hero



Info Security Specialist - Threat and Vulnerability Mgmt

Federal Reserve Bank of Minneapolis

Federal Reserve Bank of Minneapolis

Missouri, USA
Posted on Tuesday, July 2, 2024

Company

Federal Reserve Bank of Kansas CityThe Federal Reserve Bank of Kansas City is seeking an Information Security Specialist to support our Threat and Vulnerability Management team. Responsibilities include monitoring infrastructure/software across varying environments/architecture for vulnerabilities, tracking vulnerability remediation to resolution in accordance with defined compliance requirements, triaging incoming requests to our Security Operations (SO) team, and working across all business areas in consultation regarding cybersecurity risks/impacts. This role will be involved in a mixture of operational services and project work.

Key Activities:

  • Performs vulnerability assessment and management by providing oversight of patch penetration, scanning for vulnerabilities, conducting security analysis of scan results, and validating vulnerability remediation.

  • Work with remediation teams to analyze vulnerability findings for remediation.

  • Perform risk-based evaluation of vulnerability findings to prioritize remediation, determine applicability to the environment, and identify false positives.

  • Performs security reviews of requested hardware and software.

  • Performs triage and ticketing support for incoming SO requests, international travel scans, privileged access requests, GPO support, and others.

  • Ensures network and endpoint security by providing assistance with, and assessment of, configuration, applications, and agents.

  • Provides support for access reviews and other configuration reviews.

  • Partners with business areas to understand their business functions for consideration of cyber security impacts and policies.

  • Performs activities related to assigned projects and services, in order to maintain the security posture of Federal Reserve System (FRS) assets.

  • Reviews work processes to identify, design, and implement improvements in procedures for increased efficiency and effectiveness. Recommends improved enhancements, and interprets and addresses requests and concerns.

  • Develops, maintains, and implements department standard operating policies and procedures.

  • Analyzes, documents, and communicates risk using the SAFR risk management process.

  • Participates on workgroups and awareness activities.

  • Stays current on new and emerging technologies.

Qualifications:

  • Typically requires at least 3 years of relevant information security experience.

  • High school diploma or GED required. Associate’s degree from a two-year college or technical school with specialization in an information technology field, or equivalent combination of experience, education and/or certification preferred.

  • Industry recognized certifications within the domain of information security, information technology, and project management (e.g., SSCP, CISSP, GIAC, CISM, CISA, PMP, etc.) preferred.

  • Experience with vulnerability assessment and vulnerability management methodologies.

  • Experience with industry vulnerability scanning tools.

  • Ability to analyze vulnerability scan findings and understand/recommend remediation options.

  • Experience with scripting and automation is preferred

  • Oral and written communication skills, as well as the ability to convey technical and security related issues to business audience.

  • SAFR certification preferred.

  • Detail oriented with strong organizational and prioritization skills to handle multiple priorities simultaneously.

  • Works collaboratively and independently.

  • Able to work with a team as well as diverse workgroups on information security risk assessments, exceptions and remediation.

  • Able to implement new processes to improve security and compliance.

  • General project management skills.

Knowledge of the following:

  • Network and Endpoint security

  • IP Networking concepts

  • Cloud architecture and security

  • Common Operating Systems such as Windows, Linux/Unix, Macintosh

  • Access control methods including: access control lists, encryption and key management, and user and group administration

  • Industry and FRS compliance regulations

Additional Information:

Location(s):

  • Hybrid –Yes, KC office

  • Remote Only Eligible – No

Pay Range: The starting pay range for this position is 72,000 to 99,000 for the job level(s) required for this position. Final offers are determined by factors including the candidate’s qualifications, internal alignment considerations, district assignment, and geographic location.

Screening Requirements: This position has additional screening requirements due to the information accessed while performing the job. These additional screenings would be initiated at the time of offer acceptance and can take up to a couple of months to be completed. You can begin work before the screening is completed; however, continued employment is contingent on acceptable screening results. The areas screened may include education/employment verification, criminal history, credit history, and reference checks.

Sponsorship: Applicants must be currently authorized to work in the United States without the need for visa sponsorship now or in the future.

About Us:

Total Rewards & Benefits

Diversity, Equity & Inclusion

Who We Are

What We Do

Follow us on LinkedIn, Instagram, X (formerly Twitter), and YouTube

Full Time / Part Time

Full time

Regular / Temporary

Regular

Job Exempt (Yes / No)

Yes

Job Category

Information Technology

Work Shift

First (United States of America)

The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.

Privacy Notice