Senior Security Engineer

Position: Senior Security Engineer

Department: Information Technology

FLSA: Exempt

Reports To: Director, Information Security

Location: Hybrid/Reston, VA

SUMMARY OF POSITION

The Senior Security Engineer will design, install, configure, and maintain a set of security tools and serve as the Subject Matter Expertise (SME) for those security tools. The Senior Security Engineer will be focused on Application security and ensures that OF applications and services are secured, implemented with security best practices, and build monitoring capabilities. The person will collaborate with other IT teams in building secure applications and services.

PRINCIPAL RESPONSIBILITIES

• Develop and maintain software application security policies and procedures
• Implement software application security controls
• Design and implement web application firewall (WAF) capabilities
• Identify application security vulnerabilities and issues, perform risk assessments and provide mitigations
• Develop security monitoring for applications, endpoints and network
• Conduct technical investigations of application security incidents
• Interface with senior stakeholders across the IT leadership team to proactively interpret risks and priorities.
• Support the OF’s diversity and inclusion strategy by following policies and procedures that ensure opportunities for employees and diverse business partners
• Assist with other job duties as assigned

PRINCIPAL JOB REQUIREMENTS

• A minimum of 6 to 8 years of experience in designing, implementing and operating web application firewalls
• Hands-on experience with web application security, including OWASP Top 10 vulnerabilities
• Hands-on experience with container security and hardening container platform
• Hands-on experience with conducting web application security scans, vulnerability assessments and/or penetration testing
• Experience in investigating problems and processes within established methodologies and best practices.
• Experience working with Authentication and Authorization services like OAuth and OpenID
• Experience in operating on-prem or cloud based security platforms
• Ability to listen and integrate ideas from diverse groups of individuals, build and maintain respectful relationships, collaborate with others, and resolve conflicts constructively
• Bachelor’s Degree in Information Security or Computer Science or Computer/Electrical Engineering or equivalent field experience
• Proof of eligibility to work in the United States

EQUAL EMPLOYMENT OPPORTUNITY

The Federal Home Loan Banks Office of Finance is committed to equal employment opportunity without regard to race (including traits historically associated with race, such as hair texture, hair type and protective hairstyles), color, religion, sex, pregnancy (including childbirth, lactation, and related medical conditions), national origin or ancestry, age, physical or mental disability, veteran status, uniformed service member status, military status, sexual orientation, gender identity, status as a parent, marital status, genetic information (including testing and characteristics), citizenship status, or any other characteristic protected by applicable federal, state, or local law.