDS/IPS, malware analysis, and vulnerability management tools (i.e. Tenable). - Experience leading and mentoring junior analysts. - Experience with two or more analysis tools used in a CIRT or similar investigative environment. - Ability to analyze and triage IoCs. - Proven understanding of computer and network fundamentals. - Ability to perform in-depth research tasks and produce written summaries to include insights and predictions based on an analytical process. - Knowledge of current cyber threats, trends, attack lifecycle, and various Tactics, Techniques, and Procedures (TTPs). - Industry-recognized certifications, such as CISSP, CISM, GIAC, or CEH, are preferred. - Excellent leadership, written and oral communication skills, and problem-solving skills. - Ability to handle high-stress situations with a calm and methodical approach. Requirements - Salary Range: $135,000 - $150,000 Benefits - General Description of Benefits

• Realizar a primeira linha de monitoramento dos sistemas, identificando alertas e eventos suspeitos; • Analisar alertas de segurança de acordo com procedimentos predefinidos, buscando por padrões e correlações; • Elaborar relatórios simples sobre as atividades de monitoramento e incidentes; • Elaborar relatórios de auditoria e revisão das consoles de segurança e de vulnerabilidades técnicas; • Prestar suporte técnico aos usuários, clientes e outras equipes, nos itens de responsabilidade do SOC e acionar equipes de apoio quando necessário; • Responder incidentes de baixa e média complexidade; • Elaborar e manter documentações dos processos internos de SOC e das consoles de segurança; • Atuar em melhorias e atualizações nas ferramentas de segurança do ambiente.