Company

Federal Reserve Bank of San FranciscoWe are the Federal Reserve Bank of San Francisco (FRBSF)—public servants with a mission to advance the nation’s monetary, financial, and payment systems to build a stronger economy for all Americans. We are a community-engaged bank, and are committed to understanding and serving the vibrant, expansive communities of the Twelfth District. That means we seek and appreciate new perspectives. We respect people for what they do and for who they are. We build opportunities to learn and grow. When you join the SF Fed, you become part of a diverse team united in its purpose to promote an economy that works for everyone.
We empower our people to balance their life and work responsibilities. That’s why we offer a flexible hybrid work model that allows you to collaborate with office colleagues on some days, and work from home on others.

Information Security at the FRBSF has a position for a Senior or Lead Information Security Architect who will join us in evolving application security and fostering collaboration with development teams.  This role offers the opportunity to use your technical skills, and security understanding, to review and design solutions that assist our development teams in implementing DevSecOps and creating secure and resilient applications and environments.  This role requires strong analytical, communication, problem solving, engineering, design and interpersonal skills.  In this role you will work closely with other members of the Information Security team, our application development groups, and other groups across the Federal Reserve System (FRS), helping to build strong relationships across functions and create solutions that provide effective, seamless security to protect our custom developed products.

Essential Responsibilities:

• Evolve and mature our models, templates, standards and procedures related to secure application development and secure application and cloud architecture.  Ensure these artifacts are in alignment with FRS policy and standards.

• Consult with our development teams to help them align with FRS policy and standards and meet the risk appetite of the customer.

• Work with members of application development teams to review and create secure application and infrastructure designs and patterns.

• Assist development teams by reviewing threat models related to applications and related systems.  Analyze potential business impact and exposure leading to risk, based on emerging security threats, vulnerabilities, configurations, threat actor TTPs, etc.

• Evaluate CICD pipeline design, and related development team processes and help to mature and secure creation, management and utilization of pipelines.

• Assist in identification and integration of security focused tooling into development and operations processes.

• Support secure application architecture within the Federal Reserve System by fostering constructive dialogue and seeking resolution when confronted with discordant views.

• Mentor more junior security, application development and application architecture members, and be a security thought leader for the organization.

• Solicit feedback and continuously improve your knowledge, skills and capabilities related to the position.

• Assist with recruiting activities and administrative work.

Minimum Qualifications:

• Bachelor’s degree in computer science, Information Systems, Computer Engineering, Cybersecurity, Systems Analysis or an equivalent work experience with 7+ years of application design, development and security; an additional 4 years of experience may be substituted for a degree

• Exposure to multiple diverse technologies, including those used in commercial cloud environments, and applications utilizing languages such as: C#, C++, Java, Python, Go, Rust, PowerShell, Node.js, React, Electron and Bash Minimum of 5 years of experience in defensive security, 8 or more years in IT

• Knowledge of a wide variety of information security architectures, concepts and techniques, as well as supporting security tools

• Knowledge of common web application vulnerabilities and attacker TTPs and security platform tools (Firewall, EDR, SIEM, SAST, IAST, SCA, Secrets Detection, etc.)

• Experience with CICD platforms, Git and GitFlow

• SANS GSEC or equivalent technical or architectural security focused certification

• Must be a U.S. Citizen or a Green Card holder with the intent to become a U.S. Citizen  

Preferred Qualifications

• Experience with threat modeling and security review processes

• Experience with securing applications deployed within AWS or Azure

• Familiarity with OWASP projects and NIST and CISA standards and guidance

• Familiarity with security architecture questions related to the use of machine learning and artificial intelligence.

• Leadership experience in multiple, large, cross-functional teams or projects.  Ability to communicate clearly and influence outcomes

• Experience with pattern-oriented design and architecture of high-volume transactional systems

• Ability and desire to engage in continuous learning and upskilling

• SANS GWEB, GWAPT, or other similar secure development, cloud security or application security certification

Base Salary Range for Lead Info Security Architect: Min: $155,700 - Mid: $202,200 - Max: $248,700 (Location: San Francisco)

Final salary and offer will be determined by the applicant’s background, experience, skills, internal equity, and alignment with market data.

We offer a wonderful benefits package including Medical, Dental, Vision, Pre-tax Flexible Spending Account, Backup Child Care Program, Pre-Tax Day Care Flexible Spending Account, Paid Family Care Leave, Vacation Days, Sick Days, Paid Holidays, Pet Insurance, Matching 401(k), and Retirement/Pension.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive other benefits and privileges of employment. The SF Fed is an Equal Opportunity Employer.

#LI-Hybrid

Full Time / Part Time

Full time

Regular / Temporary

Regular

Job Exempt (Yes / No)

Yes

Job Category

Information Technology

Work Shift

First (United States of America)

The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.

Always verify and apply to jobs on Federal Reserve System Careers (https://rb.wd5.myworkdayjobs.com/FRS) or through verified Federal Reserve Bank social media channels.

Privacy Notice