Federal Reserve Bank FedNow Security Engineer in Boston, Massachusetts
FedNow Security Engineer
The Federal Reserve is developing a new interbank 24x7x365 real-time gross settlement (RTGS) service with integrated clearing functionality, called the FedNow service. This service will help enable financial institutions provide their customers with the ability to send and receive payments any time, any day, and have full access to those funds within seconds. This position is a unique opportunity to be part of a new mission-critical Federal Reserve initiative that will be transformative to the payments landscape in the United States.
This position is responsible for helping to ensure the security and integrity of the FedNow cloud native, cloud first application. FedNow is built on a cloud-native, immutable infrastructure which changes the security game. The benefits from immutable infrastructure combined with cloud-native technology are faster and more deterministic Incident Resolution as well as Whitelisting. You will be an essential part of our application security team and contribute to this groundbreaking project.
What we will expect of you
Assist engineering teams with the configuration, tuning and operation of SAST and DAST tools, and their integration into the development process.
Help to validate and interpret SAST, DAST, bug bounty program and penetration test findings, demonstrate identified vulnerabilities, assess risks, evaluate possible fixes, and verify successful remediation.
Perform security reviews of Product Designs, and Technical designs
Measure and grow security maturity across the business
Assist in the triage of security issues and provide recommended fixes
Work across teams to facilitate independent security assessments and penetration tests
Evaluate new tools, processes, and frameworks; Drive adoption of the best ones
Maintain a high level view of security posture, and gaps with a focus on driving down risk in critical areas.
What you will bring to the project
Software engineering, or cloud engineering background in a cloud native environment. (You will need to be comfortable reviewing and discussing code with a diverse set of engineers.)
Familiarity with cloud security, particularly AWS and Azure Security concepts.
Experience with security activities throughout the software development lifecycle- design reviews, threat modeling, code reviews, tooling, penetration testing, and incident response.
Ability to act as the Security Partner for one or more Engineering scrum teams to facilitate these practices.
Exceptionally clear communication skills- you'll need to communicate effectively and build relationships with all levels and roles at FedNow
Previous experience with immutable infrastructure, application security, containers,
Worked in a fast growth, highly flexible environment.
Ability to work with SELinux
Ability to work with Terraform, Ansible, and Packer
Ability to work with CI/CD pipelines like Gitlab or Jenkins.
*Required Experience *
An understanding of common application security problem spaces, and frameworks to mitigate or remediate
While certifications are not required, AWS Security Certification, GSE, CEH, CCSP, GWAPT, OSCP, or GWEB is highly desired.
Deep knowledge of cloud security concepts and applications
Bachelor’s Degree in Computer Science or equivalent experience
Strong experience with cloud computing technology.
Strong conceptual and practical understanding of IT Infrastructure designs, technologies, products, and services. This should include knowledge of networking protocols, firewall functionality, host and network intrusion detection systems, operating systems, databases, encryption and other technologies.
/The Federal Reserve System is committed to a diverse and inclusive workplace and to provide equal employment opportunities to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service. /
/All employees assigned to this position will be subject to FBI fingerprint/ criminal background and Patriot Act/ Office of Foreign Assets Control (OFAC) watch list checks at least once every five years./
/The above statements are intended to describe the general nature and level of work required of this position. They are not intended to be an exhaustive list of all duties, responsibilities or skills associated with this position or the personnel so classified. While this job description is intended to be an accurate reflection of this position, management reserves the right to revise this or any job description at its discretion at any time. /
/For this job, any offer of employment is contingent upon successfully passing a two-phase security screening. The first phase consists of the satisfactory completion of a physical examination (including a//drug screening), reference checks, and a security investigation consisting of credit and criminal history checks. /
/The second phase, which might not be complete until after you begin working at the Reserve Bank, is an additional risk-based security screening determined by the risk rating of the position. Depending upon the sensitivity of the position, this phase may include, and is not limited to, work and residency eligibility verification, and personal interviews with the candidate, references, and prior employers./
Organization: *Federal Reserve Bank of Boston
Title: FedNow Security Engineer
Requisition ID: 266774