Federal Reserve Bank Minneapolis , MN 55415
The Federal Reserve Bank of Minneapolis is looking for an experienced and enthusiastic Information Security Engineer to become a team member of the dynamic and customer oriented Information Security (IS) section of the Information Technology (IT) department. The Information Security position will be an information security expert within the organization, helping ensure compliance with all security policies and standards, as well as with industry regulations and laws. This position will be involved in day-to-day security operations by responding to security events and managing security tools, recommending corrective action by working with customers, and providing security consulting and project support.
Collaborates with the business area customers in the design process to translate security and business requirements into technical designs, and configure and validate the security of information systems. Develops and provides recommendations for information security solutions.
Conducts research and analysis on security topics and produces written reports for management.
Monitors, maintains, and analyzes network and computer activity to protect the organization and ensure the integrity of its information systems and data.
Provides customer service and technical support to local and national business areas in response to service requests and to troubleshoot and resolve information security related issues.
Responds to and manages disruptive and destructive information security incidents within the Bank.
Conducts vulnerability testing activities, monitors the follow up and resolution activity of identified issues.
Participates in and/or leads a variety of Bank projects and/or parts of larger more complex Bank and System projects and provides information security consulting.
Creates and maintains written documentation for processes and procedures within the information security section.
May identify and/or lead process improvements and make recommendations.
Evaluates compliance with the System's information security frameworks such as NIST and COBIT. Monitors and verifies IT compliance with applicable new and existing policies, procedures and standards.
Provides 24 X 7 on-call support on a rotating basis.
Bachelor's degree or equivalent combination of education and experience; coursework in Computer Science or Computer Engineering is preferred.
Minimum of six years of experience monitoring, administering, evaluating, and maintaining automated security systems designed to protect assets across multiple computing systems. (Eight years of experience required for level III; Ten years of experience for level IV.)
Demonstrated experience collaborating with business areas in the design process to translate security and business requirements into technical designs; configuring and validating the security of systems; or developing and providing recommendations for information security solutions.
Proven strong problem-solving, troubleshooting, and analytical skills.
Proven strong oral, written and interpersonal communication skills; able to communicate technical issues both orally and in writing.
Demonstrated experience with information security concepts, practices, and technologies, such as: information security controls and policies, risk assessment, data classification, network security, intrusion detection, incident response, computer forensics, application security testing, and public key infrastructure.
Established Working knowledge of current technologies.
Familiarity with the ITIL Security Management framework and multiple technology products such as, but not limited to Symantec Endpoint Protection; Data collection tools such as Encase or Access Data, Active Directory; Microsoft Windows; Unix; Linux; Storage Area Networks (SAN); BMC Remedy; security information and event management (SIEM) software products; scripting; Intrusion Detection Systems; Vulnerability Management Systems such as the Open Web Application Security Project (OWASP); application security testing; endpoint management solutions.
CISM, CISSP, or GIAC certification.