Federal Reserve Bank of Boston

Primary Location

 MA-Boston

Full-time / Part-time

 Full-time

Employee Status

 Regular

Overtime Status

 Exempt

Job Type

 Experienced

Travel

 Yes, 5 % of the Time

Shift

 Day Job

Job Sensitivity Tier II CC@Hire/No CC@Rescreen

FedNow
The Federal Reserve is developing a new interbank 24x7x365 real-time gross settlement (RTGS) service with integrated clearing functionality, called the FedNow service. This service will help enable financial institutions provide their customers with the ability to send and receive payments any time, any day, and have full access to those funds within seconds.  This position is a unique opportunity to be part of a new mission-critical Federal Reserve initiative that will be transformative to the payments landscape in the United States.

Position Contributions-

This position is responsible for helping to ensure the security and integrity of the FedNow organization across people, operations, and technology. This individual is expected to build and implement an agile threat emulation strategy to influence application development and implementation decisions. The individual is also expected to provide cybersecurity expertise both through consultation and hands-on technical activities.

What will be expected of you-
•Develop and implement an agile threat emulation strategy – vulnerability and penetration testing – to inform analysis, design, and development decisions on the FedNow application.
•Support cross-functional operations model by providing accurate and relevant report of security incident activities and observations.
•Build, test, and deploy cybersecurity relevant technical solutions.
•Develop and implement cybersecurity specific countermeasures and risk mitigation strategies for systems and applications.
•Support and implement incident response plans and capabilities; partner with stakeholders like the National Incident Response Team (NIRT) to align monitoring and response activities.
•Leads security investigations through data analysis and information gathering.
•Performs pro-active hunting for malicious activity impacting FedNow holistically.
•Assess threat landscape and recommend changes to policies and configurations.
•Perform technical and nontechnical risk and vulnerability assessments across people, operations, and technology.
•Provide security operational support for DevOps tools and processes.

Expertise you would bring-
•Knowledge and experience normally acquired through, or equivalent to, the completion of a bachelors degree and a minimum of 4-6 years of job-related experience.
•Proven ability to collaborate, build relationships and influence individuals at all levels in a matrix-management environment​.
•Ability to work with CI/CD pipelines like Gitlab or Jenkins.
•Ability to review or build code written in Java, Python, JavaScript, or Go.
•Skill or interest in penetration testing, vulnerability scanning, and mimicking threat behaviors.
•Strong security platform and technology capabilities; SIEM utilization skills with the ability to review and analyze security events from various monitoring and logging sources to identify and/or confirm suspicious activity.
•Strong knowledge of, and experience with, cloud computing technology.
•Strong knowledge of, and experience with, TCP/IP protocol and network/packet analysis.
•Working knowledge of current security threats, techniques, and landscape, as well as a dedicated and self-driven desire to research current information security landscape.
•Strong conceptual and practical understanding of IT Infrastructure designs, technologies, products, and services. This should include knowledge of networking protocols, firewall functionality, host and network intrusion detection systems, operating systems, databases, encryption and other technologies.
•Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., Cybersecurity Framework, NIST SP 800-53)
•Working knowledge of Microsoft Office products, including Visio and Project.

Logistics and Requirements-
•The ability to obtain a security clearance.
•Offensive Security Certified Professional (OSCP) or ability to actively work towards obtaining certification.
•Federal Reserve System candidates will remain employed at current Federal Reserve Bank, but report into the FedNow team via cross-district arrangement

The Federal Reserve System is committed to a diverse and inclusive workplace and to provide equal employment opportunities to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service. 

All employees assigned to this position will be subject to FBI fingerprint/ criminal background and Patriot Act/ Office of Foreign Assets Control (OFAC) watch list checks at least once every five years.

The above statements are intended to describe the general nature and level of work required of this position. They are not intended to be an exhaustive list of all duties, responsibilities or skills associated with this position or the personnel so classified. While this job description is intended to be an accurate reflection of this position, management reserves the right to revise this or any job description at its discretion at any time. 

For this job, any offer of employment is contingent upon successfully passing a two-phase security screening. The first phase consists of the satisfactory completion of a physical examination (including a drug screening), reference checks, and a security investigation consisting of credit and criminal history checks.   

The second phase, which might not be complete until after you begin working at the Reserve Bank, is an additional risk-based security screening determined by the risk rating of the position.  Depending upon the sensitivity of the position, this phase may include, and is not limited to, work and residency eligibility verification, and personal interviews with the candidate, references, and prior employers.