Web Application Security Expert - Technology Group

Information Technology
258343 Requisition #

Area Overview:
Information Security New York (ISNY) is responsible for developing, executing and maintaining a superior information security program that promotes resiliency by identifying and mitigating cyber risks and threats through risk-based consultation, advice, and direction for controls, designs, and investments for the entire Bank.


Principle Duties and Responsibilities:
The Web Application Security Expert leads the execution, and enhancements of the Bank's cyber security risk assessment and management program.  The position resides in the Information Security Function and reports to the Head of the Risk Assessment and Management Department. Specifically, the role will be responsible for leading and overseeing:
• Cyber Cloud security testing and assessments that assess the security posture of information system boundaries
• Lead cyber security assessments program development, execution and maintenance
• Lead cyber Risk management activities are executed appropriately and in accordance with the Bank's three lines of defense framework

Required Technical Skills:

  • Experienced in conducting technical assessments on SaaS, IaaS, and PaaS solutions.
  • Strong knowledge of secure software development life cycle (SSDLC), microservices architecture, application containerization, DevSecOps, and experienced in security testing tools/methods such as, SAST, IAST, and RASP.
  • Strong knowledge of information security landscape, Cloud security solutions, and current and emerging security threats.

Important Knowledge and Skills:

  • Experienced in performing security risk assessments using FedRAMP for the Cloud.
  • Strong understanding of industry standard information security control frameworks, particularly with respect to Cloud assessments.
  • Experienced working with results generated from vulnerability assessments, penetration tests, threat modeling, and secure code reviews.
  • Advise and educate IT teams on emerging Cloud vulnerabilities and mitigation tactics.
  • Demonstrate experience in the area of risk and controls across various IT platforms especially Cloud infrastructure and applications.
  • Ability to understand, and clearly articulate complex technology risks or control deficiencies to technical and non-technical business representatives, and translate into business risks. Be able to recommend security solutions and remediation. 
  • Strong knowledge of information security landscape, security solutions, and current and emerging security threats.
  • Exceptional analytical, critical thinking and decision making skills.
  • Ability to manage, prioritize, and complete multiple projects and tasks simultaneously within defined time frames.
  • Must be organized, self-motivated, and able to work independently with minimal supervision.
  • Candidate must have a minimal 3-5 years of experience with an information security team with overall 7-9 years plus of overall experience.


  • Relevant industry accepted security certifications (AWS, CISSP, CISA, CRISC, SANS, etc.)
  • Possession of or the ability to obtain U.S. Government Security Clearance, which includes U.S. Citizenship

The Federal Reserve Bank of New York is committed to a diverse workforce and to providing equal employment opportunity to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service.

Previous Job Searches

Activity Feed

Job shares through The Federal Reserve System
Someone applied to the 2020 Summer Internship Program position. 1 day ago
Someone applied to the Business Relationship Management Specialist position. 1 day ago
Someone applied to the Institute Research Economist / Senior Institute Research Economist position. 1 day ago
Someone applied to the Assistant Examiner (Consumer) position. 2 days ago
Someone applied to the Law Enforcement Officer position. 2 days ago
Please try again.


Either there was a problem on our end with the action you just performed, or we are currently having technical difficulties with our system. Please try again later.