Students! Find the fintech job of your dreams here.

Georgia Fintech Academy
Georgia Fintech Academy
28
companies
2,213
Jobs

Cyber Defense Specialist

Federal Reserve Bank of Atlanta

Federal Reserve Bank of Atlanta

New York, NY, USA
Posted on Friday, October 27, 2023

Company

Federal Reserve Bank of New YorkWorking at the Federal Reserve Bank of New York positions you at the center of the financial world with a unique perspective on national and international markets and economies. You will work in an environment with a diverse group of experienced professionals to foster and support the safety, soundness, and vitality of our economic and financial systems.

The Bank believes in work flexibility to balance the demands of work and life while also connecting and collaborating with our colleagues in person. Employees can expect to be in the office a couple of days per week as needed for meetings and team collaboration and should live within a commutable distance.

What we do:

Information Security New York (ISNY) is responsible for developing, executing, and maintaining a superior information security program that promotes resiliency by identifying and mitigating cyber risks and threats through risk-based consultation, advice, and direction for controls, designs, and investments for the entire Bank.


Your Role as a Cyber Defense Specialist:

ISNY is seeking an experienced and passionate cybersecurity professional who will drive our existing endpoint vulnerability management (VM) program. Endpoints are the most common vector of exploitation, so it is critical that these are always secure. The successful candidate will have the opportunity not only to improve the posture of the Federal Reserve Bank of New York, but also to build, nurture, and strengthen our partnerships within the Federal Reserve System. You will do the following:

  • Manage vulnerability risk for the largest district in the Central Bank of the United States
  • Analyze software vulnerabilities identified on FRBNY endpoints (and other device types)
  • Analyze existing security control endpoints to strengthen the controls that could make vulnerability exploitation more likely – such as email-based controls, Data Loss Protection, software currency, technical debt, etc.
  • Platform configuration hardening
  • Develop, improve, and communicate a compelling strategy and roadmap for endpoint vulnerability management.
  • Build relationships with remediation teams, technical support, and business areas.
  • Proactively identify business projects that could impact our endpoint vulnerability processes, tooling, or cyber risk posture writ large
  • Identify and eliminate root causes of vulnerabilities or impediments to their remediation in our environment.
  • Measuring, reporting, and presenting on our team’s performance against objectives, policy compliance targets, and programmatic goals (e.g., SLAs, KPIs, KRIs, OKRs)

What we are looking for:

Required Skills:

  • A risk-based mindset from an individual who is inquisitive, data-driven, and not afraid to challenge the status quo.
  • A highly driven self-starter who is comfortable communicating cyber concepts and risk management to all levels of personnel
  • Extensive experience in information system vulnerability management (with an emphasis on endpoint devices, but also including experience w/ server, virtual, and cloud-native information systems)
  • Extensive experience in reviewing, analyzing, and creating cybersecurity documentation, including security policies, remediation plans, plan of action and milestones (POAMs) and procedures.
  • Extensive experience in the development and delivery of security metrics (e.g., KRIs, KPIs) and associated vulnerability reporting (including visualizations and PowerPoint) KRIs and KPIs
  • Proven ability to collaborate with other IT professionals, including network engineers, desktop support, application owners, and system administrators, to integrate security controls and considerations into existing systems and processes.
  • Proven ability to communicate effectively across all levels of the organization, including the delivery and explanation of complex security-related concepts in clear, concise, and understandable terms.
  • Strong experience in the analysis of emerging attack trends (and corresponding mitigation techniques)
  • Strong understanding of cloud computing and the associated security controls in varied Cloud environments (i.e., IaaS, PaaS, SaaS, multi-cloud).
  • Strong understanding of software version control, technical debt, and their impact on vulnerability management
  • Strong understanding and application of NIST-based security frameworks
  • Experience in performing cyber risk assessments.
  • Bachelor's degree required in business, technology, information security or related fields or equivalent work experience.

Preferred Skills:

  • Knowledge of foundational security controls (Example: CIS 20 security controls) and how they protect an enterprise environment.
  • Understanding of the OWASP top 10 vulnerabilities and other application security concepts (and suggested mitigations)
  • Strong knowledge of Excel, Word, and PowerPoint
  • Experience with data reporting and analysis tools (Examples: Tableau, PowerBI, etc.)
  • Experience with PowerShell and SQL query creation and modification

Salary Range: $142000 - $169500 / year

We believe in transparency at the NY Fed. This salary range reflects a variety of skills and experiences candidates may bring to the job. We pay individuals along this range based on their unique backgrounds. Whether you’re stretching into the job or are a more seasoned candidate, we aim to pay competitively for your contributions.

Our Touchstone Behaviors—Communicate Authentically, Collaborate Inclusively, Drive Progress, Develop Others, and Take Ownership—help shape the culture of the Bank. They also provide a shared language for how we work together and achieve success, and they set clear expectations for leading with impact at every stage of your career with us. Learn more.

Benefits:

Our organization offers benefits that are the best fit for you at every stage of your career:

  • Fully paid Pension plan and 401k with Generous Match

  • Comprehensive Insurance Plans (Medical, Dental and Vision including Flexible Spending Accounts and HSA)

  • Subsidized Public Transportation Program

  • Tuition Assistance Program

  • Onsite Fitness & Wellness Center

  • And more

The New York Fed expects its employees to perform their duties with honesty, integrity, and impartiality, and without improper preferential treatment of any person. Learn more about our code of conduct and conflicts of interest rules.

The Federal Reserve Bank of New York is committed to a diverse workforce and to providing equal employment opportunity to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service.

This is not necessarily an exhaustive list of all responsibilities, duties, performance standards or requirements, efforts, skills or working conditions associated with the job. While this is intended to be an accurate reflection of the current job, management reserves the right to revise the job or to require that other or different tasks be performed when circumstances change.

This position requires possession of or the ability to obtain and maintain national security clearance, which requires U.S. citizenship.

    Full Time / Part Time

    Full time

    Regular / Temporary

    Regular

    Job Exempt (Yes / No)

    Yes

    Job Category

    Information Technology

    Work Shift

    First (United States of America)

    The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.

    Privacy Notice