Vacancy expired!
Company Federal Reserve Bank of Cleveland
All employees must be fully vaccinated against COVID-19 which includes receiving a COVID-19 vaccine booster or qualifying for an accommodation from the Bank's COVID-19 Vaccination Policy; individuals who are unable to be vaccinated due to a medical condition or sincerely held religious belief may request an accommodation from the Bank.To be considered for the role, candidates must =.Job Description This position provides leadership for protecting the confidentiality, integrity, and availability of web and/or mobile applications by establishing and enforcing system access controls; defining system security requirements, recommending improvements to system security frameworks, ensuring authorized access to systems through monitoring, performing testing or scanning for security vulnerabilities, and raising security awareness.- As needed, lead the Identification of security related issues and definition of security requirements during all phases of the application development lifecycle.
- Review program/development documents to ensure adherence to secure coding standards, guidelines and security requirements.
- Draft, review, and approve security related test cases.
- Coordinate or lead application security software testing efforts with other testing stakeholders.
- Guide monitoring for atypical usage of information system accounts and other abnormalities to identify possible breaches.
- Assist with FISMA initiatives, e.g., updating security plans, to support ISSO responsibilities.
- Perform Penetration Testing activities to ensure web vulnerabilities are not present within Treasury Services applications.
- Deliver conclusions and security recommendations to Treasury Services management, Fiscal Service and other stakeholders. Performs other duties as assigned or requested.
- Adheres to the Banks attendance policies through regular and prompt attendance.
- Ability to analyze highly complex business requirements.
- Thorough understanding of industry based security controls relating to applications, services, and systems.
- Knowledge of cloud-based platforms and technologies.
- Thorough understanding of security controls relating to access control, authentication, and auditing.
- Demonstrated knowledge and understanding of information security industry trends and emerging technologies, especially relating to application security vulnerabilities.
- Proficient at testing web application for security vulnerabilities, such as those listed in the OWASP Top 10 and familiar with the tools used for testing.
- Demonstrated ability to learn new systems and technologies
- Demonstrated ability to train others in the use of new systems and technologies
- Excellent time management skills, and the ability to prioritize and multi-task.
- Associate: Bachelor's degree with no experience or Associate's degree with 3+ years of related work experience
- Analyst: Bachelor's degree with 3+ years of related work experience or Associate's degree with 5+ years of related work experience
- Sr. Analyst: Bachelor's degree with 5+ years of related work experience or Associate's degree with 7+ years of related work experience
- Analyst and Sr. Analyst: at least one security certification required (CISSP, CSSLP, CCSP, CEH, AWS Security, etc.)