Cyber Security Analyst II / III
Cleveland, OH
Federal Reserve System
The Federal Reserve Board of Governors in Washington DC.Company
Federal Reserve Bank of ClevelandThe Federal Reserve Bank of Cleveland is part of the nation’s central bank, and we’ve provided many opportunities for professional growth during our history.For twenty-five years in a row, we’ve been named “One of Northeast Ohio’s Best Places to Work” by North Coast 99. This prestigious award honors organizations with outstanding employment practices, including compensation, benefits, training, recruitment, retention, community services, and employee communications.
Our People Make the Difference! The Federal Reserve Bank of Cleveland is seeking innovative thinkers with vision to build the framework that will carry the Bank into the future.
Follow us on LinkedIn, X, Instagram, and our YouTube channel – Cleveland Fed
The selected candidate will support the Cybersecurity Analytics Support Team (CAST) function by actively working with CAST personnel, supervisory staff and Board of Governors’ staff concerning ongoing cyber incidents within supervised institutions as well as emerging threats potentially impacting the United States financial sector. This individual would have experience and/or expertise in multiple cybersecurity subject matter areas:
- Cybersecurity related frameworks such as NIST 800-53, NIST Cybersecurity Framework (CSF), IS 27001, MITRE ATT&CK, etc.
- Assessing cybersecurity threats, vulnerabilities, and related exploitation activity; recommending related mitigations to manage risk to computing environments.
- Tracking and reporting on threat actor groups that potentially pose a threat to the United States financial sector.
- Cloud services and providers such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform.
- Incident management and response activities related to cybersecurity events.
- Security architecture and design implementation to mitigate threats against confidentiality, integrity, and availability.
Essential Accountabilities
- Conducts analysis and interpreting of cybersecurity threats to identify trends and emerging risks.
- Provide input and insight into response activities during cyber incidents to include best practices from regulatory bodies, cybersecurity organizations, and NIST.
- Conducts formal assessments to determine the severity of reported cybersecurity incidents at financial institutions.
- Prepares in written form research, analysis, and assessments for key internal stakeholders as needed or requested. Analysis supports recommendations regarding cybersecurity threats, threat vectors, threat actors and threat trends.
- Demonstrates knowledge of cybersecurity threats within the broader financial sector and related industries.
- Assist bank supervision examination teams, the central point of contact teams, and examiners-in-charge during active cybersecurity incidents at regulated banking/financial institutions.
- Build and maintain relationships with central points of contact teams, examiners, and board staff across the Federal Reserve System.
- Communicate appropriate information to the Supervision & Regulation staff at the Federal Reserve Bank and Board levels to maintain a comprehensive understanding of ongoing incidents and ensure appropriate steps are taken to isolate any potential residual effects from a cyber incident.
- Participates in knowledge sharing forums related to key cybersecurity risks and emerging issues.
- Participates in efforts to advance Reserve Bank or System strategic initiatives.
- Provides leadership, coaching, and mentoring for less experienced analysts on processes and procedures related to internal matters and the supervisory process.
- Weekend on-call support is part of the position on a rotating basis (generally once every 12 weeks)
- Performs other duties as assigned or requested.
Education and Experience
Analyst II: Bachelor's Degree in Computer Science, Management Information Systems or related field and 5+ years of related work experience required OR Two years of college and 7+ years of professional work experience.
- Strong understanding of technology governance, technology risk management, internal audit, and vendor/third party risk management.
- Knowledge of firewalls, intrusion prevention/detection systems, Linux, Windows, and Identity and Access Management concepts.
Analyst III: Bachelor's Degree in Computer Science, Management Information Systems or related field and 7+ years of related work experience required OR Master's Degree and 5+ years of professional work experience.
- Advanced ability to perform independent research and provide written reports summarizing findings and analysis.
- Intermediate knowledge of regulations, procedures, and practices of a specific discipline (e.g., bank examinations, information security, cyber intelligence).
- Advanced problem solving and analytical thinking.
- Advanced specialized operational/technical skills in cyber intelligence and information security.
- Intermediate knowledge of Microsoft Office; general proficiency in Word, PowerPoint and Excel.
- Intermediate knowledge of project management.
- Intermediate ability to analyze information and demonstrate findings with written reports, data visualizations, graphs/charts, or presentations.
