T2C System Security Analyst Or Sr. Systems Security Analyst

Federal Reserve Bank Cleveland , OH 44114

Posted 2 months ago

System Security Analyst and Sr. System Security Analyst

Here at the Cleveland Fed, we're excited to play a major role in the transformation of the U.S. government's largest digital tax collections system.

Led by both customer- and data-driven insights, we are committed to developing and implementing a new service with the best, most innovative technologies available today.

Are you up for the challenge?

We give you the opportunity to boost your career and join a talented team committed to excellence, agile principles, and our customers.

You bring to us experience, positivity, and a willingness to collaborate on a system that will give taxpayers an improved, user-friendly experience.

To be considered for this role, candidates must be a U.S. citizen.

Position Summary

  • System Security Analyst

The System Security Analyst position protects computer assets by establishing and enforcing system access controls; defining system security requirements, defining and implementing testing or scanning processes for security vulnerabilities, maintaining disaster preparedness, and raising security awareness.

Essential Accountabilities

  • System Security Analyst
  • Identify security related issues and define security requirements during all phases of the application development lifecycle.

  • Review program/development documents to ensure adherence to secure coding standards, guidelines and security requirements.

  • Draft security related test cases.

  • Conduct application security software testing efforts with other testing stakeholders

  • Attend security relevant meetings throughout the application development lifecycle

  • Draft procedures and processes to support security related activities.

  • Monitor for atypical usage of information system accounts and other abnormalities to identify possible breaches.

  • Assist with FISMA initiatives, e.g., updating security plans, to support ISSO responsibilities.

  • Provide information security awareness guidelines to the department staff.

  • Provide local Security contact support for provisioning.

  • Interface and consult with development staff regarding security within the application and secure coding practices.

  • Perform vulnerability scans for the eGov applications and assess the results.

  • Perform Risk Analysis related to new development activities or security vulnerabilities and the impact to the security posture of the applications.

  • Perform Pen Testing activities to ensure web vulnerabilities are not present within the eGov applications.

  • Deliver conclusions and security recommendations to eGov management, Fiscal Service and Treasury Web Application Infrastructure staff.

  • Ensure compliance issues surrounding activities within eGov, such as PCI compliance and Fiscal Service baseline security requirements, are addressed.

  • Participate in tabletop activities related to Contingency or Incident Response for both local activities and for the eGov applications

  • Performs other duties as assigned or requested.

  • Adheres to the Bank`s attendance policies through regular and prompt attendance.

Position Summary

  • Senior System Security Analyst

The Senior System Security Analyst position provides leadership for protecting computer assets by establishing and enforcing system access controls; defining system security requirements, recommending improvements to system security frameworks, ensuring authorized access to computer systems through monitoring, overseeing testing or scanning for security vulnerabilities, maintaining disaster preparedness, and raising security awareness.

This role primarily supports the Transforming Tax Collection program. This individual will be instrumental in developing and implementing a full top to bottom security strategy.

Essential Accountabilities

  • Senior System Security Analyst
  • As needed, lead the Identification of security related issues and definition of security requirements during all phases of the application development lifecycle.

  • Review program/development documents to ensure adherence to secure coding standards, guidelines and security requirements.

  • Draft, review, and approve security related test cases.

  • Coordinate or lead application security software testing efforts with other testing stakeholders.

  • Conduct application security related testing.

  • Attend security relevant meetings throughout the application development lifecycle.

  • Draft procedures and processes to support security related activities.

  • Guide monitoring for atypical usage of information system accounts and other abnormalities to identify possible breaches.

  • Lead FISMA initiatives, i.e. development or updating of security plans, to support the ISSO responsibilities.

  • Provide information security awareness guidelines to the department staff.

  • Provide technical security consultation services relating to development practices, procedures, and coding as well as train developers on secure coding practices.

  • Perform exemplary penetration testing activities to ensure web vulnerabilities are not present within the web applications.

  • Perform risk analysis related to new development activities or security vulnerabilities and the impact to the security posture of the applications.

  • Deliver conclusions and security recommendations to management.

  • Ensure compliance issues surrounding activities within eGov, such as PCI compliance and Fiscal Service baseline security requirements, are addressed.

  • Participate in tabletop activities related to Contingency or Incident Response for both local activities and for the eGov applications

  • Perform research on new technologies and vulnerabilities in order to keep abreast of solutions and emerging issues that could affect the security of the eGov applications.

  • Collaborate with other Federal Reserve Banks, Fiscal Service, vendors and payment providers on security issues as well as best practices.

  • Mentor security associates and analysts on security related concepts to ensure eGov security staff is knowledgeable on any security issue that could impact the eGov applications.

  • Collaborate with the infrastructure staff that supports the eGov applications to ensure compliance and security of eGov applications.

  • Performs other duties as assigned or requested.

  • Adheres to the Bank`s attendance policies through regular and prompt attendance.

