Company
This position is responsible for helping to ensure the security and integrity of the FedNow organization across people, operations, and technology. This individual will directly support security engineering and operations. The individual will also be expected to provide cybersecurity expertise both through consultation and hands-on technical activities.
Desired Qualifications
• Pro gramming Languages relevant to web and API development such as Python, Java, GO is required Pro gramming Languages relevant to web and API development such as Python, Java, GO is required
• Experience security testing cloud workloads . Experience security testing cloud workloads .
• Strong understanding of web service protocols , REST principles , and client-server architecture is necessary Strong understanding of web service protocols , REST principles , and client-server architecture is necessary
• Strong understanding of API defense strategies and ability to implement Strong understanding of API defense strategies and ability to implement
• Fou ndational understanding of logging and monitoring tools to detect anomalies and respond to incidents in real-time Fou ndational understanding of logging and monitoring tools to detect anomalies and respond to incidents in real-time
• Strong attention to detail and creative problem-solving are essential for navigating complex security challenges Strong attention to detail and creative problem-solving are essential for navigating complex security challenges
• Ability to effectively communicate risks and solutions to both technical and non-technical stakeholders Ability to effectively communicate risks and solutions to both technical and non-technical stakeholders
• Collaborating effectively within a team, including developers, platform architects, and project managers in a multi-dis trict environment Collaborating effectively within a team, including developers, platform architects, and project managers in a multi-dis trict environment
What will be expected of you
• Develop code to automate security frameworks into functional, secure infrastructure and deploy security tool ing using automation as a foundation . Develop code to automate security frameworks into functional, secure infrastructure and deploy security tool ing using automation as a foundation .
• Design and execute point-in-time security tests, automated or manually, against cloud workloads. Design and execute point-in-time security tests, automated or manually, against cloud workloads.
• DevSecOps integration - enable a utomate static and dynamic API security checks using CI/CD tools. Enforce governance gates during key lifecycle phases ( eg. Design, Validate , Publish) DevSecOps integration - enable a utomate static and dynamic API security checks using CI/CD tools. Enforce governance gates during key lifecycle phases ( eg. Design, Validate , Publish)
• Partner with application, security, and platform teams to embed security into API design, development, and deployment . Partner with application, security, and platform teams to embed security into API design, development, and deployment .
• Contribute to security architecture reviews , threat modeling, and technical design discussions Contribute to security architecture reviews , threat modeling, and technical design discussions
• Define, configure, and enforce API gateway policies for authentication, authorization, encryption, and traffic-management controls Define, configure, and enforce API gateway policies for authentication, authorization, encryption, and traffic-management controls
• Monitor traffic and collaborate with security and engineering teams on incident response and remediation Monitor traffic and collaborate with security and engineering teams on incident response and remediation
• Represent a technologist's point of view in selecting tooling and solutions. Represent a technologist's point of view in selecting tooling and solutions.
• Proven ability to collaborate, build relationships and influence direct & in-direct team members in a matrix-management environment. Proven ability to collaborate, build relationships and influence direct & in-direct team members in a matrix-management environment.
• P resent and debrief cybersecurity findings, risk posture, and control effectiveness to leadership and management audiences, translating technical security data into clear, actionable insights to support informed decision-making. Actively seek to remove barriers and improve security across the program. P resent and debrief cybersecurity findings, risk posture, and control effectiveness to leadership and management audiences, translating technical security data into clear, actionable insights to support informed decision-making. Actively seek to remove barriers and improve security across the program.
• Document technical solutions developed and the supporting processes . Document technical solutions developed and the supporting processes .
• Identify and address the root causes of issues, focusing on solving problem categories rather than individual instances. Engage early and comprehensively. Identify and address the root causes of issues, focusing on solving problem categories rather than individual instances. Engage early and comprehensively.
Expertise you would bring
• 5 + years of experience in an object-oriented language (Python, Java, or Go preferably) 5 + years of experience in an object-oriented language (Python, Java, or Go preferably)
• Experience working in a DevSecOps software development environment Experience working in a DevSecOps software development environment
• 5+ years of experience in Cyber Security, with a focus on API gateway engineering 5+ years of experience in Cyber Security, with a focus on API gateway engineering
• 5 + years of Cloud Native experience (AWS preferred) 5 + years of Cloud Native experience (AWS preferred)
• Strong understanding of API Security, OWASP API Top 10, secure API design principles Strong understanding of API Security, OWASP API Top 10, secure API design principles
• Exposure to API gateway security tools (runtime protection, discovery, or post ure mgmt.) Exposure to API gateway security tools (runtime protection, discovery, or post ure mgmt.)
