IT Security Engineer
San Francisco, CA

Job Description

Security Engineer/Sr. Security Engineer

The Information Security team of the Federal Reserve Bank of San Francisco is looking to add a

Security Engineer who has huge enthusiasm for exploring new tools and techniques to augment our approach to security. If you have some coding ability (Python or JAVA, C# or other) and are eager to explore, experiment and learn from the best in the Info Sec space, this could be the job for you. Security is serious, but we like to have fun too - do you?

At the Fed, we have a global mission, and we offer leading edge work in a stable environment with competitive pay, superior benefits AND a true "work life balance" including telecommuting privileges. If you desire to be part of an exceptional team, and to develop your skills and experience beyond anything available in the commercial sector, the Federal Reserve is the place for you.

We are also an inclusive group. Are you a maker or a breaker? Do you like to build things, or take them apart? Introvert or extrovert? We don't care. As long as you have eager to learn, explore and contribute, you will find a home here with our team.

Essential responsibilities:

* As a Security Engineer, you will provide secure coding and design guidance to the Federal Reserve and its partners through a combination of static and dynamic (SAST & DAST) testing techniques.


* You will contribute your expertise creating software security controls.


* You will be responsible for helping to design, assess, and implement secure solutions while balancing user experience and cost considerations.


* You will demonstrate both your technical depth, and soft skills to build ongoing collaborative relationships with all levels including analysts, engineers, management, and executives in this exciting role.


* You will be responsible for defining and overseeing secure development activities throughout the software development lifecycle, tailored for risk and application architecture, and will work closely with architecture, development, and information security teams with various development organization.


* Review source code of JAVA, Python, and .NET applications for common security flaws.


* You will research technologies to reduce friction for application development and enhance security posture.


* You will communicate the impact of vulnerabilities and provide remediation guidance to the business and developers.


* Provide secure coding guidance including best practices and technical solutions



Requirements:

* Bachelor degree in Information Technology/Computer Science, and/or equivalent work experience.


* At staff level, requires 2 years of software security experience or applicable activities in the SDLC as part of undergraduate or graduate work; at senior level, requires 5 years of professional software security experience or applicable activities in the SDLC.


* Exposure to or interest in testing web applications for common vulnerabilities including input validation, broken access controls, session management, cross-site scripting, SQL injection and web server configuration issues.


* Exposure to or interest in conducting static application security testing both manually and leveraging automation.


* Familiarity with commercial and/or open source application security testing tools.


* Familiarity with the OWASP Top 10.


* Exceptional analytical and critical thinking skills.


* Willing and able to travel up to 5%.



Preferred:

* Information Security consulting experience, providing subject-matter expertise on a range of information security topics
* Familiar in one more programming languages.
* Experience as a software developer.
* Experience training developers in secure coding techniques.
* Certifications such as: Certified Secure Software Lifecycle Professional (CSSLP), GSSP-Java, GSSP-.NET., GIAC Web Application Defender (GWEB), GIAC Web Application Penetration Tester (GWAPT)

At the Federal Reserve Bank of San Francisco we believe in the diversity of our people, ideas, and experiences and are committed to building an inclusive culture that is representative of the communities we serve. The Federal Reserve Bank of San Francisco is an Equal Opportunity Employer.