This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

In this role you will provide leadership in protecting the confidentiality, integrity, and availability of web and/or mobile applications by establishing and enforcing system access controls. You will define system security requirements, recommend improvements to system security frameworks, ensure authorized access to systems through monitoring, performing testing, or scanning for security vulnerabilities, and raising security awareness.

• Identify security related issues and define security requirements during all phases of the application development lifecycle.
• Review program/development documents to ensure adherence to secure coding standards, guidelines and security requirements.
• Coordinate with developers to ensure secure and resilient design, prototyping, development, testing, support, and documentation of moderately complex application software.
• Monitor for atypical usage of information system accounts and other abnormalities to identify possible breaches.
• Assist with FISMA initiatives, e.g., updating security plans, to support ISSO responsibilities.
• Coordinate the identification of security-related issues and definition of security requirements during all phases of the software development lifecycle (SDLC).
• Perform penetration testing activities to ensure web vulnerabilities are not present within Treasury Services applications.
• Conduct analysis and interpreting of cybersecurity trends and emerging risks, quantifies potential impact, and develops conclusions and recommended application security responses.
• Perform other duties as assigned or requested.
• Adhere to the Bank's attendance policies through regular and prompt attendance.

Qualifications

• Application Security Analyst: Bachelor’s degree with 3+ years of related work experience or Associate's degree with 5+ years of related work experience - Strong preference of at least one security certification (CISSP, CSSLP, CCSP, CEH, AWS Security, etc.)
• Application Security Analyst Senior: Bachelor’s degree with 5+ years of related work experience or Associate's degree with 7+ years of related work experience - Strong preference of at least one security certification (CISSP, CSSLP, CCSP, CEH, AWS Security, etc.)

Requirements

• Ability to analyze highly complex business requirements.
• Thorough understanding of industry-based security controls relating to applications, services, and systems.
• Knowledge of cloud-based platforms and technologies and how to ensure these environments are secure.
• Thorough understanding of security controls relating to access control, authentication, and auditing.
• Demonstrated knowledge and understanding of information security industry trends and emerging technologies, especially relating to application security vulnerabilities.
• Proficient at testing web applications for security vulnerabilities, such as those listed in the OWASP Top 10 and familiar with the tools used for testing.
• Demonstrated ability to learn new systems and technologies.
• Excellent time management skills, and the ability to prioritize and multi-task.

Benefits

• Support overall health and financial security.
• Learn more about our benefits here: Cleveland Fed Benefits