Knowledge Areas
- Advanced ability to perform independent research
- Advanced knowledge of regulations, procedures and practices of a specific discipline (e.g. information security, cyber intelligence)
- Intermediate knowledge of Microsoft Office
- Intermediate knowledge of project management
- Knowledge of intelligence concepts; intelligence lifecycle, diamond method, structured analytic techniques (red team, devil's advocate, analysis of competing hypothesis)
- Working knowledge of: ESRI ArcGIS 9x, DCGS-A Systems (Multi-Function Workstation), Analyst Notebook, AxisPro (Link Diagram in MFWS), Multimedia Message Manager (M3), QueryTree, Pathfinder , Maltego
- General knowledge in areas of technology governance, technology risk management/GRC, internal audit, vendor/third-party management, business resiliency and fraud
- Security operations concepts; perimeter defense, BYOD, data loss protection, insider threat, kill chain, risk assessment, etc
- Relevant IT certifications (CISA, CISSP)
Skill Areas
- Advanced problem solving and analytical
- Advanced specialized operational/technical skills in cyber intelligence and information security
- Advanced written and verbal communication
- Intermediate presentation
- Intermediate public speaking
- Intermediate strategic thinking/planning
Citizenship requirements
This position requires access to confidential supervisory information and/or FOMC information, which is limited to "Protected Individuals" as defined in the U.S. federal immigration law. Protected Individuals include, but are not limited to, U.S. citizens, U.S. nationals, and U.S. permanent residents who either are not yet eligible to apply for naturalization or who have applied for naturalization within the requisite timeframe. Candidates who are not U.S. citizens or U.S. permanent residents may be eligible for the information access required for this position and sponsorship for a work visa, and subsequently for permanent residence, if they sign a declaration of intent to become a U.S. citizen and meet other eligibility requirements.
In addition, all candidates must undergo an enhanced background check and comply with all applicable information handling rules, and all non-U.S. citizens must sign a declaration of intent to become a U.S. citizen and pursue a path to citizenship.
Physical Demands and General Working Conditions
This is not necessarily an exhaustive list of all responsibilities, duties, performance standards or requirements, efforts, skills or working conditions associated with the job. While this is intended to be an accurate reflection of the current job, the Federal Reserve Bank of Cleveland reserves the right to revise this or any job description at any time.
Reasonable Accommodation Statement - The Federal Reserve Bank of Cleveland is committed to ensuring that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive other benefits and privileges of employment. To request a reasonable accommodation for any part of the employment process, please send an email to clev.4d.benefits.specialist@clev.frb.org.
Location/in office requirements
This position is hybrid with 2-3 days in district.
Bank’s Ethics Rules and Drug Testing
As a condition of employment, Federal Reserve Bank of Cleveland employees must comply with the Bank’s ethics rules which generally prohibit employees, their spouses/domestic partners, and minor children from owning or controlling, directly or indirectly, any debt or equity interest in a depository institution or an affiliate of a depository institution. A "depository institution" means a bank, a trust company, or any institution that accepts deposits, including a bank chartered under the laws of a foreign country. In addition, employees (and their spouses/domestic partners, and minor children) may not own shares of mutual funds, unit investment trusts or ETFs that have a policy, as stated in the prospectus, of concentrating in the financial services industry and that have underlying investments in banks or other depository institutions. If you or your spouse/domestic partner or minor child own such securities and would not be willing or able to divest them if you accepted an offer of Bank employment, you should raise this issue with the recruiter for this posting.
In addition, as a condition of employment, candidates must undergo a background check and will be tested for all controlled substances prohibited by federal law, to include marijuana, prior to hire and for certain safety sensitive positions during employment.
Always verify and apply to jobs on Federal Reserve System Careers or through verified Federal Reserve Bank social media channels
Full Time / Part Time
Full timeRegular / Temporary
RegularJob Exempt (Yes / No)
YesJob Category
Information TechnologyWork Shift
First (United States of America)The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.
Always verify and apply to jobs on Federal Reserve System Careers (https://rb.wd5.myworkdayjobs.com/FRS) or through verified Federal Reserve Bank social media channels.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Azure Banking CISA CISSP Cloud Compliance Computer Science Firewalls GCP Governance IAM Intrusion prevention Linux MITRE ATT&CK NIST NIST 800-53 Privacy Red team Risk assessment Risk management Vulnerabilities Windows
Perks/benefits: Career development Equity / stock options Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.