Sr./ Lead Information Security Engineer

Company

Federal Reserve Bank of San Francisco

We are the Federal Reserve Bank of San Francisco—public servants with a mission to advance the nation’s monetary, financial, and payment systems to build a stronger economy for all Americans. We are a community-engaged bank, and are committed to understanding and serving the vibrant, expansive communities of the Twelfth District. That means we seek and appreciate new perspectives. We respect people for what they do and for who they are. We build opportunities to learn and grow. When you join the SF Fed, you become part of a diverse team united in its purpose to promote an economy that works for everyone.
We empower our people to balance their life and work responsibilities. That’s why we offer a flexible hybrid work model that allows you to collaborate with office colleagues on some days, and work from home on others.

Information Security at the FRBSF has a position for a Lead Information Security Engineer who will join us in evolving application security and fostering collaboration with development teams.  This role offers the opportunity to use your technical skills, and security understanding, to design and engineer solutions that assist our development teams in implementing DevSecOps and creating secure and resilient applications and environments.  This role requires strong analytical, communication, problem solving, engineering, and interpersonal skills.  In this role you will work closely with other members of the Information Security team, our application development groups, and other groups across the Federal Reserve System, helping to build strong relationships across functions and create solutions that provide effective, seamless security to protect our custom developed products.

Essential responsibilities:

• Develop and help implement security tools and solution patterns to support secure software development and application design/operation
• Provide guidance to DevOps team members with the design, development and operationalization of security, during development, deployment and operation of applications
• Help refine DevSecOps processes and engage in security engineering review of code and IT configuration
• Support secure development within the Federal Reserve System by fostering constructive dialogue and seeking resolution when confronted with discordant views
• Perform reviews of proposed or implemented pipeline, application module or cloud solutions.
• Deliver and improve security metrics
• Mentor more junior engineers and be a security thought leader for the organization
• Assist with recruiting activities and administrative work

Minimum Qualifications:

• Bachelor's degree in computer science, Information Systems, Computer Engineering, Cybersecurity, Systems Analysis or a equivalent work experience
• A Sr Security engineer requires five or more years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration and 3+ years’ experience designing and deploying security solutions.
  A Lead Security engineer requires eight or more years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration and 3+ years’ experience designing and deploying security solutions
• Proficiency with coding and scripting languages, such as, C#, C++, Java, Python, Go, Rust, PowerShell, Node.js, React and Bash
• Minimum of 5 years of experience in defensive security, 8 or more years in IT
• SANS GSEC or equivalent technical security focused certification
• Must be a U.S. Citizen or a Green Card holder with the intent to become a U.S. Citizen  

Preferred skills:

• Experience with threat modeling and security review processes
• Experience with OpenShift, Kubernetes, or Docker
• Experience with securing development within AWS or Azure
• Experience with Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST) and Secure Component Analysis (SCA) tools
• Experience with CI/CD pipeline platform tools such as Ansible, Jenkins, GitLab or GitHub and various branching strategies
• Experience with Splunk or Elastic, Logstash, Kibana (ELK)
• Experience as a developer and/or working closely with application development teams
• Familiarity with OWASP projects and NIST and CISA standards and guidance
• Ability to communicate clearly and influence outcomes
• Ability and desire to engage in continuous learning and upskilling
• SANS GWEB, GWAPT, or other similar secure development, cloud security or application security certification

Base Salary Range for Sr. IT Security Engineer: Min: $113,600 - Mid: $147,600 - Max: $181,600(Location: San Francisco)
Base Salary Range for LEAD IT Security Engineer: Min: $138,900 - Mid: $180,400 - Max: $221,900 (Location: San Francisco)

Final salary and offer will be determined by the applicant’s background, experience, skills, internal equity, and alignment with market data.

We offer a wonderful benefits package including Medical, Dental, Vision, Pre-tax Flexible Spending Account, Backup Child Care Program, Pre-Tax Day Care Flexible Spending Account, Paid Family Care Leave, Vacation Days, Sick Days, Paid Holidays, Pet Insurance, Matching 401(k), and Retirement/Pension.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive other benefits and privileges of employment. The SF Fed is an Equal Opportunity Employer.

#LI-Hybrid

Full Time / Part Time

Full time

Regular / Temporary

Regular

Job Exempt (Yes / No)

Yes

Job Category

Information Technology

Work Shift

First (United States of America)

The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.

Always verify and apply to jobs on Federal Reserve System Careers (https://rb.wd5.myworkdayjobs.com/FRS) or through verified Federal Reserve Bank social media channels.

Privacy Notice