Federal Reserve Bank Senior Information Security Software Engineer in St. Louis, Missouri
The St Louis Fed is one of 12 Reserve Banks serving all or parts of Missouri, Illinois, Indiana, Kentucky, Tennessee, Mississippi and Arkansas. The St. Louis Fed’s responsibilities include promoting stable prices, economic growth and a sound financial system, providing payment services to financial institutions, supporting the U.S. Treasury's financial operations, and advancing economic education, community development and fair access to credit.
The Federal Reserve Bank of St. Louis is looking for aSenior Application Security Engineerwho will use technical and information security knowledge to Identify, Protect and Respond to security threats across a diverse portfolio of technologies. As our Senior Application Security Engineer, you will report to the Information Security Manager and provide an important role in securing applications and cloud environments for the Federal Reserve Bank. The Senior Application Security Engineer will grow the application security program by providing the knowledge and technical leadership necessary to strengthen security controls within the architecture and agile software development lifecycle, ranging from risk identification to driving risk-based solutions and mitigations, with a high focus on innovation and automation.
- Lead discussions and projects with technical personnel and business partners to strengthen controls around agile development processes, secure coding practices, and secure cloud design.
- Manage security testing efforts by working with the engineering team to assess and prioritize discovered security issues and vulnerabilities.
- Lead the identification, response, investigation, and communication of security issues and promote remediation efforts with development teams and partners.
- Assist application teams with developing remediation strategies to prevent future security issues.
- Partner with application teams and cloud engineers to build security automation testing tools into the CI/CD Pipeline.
- Work with teams to embed security logging and monitoring across the corporate and cloud environments.
- Manage application security tools including: static, dynamic, and interactive security analysis solutions, CI/CD pipeline automated security tools, web application firewalls, container security tools, and develop related documentation.
- Assist the Incident Response Team with web application and cloud related security incidents.
- Collaborate across multiple development teams and business partners to drive cyber security initiatives throughout the organization.
- Perform assessments of security tools, vendors and solutions to support information security roadmaps.
- Bachelor of Computer Information Systems, Business Administration or technology-related field, Information or Application Security or commensurate experience
- 5 years of experience in Information Security, Software Development, or Cloud and a combination of the following: o At least one security related certification, such as CISSP, GIAC, CEH or OSCP. o Knowledge of Software Security and understanding of Secure Agile Development Processes o Knowledge of ethical hacking penetration testing techniques. o Experience with application security testing tools. o Experience investigating security issues related to web application exploits. o Knowledge of cloud security architectures and services. o Experience with containerization methods and technologies. o Knowledge of technical security control environments and compliance frameworks such as NIST. o Experience managing priorities & deadlines and to work independently in a dynamic and diverse environment with multiple concurrent projects happening simultaneously. o Programming knowledge in .Net or Java. o Experience automating process using PowerShell or Python. o Familiarity with the OWASP Top 10
- Candidates with less experience may be considered at a lower job grade or salary
- Travel (10%)
- US Citizen
Our organization offersbenefitsthat are the best fit for you at every stage of your career:
- Pension plan, 401K, Comprehensive Insurance Plans, Tuition Reimbursement Program, Onsite Wellness & Fitness Center, Backup Dependent Care (Child & Adult),and more
Ranked as the #2 Top Workplace in the St. Louis Region in 2020, the Federal Reserve Bank of St Louis is committed to building an inclusive workplace, where employees’ diversity—in age, gender, race and ethnicity, sexual orientation, gender identity or expression, disability, and cultural traditions, religion, life experiences, education and socioeconomic backgrounds—are recognized as a strength. Embracing our diversity encourages employees to bring their valued perspectives to the table when generating ideas and solving problems and promotes an environment where innovation and excellence grow. Learn moreaboutthe Bank and its culture; check out ourCareers Site.
The Federal Reserve Bank of St Louis is an Equal Opportunity Employer.
Organization: *Federal Reserve Bank of St. Louis
Title: Senior Information Security Software Engineer
Location: MO-St. Louis
Requisition ID: 267544