03 Sep
Information Security Engineer
Vacancy expired!
Company Federal Reserve Bank of Kansas CityResponsible for the monitoring, maintaining, and supporting of a wide range of information security policies, practices, and systems. About the Role: General Activities
- Develops and maintains the information security posture (rules, controls, security safeguards, etc.) to protect the Bank's information assets, and conducts reviews.
- Identifies, designs, recommends, and implements procedure/process improvements and enhancements for increased efficiency and effectiveness. Interprets and addresses requests and concerns. Develops, maintains, and implements standards, guidelines, and operating policies and procedures.
- Analyzes, documents, and communicates risks using the SAFR risk management process.
- Identifies issues and vulnerabilities, assesses risks, and determines alternatives. Provides support and resolution of security problems by analyzing, troubleshooting, remediating, and resolving issues. Advises on the impact of technical changes and exception requests.
- Plans, develops, and delivers initiatives that promote sound cyber security practices to include creation and delivery of training (general, business-specific, etc.). Evaluates programs for effectiveness and improvement.
- Analyzes the results of scans, tests, assessments, compliance activities, etc. and reports on results. Provides remediation recommendations.
- May be required to provide on-call support as needed, which might necessitate additional work outside of normal business hours.
- Performs other duties as assigned.
- Familiarity with Agile and SAFe practices
- Performs vulnerability assessment and management. Provides oversight of patch penetration, scans for vulnerabilities, conducts security analysis of scan results, and validates vulnerability remediation.
- Performs event monitoring and incident response by analyzing anomalies, and containing, mitigating, and analyzing cyber incidents.
- Conducts dynamic manual web application scans.
- Performs computer forensics analysis by acquiring device images, ensuring adherence to chain-of-custody.
- Performs penetration testing by conducting scans to identify system and environmental vulnerabilities.
- Ensures network and endpoint security by providing assistance with, and assessment of, configuration, applications, and agents. Also provides support in areas such as, but not limited to, ability to understand and troubleshoot encryption (SSL/TLS), web traffic, packet analysis.
- Coordinate and perform installation, on-going maintenance and support, upgrades, testing, and end user support for enterprise information security applications.
- Partners with, and provides consultation to, business areas to understand their business functions for consideration of cyber security impacts, policies, and direction.
- Ensures the environment is fully utilizing available technology to enhance productivity, reduce manual effort through automation, and improve work processes. May perform light programming, usually scripting, to automate manual tasks.
- Consults with business owners and enforces policies and procedures. Creates and monitors reports, reviews policy documentation, adds new or modifies existing components, and investigates possible exceptions. Conducts audits and risk assessments for department and end-users.
- Determines asset risk level, coordinates the development of a security plan, and generates a security package.
- Reports on compliance and exceptions. Maintains non-compliance (exception) review and approval processes; provides recommendations on non-compliance situations.
- Provides input to the SAFR Risk Management Framework (RMF) process activities and related documentation (system lifecycle support plans, operational procedures, training materials, etc.).
- Participates in supplier assessments (third party vendors, cloud services, etc.) by evaluating responses against required controls to identify gaps.
- Typically requires at least 3 years of relevant experience.
- High school education or GED. Associate's degree specializing in an information technology field from an accredited college or university or technical school, or equivalent combination of directly related education and/or experience preferred.
- Information Security industry certification (SSCP, CISSP, GIAC, CISM, CISA, etc.) preferred. SAFR Certification preferred.
- Intermediate understanding of subject.
- Performs most work independently with general supervision and direction. May consult with management or more senior staff in decision-making.
- I ncumbent must be fully vaccinated against COVID-19, unless the Bank grants an accommodation based on a medical condition or sincerely held religious belief.
Vacancy expired!