Security Systems Engineer (Maintenance)

Company

Federal Reserve Bank of Boston

All applicants must be a US Citizen or a permanent resident who has also been located in the United States for at least the past three (3) years.

This job is based in the Boston office on a hybrid schedule with at least 3 days per week onsite work expected. The individual is expected to reside in the Boston District.

This position is primarily responsible for implementing Boston's Vulnerability Management process from detection to remediation. A successful candidate will be able to generate reports and recommend or implement changes to remediate vulnerabilities across multiple lines of business.

Responsibilities include configuring reoccurring vulnerability scanning against workstations as well as web applications, developing reporting based on these scan results to be compliant with the latest FRISS standards, and developing and implementing procedures to ensure the confidentiality, integrity, and availability of Federal Reserve information assets.

Responsibilities will also include general Information Security Operations tasks where needed, so there will be opportunities to expand other Information Security related skillsets. The position provides leadership and direction to management in the evaluation and disposition of the Bank's information security activities.  

This position also provides District level consulting support and guidance on Federal Reserve System technology initiatives as they relate to local information security operations/mission and is knowledgeable in the principal technologies of the Bank's mission.

Responsibilities

Identifies, designs, recommends, and implements procedure/process improvements and enhancements for increased efficiency and effectiveness. Investigates incidents, and insider risks to remediate and determine root causes which in turn is used to strengthen the FRS posture. Interprets and addresses requests and concerns.

Develops, maintains, and implements standards, guidelines, and operating policies and procedures. Identifies issues and vulnerabilities, assesses risks, and determines alternatives. Provides support and resolution of security problems by analyzing, troubleshooting, remediating, and resolving issues.

• Performs event monitoring and incident response and insider risks by analyzing anomalies, and containing, mitigating, and analyzing cyber incidents

• Conducts penetration testing, vulnerability assessments (including remediation efforts), risk management assessments, and general security assessments of hardware, software, and information systems

• Conducts complete computer forensics analysis including acquiring device images, ensuring adherence to chain-of-custody, analysis, documenting, reporting, and presenting findings to senior leadership

• Performs problem determination as needed and recommends changes to existing procedures or software configurations to reduce risk

• Partners with, and provides consultation to, business areas to understand their business functions for consideration of cyber security impacts, policies, and direction

• Ensures network and endpoint security by providing assistance with, and assessment of, configuration, applications, and agents. Also provides support in areas such as, but not limited to, ability to understand and troubleshoot encryption (SSL/TLS), web traffic, packet analysis

• Advises on the impact of technical changes and exception requests. Analyzes the results of scans, tests, assessments, compliance activities, etc. and reports on results. Provides remediation recommendations

• Experience and understanding of automation and scripting in one or more tools and languages

• Experience creating dashboards and queries in one or more Security Information Event Monitoring (SIEM) tools for the purpose of automation and correlation

• In-depth understanding of various Operating Systems including Windows, Macintosh, Apple iOS Mobile, Unix/Linux to be applied to Incident Response and Forensics activities

• Contributes to, and/or leads System level security work groups

• Manages complex security projects including planning, scheduling and delivery

• Provide commentary on proposed revisions to policy and procedures

• Contribute to efforts in support of the Federal Reserve Bank's security awareness and training initiatives.

• Participate in and/or lead, System level security work groups.

• Continually advance technical knowledge in security-related technologies through self-education and formal training

Other Accountabilities

• required to perform 24-hour on-call security incident response

• Perform other duties as assigned

• Will be expected to maintain certifications by obtaining continuing professional education (CPE) credits

Required Knowledge and Experience

• Knowledge and experience normally acquired through, or equivalent to, the completion of a Bachelor's degree and a minimum of 3 years of related experience.

• Working knowledge of NIST 800 series Special Publications and IT Security Program.

• Knowledge of Federal Reserve System SAFR/FISMA security requirements.

• Knowledge and experience with risk assessments, security plans, and test and evaluation activities.

• Ability to develop corrective action plans.

• Good organization skills with the ability to exercise discretion and ingenuity to determine the proper course of action while following established standards.

• Ability to be innovative with resourcefulness and a strong drive for results.

• High level of communication and leadership skills to support and interact with internal and external team members.

• Excellent written and verbal communication skills.

• Able to maintain strong customer relations across a complex and federated environment.

• Keypoint High Classification required

Full Time / Part Time

Full time

Regular / Temporary

Regular

Job Exempt (Yes / No)

Yes

Job Category

Work Shift

First (United States of America)

The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.

Always verify and apply to jobs on Federal Reserve System Careers (https://rb.wd5.myworkdayjobs.com/FRS) or through verified Federal Reserve Bank social media channels.

Privacy Notice