Cyber Security Engineer Principal

This positionis responsible forhelping to ensure the security and integrity of theFedNoworganization across people operations and technology. This individual will directly support securityengineeringand operations. The individual will also be expected to provide cybersecurityexpertiseboth through consultation and hands-on technical activities.

Desired Qualifications

• Programming Languages relevant to web and API development such as Python JavaGO is

• Experience security testing cloud workloads.

• Strong understanding of web serviceprotocolsREST principles and client-server architecture is necessary

• Strong understanding of APIdefense strategies and ability to implement

• Foundationalunderstanding of logging andmonitoring tools to detect anomalies and respond to incidents in real-time

• Strong attention to detail and creative problem-solvingare essential for navigating complex security challenges

• Abilityto effectively communicaterisks and solutions to both technical and non-technical stakeholders

• Collaboratingeffectivelywithin a teamincludingdevelopers platform architects and project managers in a multi-district environment

What will be expected of you

• Develop code to automate securityframeworksinto functional secure infrastructure and deploysecuritytoolingusing automationas a foundation.

• Design and execute point-in-time security tests automated or manually against cloud workloads.

• DevSecOpsintegration enable automate static and dynamic API security checks using CI/CD tools. Enforce governance gates during key lifecycle phases (eg.DesignValidate Publish)

• Partner with application security and platform teams to embed security into API design development and deployment.

• Contribute to security architecture reviews threat modelingand technical design discussions

• Define configure and enforce API gateway policies for authentication authorization encryption and traffic-management controls

• Monitor traffic and collaborate withsecurityand engineering teams on incident response and remediation

• Represent a technologists point of view in selecting tooling and solutions.

• Proven ability to collaborate build relationships and influence direct& in-directteam members in a matrix-management environment.

• Present and debrief cybersecurity findings risk posture and control effectiveness to leadership and management audiences translating technical security data into clear actionable insights to support informed decision-making.Activelyseekto remove barriers and improve security across the program.

• Documenttechnicalsolutions developed andthesupporting processes.

• Identifyand address the root causes of issues focusing on solving problem categories rather than individual instances. Engage early and comprehensively.

Expertiseyou would bring

• 5years of experience in an object-oriented language (Python Java or Go preferably)

• Experience working in aDevSecOpssoftware development environment

• 5 years of experience in Cyber Security with a focus on API gateway engineering

• 5years of Cloud Native experience (AWS preferred)

• Strong understanding of API Security OWASP API Top 10 secure API design principles

• Exposure to API gateway security tools (runtime protection discovery orposture mgmt.)

• Proficiencyin working with Infrastructure as Code (i.eTerraformPulumi)

• Proven experience building and securing CI/CD pipelines(GitHub GitLab CI Jenkins etc.)

• Proficiencywith container technologies (Docker Kubernetes) and their security implications

• Expertisewith Cloud IAMconfiguration/policiescontainerorchestration/testing

• Lead and execute cyber incident response activities including detection analysis containment eradication and recoverywith a focus on senior-levelresponsibilities.

• Strong communicationskills with ability to influence at all levels of the organization; ability to simplify complex security topics for consumption and critical decision making

Logistics and Requirements

• The ability to obtainsecurityclearance

• Be able to support on-call andwork-rotation activities

• Relevant certifications (e.g. CISSP CISM GIAC AWS AZURE).

• Federal Reserve System candidates will remain employed at current Federal Reserve Bank but report into theFedNowteam via cross-district arrangement.