network security engineer

Position Title: network security engineer

Department: information security

Elevate! Admin: manager/information security

Supervisor: manager/information security

Direct Reports: No direct reports

Grade Level: 1500

FLSA Status: Exempt

EEO-1 Class: Professionals 

Work Site: Hybrid 

District: South

Date Created: 08/2022

Date Revised: 04/2026

Our Purpose

To create joy and ignite Michiganders’ impossible dreams.

Shared Commitments

At orsa, our commitments start with our purpose and are guided by our vibrantly lived values. We walk together toward strategic ends, galvanized by regenerative leadership and a growth orientation which moves us toward our human potential, so that we can support Michiganders in shaping the life they desire.

Role Purpose

The network security engineer is responsible for researching, designing, engineering, implementing, and supporting network security solutions. This position will utilize in-depth technical knowledge and business requirements to help design and implement a secure network and secure solutions. This position will regularly collaborate with members of the technology solutions & support team, as well as other leaders across the Credit Union Business Units.

This position has a starting annual rate of $103,100, but your offer amount may be increased with relevant work experience and transferable skills.

Primary Responsibilities

As an impact-driven team, our work is collaborative and dynamic. This role, like all positions at orsa, will be counted on to perform a variety of tasks associated with its purpose and as directed by leadership. Some of the core deliverables of this role are:

Role Specific Contributions

• Research, design, engineer, implement, and support enterprise network security solutions aligned with industry best practices and organizational risk tolerance. 


• Administer and maintain Palo Alto firewall infrastructure, including rule lifecycle management (creation, review, optimization, decommission), policy tuning, threat prevention, URL filtering, and firmware updates. 


• Manage and mature the organization's Privileged Access Management (PAM) program, including credential vaulting, session monitoring, access policies, and periodic access reviews. 


• Administer and enhance Single Sign-On (SSO) and identity federation configurations, ensuring secure authentication flows across enterprise applications. 


• Harden and secure the Microsoft 365 environment, including Exchange Online, SharePoint, Teams, Entra ID, and Defender suite configurations, aligned with CIS benchmarks and organizational policy. 


• Manage Microsoft Intune, including compliance policies, configuration profiles, conditional access integration, and device hardening standards. 


• Develop, implement, and maintain system and network hardening standards across on-premises, cloud, and hybrid environments. 

Security Operations & Incident Response

• Perform network traffic analysis and anomaly detection across network infrastructure, coordinating remediation efforts with Technology teams. 


• Support network segmentation and microsegmentation strategy to reduce lateral movement risk and meet regulatory expectations. 


• Support incident detection and response activities from the network layer, including packet capture, log analysis, and forensic support. 


• Contribute to compliance and audit readiness efforts related to network and endpoint security controls (e.g., NCUA, GLBA, PCI-DSS). 


• Respond to team member security questions, provide guidance on secure practices, and support security awareness efforts. 

Technology Evaluation & Risk Management

• Evaluate new technologies, applications, and vendor solutions for security risk, recommending appropriate safeguards to leadership. 


• Stay current on emerging threats, vulnerabilities, and industry standards, applying knowledge to continuously improve the organization's security posture. 

Vendor & Documentation Management

• Manage relationships with third-party security vendors, including the organization's Managed Security Services Provider (MSSP) and SIEM platform, ensuring service level expectations are met, alert tuning is current, and escalation processes are effective. Coordinate with vendors on security implementations, assessments, and ongoing managed service delivery.


• Maintain network security documentation, including architecture diagrams, runbooks, hardening baselines, and standard operating procedures. 

• Support additional initiatives and priorities as directed by leadership.

Qualifications and Competency Requirements

As an organization focused on creating belonging, we appreciate that outstanding team members have different roads to excellence. Therefore, we don’t compromise on capability but use qualifications as guidelines. Typically, we’d expect a great manager/impact intelligence to have built capabilities through experiences that would include a minimum of: 

• Education: High school diploma or equivalent. 


• Work Experience: Minimum of 5 years of experience in information security and/or network engineering.


• Preferred Industry Experience: Strong familiarity with banking or credit union core systems. 

The outcome of experience is our priority, so proficiency will be evaluated over means of acquiring it. Necessary competencies include: 

Functional

• Technology Solutions & Systems Management: Design, maintain, and manage reliable technology infrastructure, solutions and operational systems. 


• Data, Security & Digital Integrity: Protect information systems, digital assets, and data through effective security practices and data protection measures. 


• Digital Innovation & User Experience: Develop and implement digital solutions to enhance member and team member experiences.


• Communication and Collaboration: Strong interpersonal skills to work with IT teams, management, and external auditors to ensure alignment on security goals and practices.

Work Model and Conditions: Hybrid

This position works in-office where working conditions, lighting, temperature, audio, and workspace are all sufficient. This position also works from home, where an appropriate work environment is required. Work requires the ability to constantly operate a computer and the ability to read, type, and communicate. Work may require the ability to move work-related supplies weighing up to 10-15 pounds. 

The hybrid classification provides the opportunity to flex with purpose, empowering team members to work in locations best suited for work and life. In that spirit, those in a hybrid role are encouraged to maintain a commutable proximity to their primary work location because:

• The organization expects hybrid team members to attend certain meetings in person 


• Managers may require onsite work to support outcomes


• Work model classification is subject to change

Contact/application information:

If this description appeals to you, please submit an application! A member of orsa’s talent acquisition team will be in contact with you shortly! 

 

Equal Employment Opportunity Policy:

orsa credit union is an equal opportunity employer (M/F/D/V). We recruit, employ, train, compensate, and promote without regard to race, religion, creed, color, national origin, age, gender, gender identity or expression, sexual orientation, marital status, disability, veteran status, or any other basis protected by applicable Federal, State or local laws. 
 

 

Disclaimer:

This job posting highlights some of the most critical responsibilities and requirements of the position. There may be additional duties and responsibilities that are not listed above. A Talent Acquisition Specialist will be sure to discuss the role in further detail should your application be selected to move forward. 
 

Please note that orsa credit union does not involve Artificial Intelligence (AI) when evaluating applications. Applications for this position are reviewed by a member within the Talent Acquisition team. We are dedicated to providing an equitable and thorough review of all submissions and look forward to additional connection as the recruitment process continues!