03 Sep
Information Security Engineer
Pennsylvania, Philadelphia , 19019 Philadelphia USA

Vacancy expired!

Company Federal Reserve Bank of Kansas CityResponsible for the monitoring, maintaining, and supporting of a wide range of information security policies, practices, and systems. About the Role: General Activities

  • Develops and maintains the information security posture (rules, controls, security safeguards, etc.) to protect the Bank's information assets, and conducts reviews.
  • Identifies, designs, recommends, and implements procedure/process improvements and enhancements for increased efficiency and effectiveness. Interprets and addresses requests and concerns. Develops, maintains, and implements standards, guidelines, and operating policies and procedures.
  • Analyzes, documents, and communicates risks using the SAFR risk management process.
  • Identifies issues and vulnerabilities, assesses risks, and determines alternatives. Provides support and resolution of security problems by analyzing, troubleshooting, remediating, and resolving issues. Advises on the impact of technical changes and exception requests.
  • Plans, develops, and delivers initiatives that promote sound cyber security practices to include creation and delivery of training (general, business-specific, etc.). Evaluates programs for effectiveness and improvement.
  • Analyzes the results of scans, tests, assessments, compliance activities, etc. and reports on results. Provides remediation recommendations.
  • May be required to provide on-call support as needed, which might necessitate additional work outside of normal business hours.
  • Performs other duties as assigned.
  • Familiarity with Agile and SAFe practices
Engineer Activities
  • Performs vulnerability assessment and management. Provides oversight of patch penetration, scans for vulnerabilities, conducts security analysis of scan results, and validates vulnerability remediation.
  • Performs event monitoring and incident response by analyzing anomalies, and containing, mitigating, and analyzing cyber incidents.
  • Conducts dynamic manual web application scans.
  • Performs computer forensics analysis by acquiring device images, ensuring adherence to chain-of-custody.
  • Performs penetration testing by conducting scans to identify system and environmental vulnerabilities.
  • Ensures network and endpoint security by providing assistance with, and assessment of, configuration, applications, and agents. Also provides support in areas such as, but not limited to, ability to understand and troubleshoot encryption (SSL/TLS), web traffic, packet analysis.
  • Coordinate and perform installation, on-going maintenance and support, upgrades, testing, and end user support for enterprise information security applications.
  • Partners with, and provides consultation to, business areas to understand their business functions for consideration of cyber security impacts, policies, and direction.
  • Ensures the environment is fully utilizing available technology to enhance productivity, reduce manual effort through automation, and improve work processes. May perform light programming, usually scripting, to automate manual tasks.
Compliance and Risk Activities
  • Consults with business owners and enforces policies and procedures. Creates and monitors reports, reviews policy documentation, adds new or modifies existing components, and investigates possible exceptions. Conducts audits and risk assessments for department and end-users.
  • Determines asset risk level, coordinates the development of a security plan, and generates a security package.
  • Reports on compliance and exceptions. Maintains non-compliance (exception) review and approval processes; provides recommendations on non-compliance situations.
  • Provides input to the SAFR Risk Management Framework (RMF) process activities and related documentation (system lifecycle support plans, operational procedures, training materials, etc.).
  • Participates in supplier assessments (third party vendors, cloud services, etc.) by evaluating responses against required controls to identify gaps.
  • Typically requires at least 3 years of relevant experience.
  • High school education or GED. Associate's degree specializing in an information technology field from an accredited college or university or technical school, or equivalent combination of directly related education and/or experience preferred.
  • Information Security industry certification (SSCP, CISSP, GIAC, CISM, CISA, etc.) preferred. SAFR Certification preferred.
  • Intermediate understanding of subject.
  • Performs most work independently with general supervision and direction. May consult with management or more senior staff in decision-making.
  • I ncumbent must be fully vaccinated against COVID-19, unless the Bank grants an accommodation based on a medical condition or sincerely held religious belief.
Certain eligibility requirements apply.This position has additional screening requirements due to the information accessed while performing the job. These additional screenings would be initiated at the time of offer acceptance and can take up to a couple of months to be completed. You can begin work before the screening is completed; however, continued employment is contingent on acceptable screening results. The areas screened include, education/employment verification, criminal history, credit history, and reference checks.Follow us on LinkedIn, Instagram, Twitter, and our YouTube channel - Kansas City Fed. Full Time / Part Time Full time Regular / Temporary Regular Job Exempt (Yes / No) Yes Job Category Information Technology Work Shift First (United States of America)The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences. Privacy Notice

Vacancy expired!

Related jobs

Report job