Job Information
Federal Reserve System Cyber Defense Specialist in New York, New York
Company
Federal Reserve Bank of New York
Working at the Federal Reserve Bank of New York positions you at the center of the financial world with a unique perspective on national and international markets and economies. You will work in an environment with a diverse group of experienced professionals to foster and support the safety, soundness, and vitality of our economic and financial systems.
The Bank believes in work flexibility to balance the demands of work and life while also connecting and collaborating with our colleagues in person. Employees can expect to be in the office a couple of days per week as needed for meetings and team collaboration and should live within a commutable distance.
What we do:
Information Security New York (ISNY) is responsible for developing, executing, and maintaining a superior information security program that promotes resiliency by identifying and mitigating cyber risks and threats through risk-based consultation, advice, and direction for controls, designs, and investments for the entire Bank.
Your Role as a Cyber Defense Specialist:
ISNY is seeking an experienced and passionate cybersecurity professional who will drive our existing endpoint vulnerability management (VM) program. Endpoints are the most common vector of exploitation, so it is critical that these are always secure. The successful candidate will have the opportunity not only to improve the posture of the Federal Reserve Bank of New York, but also to build, nurture, and strengthen our partnerships within the Federal Reserve System. You will do the following:
Manage vulnerability risk for the largest district in the Central Bank of the United States
Analyze software vulnerabilities identified on FRBNY endpoints (and other device types)
Analyze existing security control endpoints to strengthen the controls that could make vulnerability exploitation more likely – such as email-based controls, Data Loss Protection, software currency, technical debt, etc.
Platform configuration hardening
Develop, improve, and communicate a compelling strategy and roadmap for endpoint vulnerability management.
Build relationships with remediation teams, technical support, and business areas.
Proactively identify business projects that could impact our endpoint vulnerability processes, tooling, or cyber risk posture writ large
Identify and eliminate root causes of vulnerabilities or impediments to their remediation in our environment.
Measuring, reporting, and presenting on our team’s performance against objectives, policy compliance targets, and programmatic goals (e.g., SLAs, KPIs, KRIs, OKRs)
What we are looking for:
Required Skills:
A risk-based mindset from an individual who is inquisitive, data-driven, and not afraid to challenge the status quo.
A highly driven self-starter who is comfortable communicating cyber concepts and risk management to all levels of personnel
Extensive experience in information system vulnerability management (with an emphasis on endpoint devices, but also including experience w/ server, virtual, and cloud-native information systems)
Extensive experience in reviewing, analyzing, and creating cybersecurity documentation, including security policies, remediation plans, plan of action and milestones (POAMs) and procedures.
Extensive experience in the development and delivery of security metrics (e.g., KRIs, KPIs) and associated vulnerability reporting (including visualizations and PowerPoint) KRIs and KPIs
Proven ability to collaborate with other IT professionals, including network engineers, desktop support, application owners, and system administrators, to integrate security controls and considerations into existing systems and processes.
Proven ability to communicate effectively across all levels of the organization, including the delivery and explanation of complex security-related concepts in clear, concise, and understandable terms.
Strong experience in the analysis of emerging attack trends (and corresponding mitigation techniques)
Strong understanding of cloud computing and the associated security controls in varied Cloud environments (i.e., IaaS, PaaS, SaaS, multi-cloud).
Strong understanding of software version control, technical debt, and their impact on vulnerability management
Strong understanding and application of NIST-based security frameworks
Experience in performing cyber risk assessments.
Preferred Skills:
Knowledge of foundational security controls (Example: CIS 20 security controls) and how they protect an enterprise environment.
Understanding of the OWASP top 10 vulnerabilities and other application security concepts (and suggested mitigations)
Strong knowledge of Excel, Word, and PowerPoint
Experience with data reporting and analysis tools (Examples: Tableau, PowerBI, etc.)
Experience with PowerShell and SQL query creation and modification
Salary Range: $142000 - $169500 / year
We believe in transparency at the NY Fed. This salary range reflects a variety of skills and experiences candidates may bring to the job. We pay individuals along this range based on their unique backgrounds. Whether you’re stretching into the job or are a more seasoned candidate, we aim to pay competitively for your contributions .
Our Touchstone Behaviors —Communicate Authentically, Collaborate Inclusively, Drive Progress, Develop Others, and Take Ownership—help shape the culture of the Bank. They also provide a shared language for how we work together and achieve success, and they set clear expectations for leading with impact at every stage of your career with us. Learn more. (https://www.newyorkfed.org/careers/touchstone-behaviors)
Benefits:
Our organization offers benefits that are the best fit for you at every stage of your career:
Fully paid Pension plan and 401k with Generous Match
Comprehensive Insurance Plans (Medical, Dental and Vision including Flexible Spending Accounts and HSA)
Subsidized Public Transportation Program
Tuition Assistance Program
Onsite Fitness & Wellness Center
And more
This position requires a National Security Clearance, access to which is limited to U.S. Citizens . _In addition, candidates must undergo an enhanced background check, comply with all applicable information handling rules, and will be tested for all controlled substances prohibited by federal law, to include marijuana, prior to hire and during employment. _
The New York Fed expects its employees to perform their duties with honesty, integrity, and impartiality, and without improper preferential treatment of any person. Learn more about our code of conduct and conflicts of interest rules. (https://www.newyorkfed.org/aboutthefed/ethics-conflicts-of-interest)
The Federal Reserve Bank of New York is committed to a diverse workforce and to providing equal employment opportunity to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service.
We value accessibility for all candidates and are happy to provide an accommodation or assistance. Please email us at ny.leaves@ny.frb.org and we’ll be glad to help.
This is not necessarily an exhaustive list of all responsibilities, duties , performance standards or requirements , efforts, skills or working conditions associated with the job. While this is intended to be an accurate reflection of the current job, management reserves the right to revise the job or to require that other or different tasks be performed when circumstances change.
Full Time / Part Time
Full time
Regular / Temporary
Regular
Job Exempt (Yes / No)
Yes
Job Category
Information Technology
Work Shift
First (United States of America)
The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.
Privacy Notice (https://www.kansascityfed.org/documents/7797/Workday_Privacy_Notice.pdf)
OUR BANK has one of the most recognizable brands around the world. The Federal Reserve is the central bank of the United States—one of the world's most influential, trusted and prestigious financial organizations. The Federal Reserve is charged with the important mission of promoting a strong economy and a stable financial system and fulfills this responsibility by formulating national monetary policy, supervising and regulating banks and bank holding companies, and providing financial services for banks and the U.S. government.
OUR PEOPLE are diverse in background and ideas, which allows for ongoing creativity and innovation. Ultimately, they are the ones who push our high-performance, exchange-driven culture forward.
Why Our People Choose Us:
Our reputation precedes us
There will always be room for personal growth
Our people are first
You’ll find the right balance
Your responsibilities will be meaningful
We hope that you will be our future colleague.