• Proficiency in working with Infrastructure as Code ( i.e Terraform, Pulumi ) Proficiency in working with Infrastructure as Code ( i.e Terraform, Pulumi )
• Proven experience building and securing CI/CD pipelines (GitHub, GitLab CI, Jenkins, etc.) Proven experience building and securing CI/CD pipelines (GitHub, GitLab CI, Jenkins, etc.)
• Proficiency with container technologies (Docker, Kubernetes) and their security implications Proficiency with container technologies (Docker, Kubernetes) and their security implications
• Expertise with Cloud IAM c onfiguration /policies , c ontainer o rchestration /testing Expertise with Cloud IAM c onfiguration /policies , c ontainer o rchestration /testing
• Lead and execute cyber incident response activities, including detection, analysis, containment, eradication, and recovery with a focus on senior-level responsibilities. Lead and execute cyber incident response activities, including detection, analysis, containment, eradication, and recovery with a focus on senior-level responsibilities.
• Strong communication skills with ability to influence at all levels of the organization; ability to simplify complex security topics for consumption and critical decision making Strong communication skills with ability to influence at all levels of the organization; ability to simplify complex security topics for consumption and critical decision making
Logistics and Requirements
• The ability to obtain security clearance The ability to obtain security clearance
• Be able to support on-call and work- rotation activities Be able to support on-call and work- rotation activities
• Relevant certifications (e.g., CISSP, CISM, GIAC , AWS, AZURE ). Relevant certifications (e.g., CISSP, CISM, GIAC , AWS, AZURE ).
• Federal Reserve System candidates will remain employed at current Federal Reserve Bank, but report into the FedNow team via cross-district arrangement . Federal Reserve System candidates will remain employed at current Federal Reserve Bank, but report into the FedNow team via cross-district arrangement .
The salary range for this position is $ 170,200 - $212,700 - $255,200. The Boston Fed believes in salary transparency. The final salary and offer will be determined by the applicant's background, skills, internal equity, and alignment with market data. Whether you're developing into the job or are a more seasoned candidate, we aim to pay competitively.
All employees assigned to this position will be subject to FBI fingerprint/ criminal background and Patriot Act/ Office of Foreign Assets Control (OFAC) watch list checks at least once every five years. The above statements are intended to describe the general nature and level of work required of this position. They are not intended to be an exhaustive list of all duties, responsibilities or skills associated with this position or the personnel classified. While this job description is intended to be an accurate reflection of this position, management reserves the right to revise this or any job description at its discretion at any time.
The Federal Reserve System is committed to a diverse and inclusive workplace and to provide equal employment opportunities to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service.
All employees assigned to this position will be subject to FBI fingerprint/ criminal background and Patriot Act/ Office of Foreign Assets Control (OFAC) watch list checks at least once every five years.
The above statements are intended to describe the general nature and level of work required of this position. They are not intended to be an exhaustive list of all duties, responsibilities or skills associated with this position or the personnel classified. While this job description is intended to be an accurate reflection of this position, management reserves the right to revise this or any job description at its discretion at any time.
For this job, any offer of employment is contingent upon successfully passing a two-phase security screening. The first phase consists of the satisfactory completion of a physical examination (including a drug screening), reference checks, and a security investigation consisting of credit and criminal history checks.
The second phase, which might not be complete until after you begin working at the Reserve Bank, is an additional risk-based security screening determined by the risk rating of the position. Depending upon the sensitivity of the position, this phase may include, and is not limited to, work and residency eligibility verification, and personal interviews with the candidate, references, and prior employers.
All applicants must have resided in the United States for at least three (3) years
Full Time / Part Time
Regular / Temporary
Job Exempt (Yes / No)
Job Category
Work Shift
The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.
Always verify and apply to jobs on Federal Reserve System Careers ( https://rb.wd5.myworkdayjobs.com/FRS ) or through verified Federal Reserve Bank social media channels.
Privacy Notice