Education and Experience

  • Bachelor`s Degree

  • Systems Security Analyst: 3 years of related work experience

  • Sr. Systems Security Analyst: 5 years of related work experience

  • Certified Information Systems Security Professional (CISSP) Certification preferred

Knowledge and Skills

  • Ability to analyze highly complex business requirements.

  • Excellent time management skills, and the ability to prioritize and multi-task.

  • Thorough understanding of industry based security controls relating to applications, services, and systems

  • Thorough understanding of security controls relating to access control, authentication, and auditing.

  • Demonstrated knowledge and understanding of information security industry trends and emerging technologies, especially relating to application security vulnerabilities.

  • Proficient at testing web application for security vulnerabilities, such as those listed in the OWASP Top 10 and familiar with the tools used for testing.

Physical Demands and General Working Conditions

  • Employees typically sit most of the day, work with a computer and may answer/respond to phone calls. Physical movement consists of walking for meetings, breaks, etc. Ability to lift items weighing approximately 20 pounds on a limited basis is required. Employees may be required to travel by car/air.

The Federal Reserve Bank of Cleveland is an Equal Opportunity Employer. We are dedicated to sustaining an environment in which diversity is valued and differences are strengths. It is the Bank's policy to provide equal employment opportunity for all employees and applicants without regard to race, color, religion, sex, national origin, age, disability, gender identity or expression, genetic information or sexual orientation.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Senior Cyber Security Analyst

Eaton Corporation

Posted 2 weeks ago

VIEW JOBS 11/7/2020 12:00:00 AM 2021-02-05T00:00 Join Eaton's Information Technology team and help positively impact our business through leading technologies, exciting and challenging enterprise projects and new platforms. We are currently seeking Senior Cyber Security Analyst to join our Architecture, Governance & Security Center of Excellence (AGSCoE) team. No relocation is being offered for this position. The candidate will be based at any Eaton facility in the US. If the candidate resides within 50 miles of Beachwood, Ohio, the candidate must work at that site. If the candidate resides more than 50 miles away from Beachwood, Ohio, the candidate will work from a remote Eaton facility or an approved home office. This position will be responsible to design, develop and support cyber security endpoint and vulnerability management solutions to meet requirements through standard IT processes. Technologies include Endpoint Detection and Response (EDR), endpoint vulnerability scanning, Security Incident and Event Management (SIEM) and antivirus. Making what matters work at Eaton takes the passion of every employee around the world. We create an environment where creativity, invention and discovery become reality, each and every day. It's where bold, bright professionals like you can reach your full potential-and where you can help us reach ours. In this role, you will: * Provide subject matter expertise to and lead enterprise security system design, development, and implementation * Work with resources across functions to deliver enterprise security solutions to meet customer requirements, providing solution options and highlighting operational or security risks * Tune and configure enterprise security technologies and platforms to meet customer and operational requirements * Coordinate and regularly update enterprise security technology, platform, and documentation to ensure operational health and security * Monitor enterprise security technology and platform to ensure required performance, availability, and capacity. Identify gaps in monitoring and potential impact on service delivery. * Continuously seek to more efficiently manage and utilize enterprise security technology and platforms * Follow industry, organization, and ITIL best practices to maximize quality and efficiency When we embrace the different ideas, perspectives and backgrounds that make each of us unique, we - as individuals and as a company - are stronger. We are committed to ensuring equal employment opportunities for all job applicants and employees. Employment decisions are based upon job-related reasons regardless of an applicant's race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, marital status, genetic information, protected veteran status, or any other status protected by law. Qualifications Basic Qualifications: * Bachelor's Degree from an accredited institution is required. * Minimum of 5 years of experience in information technology is required. * Must be able to work in the United States without corporate sponsorship now or in the future. * This position requires use of information or access to hardware which is subject to the International Traffic in Arms Regulations (ITAR). All applicants must be U.S. persons within the meaning of ITAR. ITAR defines a U.S. person as a U.S. Citizen, U.S. Permanent Resident (i.e. 'Green Card Holder'), Political Asylee, or Refugee. Preferred Qualifications: * Bachelor's Degree in a technical discipline or cyber security. * 3+ years of cyber security experience. * Strong analytical and problem solving skills. We make what matters work. Everywhere you look-from the technology and machinery that surrounds us, to the critical services and infrastructure that we depend on every day-you'll find one thing in common. It all relies on power. That's why Eaton is dedicated to improving people's lives and the environment with power management technologies that are more reliable, efficient, safe and sustainable. Because this is what matters. We are confident we can deliver on this promise because of the attributes that our employees embody. We're ethical, passionate, accountable, efficient, transparent and we're committed to learning. These values enable us to tackle some of the toughest challenges on the planet, never losing sight of what matters. Job: Information Technology Region: North America - US/Puerto Rico Organization: Corporate Sector Job Level: Individual Contributor Schedule: Full-time Is remote work (i.e. working from home or another Eaton facility) allowed for this position?: Yes Does this position offer relocation?: No Travel: Yes, 10 % of the Time Eaton Corporation Cleveland OH

T2C System Security Analyst Or Sr. Systems Security Analyst

Federal Reserve Bank