Posted in Information Technology about 5 hours ago.
Type: Full-Time
Information Security at the FRBSF has a position for a Senior or Lead Information Security Architect who will join us in evolving application security and fostering collaboration with development teams. This role offers the opportunity to use your technical skills, and security understanding, to review and design solutions that assist our development teams in implementing DevSecOps and creating secure and resilient applications and environments. This role requires strong analytical, communication, problem solving, engineering, design and interpersonal skills. In this role you will work closely with other members of the Information Security team, our application development groups, and other groups across the Federal Reserve System (FRS), helping to build strong relationships across functions and create solutions that provide effective, seamless security to protect our custom developed products.
Essential Responsibilities:
Evolve and mature our models, templates, standards and procedures related to secure application development and secure application and cloud architecture. Ensure these artifacts are in alignment with FRS policy and standards.
Consult with our development teams to help them align with FRS policy and standards and meet the risk appetite of the customer.
Work with members of application development teams to review and create secure application and infrastructure designs and patterns.
Assist development teams by reviewing threat models related to applications and related systems. Analyze potential business impact and exposure leading to risk, based on emerging security threats, vulnerabilities, configurations, threat actor TTPs, etc.
Evaluate CICD pipeline design, and related development team processes and help to mature and secure creation, management and utilization of pipelines.
Assist in identification and integration of security focused tooling into development and operations processes.
Support secure application architecture within the Federal Reserve System by fostering constructive dialogue and seeking resolution when confronted with discordant views.
Mentor more junior security, application development and application architecture members, and be a security thought leader for the organization.
Solicit feedback and continuously improve your knowledge, skills and capabilities related to the position.
Assist with recruiting activities and administrative work.
Minimum Qualifications:
Bachelor's degree in computer science, Information Systems, Computer Engineering, Cybersecurity, Systems Analysis or an equivalent work experience with 7+ years of application design, development and security; an additional 4 years of experience may be substituted for a degree
Exposure to multiple diverse technologies, including those used in commercial cloud environments, and applications utilizing languages such as: C#, C++, Java, Python, Go, Rust, PowerShell, Node.js, React, Electron and Bash Minimum of 5 years of experience in defensive security, 8 or more years in IT
Knowledge of a wide variety of information security architectures, concepts and techniques, as well as supporting security tools
Knowledge of common web application vulnerabilities and attacker TTPs and security platform tools (Firewall, EDR, SIEM, SAST, IAST, SCA, Secrets Detection, etc.)
Experience with CICD platforms, Git and GitFlow
SANS GSEC or equivalent technical or architectural security focused certification
Must be a U.S. Citizen or a Green Card holder with the intent to become a U.S. Citizen
Preferred Qualifications
Experience with threat modeling and security review processes
Experience with securing applications deployed within AWS or Azure
Familiarity with OWASP projects and NIST and CISA standards and guidance
Familiarity with security architecture questions related to the use of machine learning and artificial intelligence.
Leadership experience in multiple, large, cross-functional teams or projects. Ability to communicate clearly and influence outcomes
Experience with pattern-oriented design and architecture of high-volume transactional systems
Ability and desire to engage in continuous learning and upskilling
SANS GWEB, GWAPT, or other similar secure development, cloud security or application security certification
Base Salary Range for Lead Info Security Architect: Min: $155,700 - Mid: $202,200 - Max: $248,700 (Location: San Francisco)
Final salary and offer will be determined by the applicant’s background, experience, skills, internal equity, and alignment with market data.
We offer a wonderful benefits package including Medical, Dental, Vision, Pre-tax Flexible Spending Account, Backup Child Care Program, Pre-Tax Day Care Flexible Spending Account, Paid Family Care Leave, Vacation Days, Sick Days, Paid Holidays, Pet Insurance, Matching 401(k), and Retirement/Pension.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive other benefits and privileges of employment. The SF Fed is an Equal Opportunity Employer.
#LI-Hybrid
The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.
Always verify and apply to jobs on Federal Reserve System Careers (https://rb.wd5.myworkdayjobs.com/FRS) or through verified Federal Reserve Bank social media channels.
Gap Inc. |
Gap Inc. |
Gap Inc. |