Federal Reserve Financial Services SeniorEnterprise Security Architect (ATL, KC, CHI or NY)

Company

Key Activities:

We are looking for qualified experienced Information Security Architects that have deep expertise in one or more of the following areas:

• Infrastructure Security Architecture (e.g. network system/compute and middleware stacks) including designing and guiding the implementation of secure connectivity solutions between on-premises datacenters cloud environments and customer systems.

• IAM Architecture Security (e.g. MFA IdP Secrets Management Certificates OAuth/SAML) including designing and guiding the implementation of modern secure PKI infrastructures and certificate management systems.

• Application and API Security Architecture (e.g. threat modeling application code security supply chain security API authentication/authorization) including direct engagement with Solution Architecture / application development teams and deploying robust encryption strategies using modern techniques to protect sensitive financial data in transit and at-rest.

• Cloud and Container Security (preferred but not required) including infrastructure-as-code serverless container and securing hybrid cloud/on-premise solutions.

What you will be doing:

As a member of the FRFS Technology team you will be contributing to the vision strategy values and priorities that help the FRFS enterprise achieve its mission. You will be expected to think critically express curiosity and a desire to understand while having empathy for others positions. Security Architects exceed delivery expectations and foster a culture of excellence to develop and maintain secure infrastructure and services ensuring alignment with Federal Reserve Financial Services strategic objectives and compliance with industry regulations.

Security Requirements

• Maintains expert-level knowledge of emerging technology trends and utilizes this knowledge to design innovative solutions that support and drive business objectives and technology roadmaps.

• Maintains expert-level knowledge of the current industry threat landscape as well as threats applicable to specific FRFS products solutions or technologies.

• Leads establishment and maintenance of security controls and compliance measures ensuring alignment with industry regulations and organizational policies.

• Leads and/or participates in developing policies standards guidelines detailed implementation patterns and procedures to identify and reduce risk in partnership with application development and operational teams.

Product Consultation

• Provides expert-level leadership on assignments to develop target logical and technical security architectures for products and solutions.

• Applies comprehensive knowledge to review and align product choices to ensure that security architecture standards service quality security scalability and cost efficiency goals are met.

• Serves as primary lead on security architecture reviews of products and systems to evaluate and ensure that the architecture being applied meets policies principles standards and business/technology needs.

• Conducts security assessments of internal systems applications or third-party products as part of continuous monitoring and risk management processes.

• Evaluates current state architectures to identify security weaknesses and opportunities for improvements through threat modeling analysis control assessments and technical application assessments.

Community Building

• Serves as subject matter expert to collaborate with development operations and security teams to integrate security services into the application development and deployment processes. Directly influences security improvements across the entire technology stack.

• Fosters a culture of continuous improvement and collaboration among cross functional teams related to security solutions and best practices.

• Develops close relationships with key stakeholders and external partners to ensure contemporary thinking including the FRFS Technology Leadership Team FRFS Leadership Team and National IT stakeholders with particular emphasis on collaboration with the Office of the Chief Information Security Officer to ensure complementary actions and avoid duplicative services.

• Provides leadership guidance and mentoring others including creating and maintaining documentation guidelines and training materials for security solutions processes and best practices.

Innovation

• Takes a leading role in developing and maintaining security control solutions that meet the organizations requirements including provisioning configuration monitoring and management of on-premise and cloud resources.

• Develops differentiated security patterns based on business requirements and/or sensitivity of the assets being protected. E.g. critical payment systems vs. systems that host publicly available information.

• Represents cyber security in the development and implementation of the overall enterprise architecture. Acts as the ambassador and senior technical representative for security while engaging with other senior technical leaders.

What We Look For:

• Strong experience in designing and implementing secure connectivity solutions for hybrid environments. Working knowledge/experience deploying Zero Trust Architecture is a plus.

• Strong experience in secure identity federation and customer identity and access management (CIAM) solutions.

• Deep understanding of modern encryption techniques including symmetric and asymmetric encryption key management and hardware security modules (HSMs)

• Strong understanding of the SDLC and techniques used to address secure coding practices such as DAST SAST and Threat Modeling. Strong experience using and securing CI/CD pipelines

• Understanding of modern infrastructure practices such as Infrastructure as Code container based deployments Zero Trust Architecture and use of SaaS/PaaS services.

• Experience in designing and implementing security logging monitoring and incident response controls.

• Experience automating manual processes.

• Demonstrated ability to use quantitative evidence to justify a security design or risk management decision.

• Excellent written and verbal communication skills specifically having experience communicating to executive teams and business stakeholders.

• Understanding and working experience with risk management and control frameworks (NIST 800-53) and industry best practices.

Qualifications:

• Bachelors Degree in related field or equivalent combination of education and experience preferred. 7 years of expert-level experience as a Security Architect or equivalent.

• Requires at least 15 years experience and Masters Degree in related field or equivalent combination of education and experience preferred for Sr. Architect level.

• Expert-level positions may require 12 years of experience and demonstrated leadership in information security architecture.

• Bachelors degree specializing in an information technology field from an accredited college or university or equivalent combination of directly related education and/or work experience. Masters degree specializing in an information technology field from an accredited college or university or equivalent combination of directly related education and/or work experience preferred.

• Certified Information Systems Security Professional (CISSP) certification or other IS industry certification required. Senior understanding of subject matter. Has in-depth and breadth of knowledge in discipline. Performs work independently with limited supervision and direction.

Full Time / Part Time

Regular / Temporary

Job Exempt (Yes / No)

Job Category

Work Shift

The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.

Always verify and apply to jobs on Federal Reserve System Careers ( or through verified Federal Reserve Bank social media channels.

Privacy Notice