Overview:

The National Incident Response Team (NIRT), a National Information Technology Operation (NITO) for the Federal Reserve System, delivers effective and efficient national intrusion detection, incident response, security intelligence, threat assessment, and vulnerability assessment services for the Federal Reserve System. As a member of NIRTs Information Security Assessment Team, you will perform hands-on, technical penetration/ethical hacking tests of all facets of the Federal Reserve System's IT environment. You will interact directly with NIRT's customers located across the United States.

Job Responsibilities:

• Oversee and conduct vulnerability assessments and penetration testing/ethical hacking

• Oversee and perform the review and analysis of security vulnerability data to identify applicability and false positives

• Prepare and distribute security assessment reports to customers

• Research and develop testing tools, techniques, and process improvements

• Perform additional incidental duties as assigned

Job Requirements:

• Bachelor degree in Information Technology/Computer Science, or related disciplines and/or equivalent work experience

• Excellent analytical skills

• Excellent interpersonal, communication, organizational, and project management skills

• Team player with excellent consultative and communication skills, and the proven ability to work effectively with client, internal management and staff, vendors and consultants

• Strong written and verbal communications skills

• Proven ability to communicate technical issues to technical and non-technical business area representatives

• Hands-on experience with commercial and open-source network and application security testing tools

• Experience testing web applications for common security vulnerabilities as defined by OWASP. These include input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues

• Ability to travel

• Approximately 3-5 years of experience in the security aspects of multiple platforms, operating systems, software, communications, and network protocols

• Ability to obtain US Security Clearance

• CISSP certified or the ability to work towards obtaining the certification

Desired

• Script-writing skills (Python, Perl)

• Familiarity with application development (C, C , .NET, JAVA)

• Experience developing exploits

• Experience with application security source code and design review

The Federal Reserve Bank of San Francisco is an Equal Opportunity Employer. Our people proudly reflect the diversity and ideas of the communities we serve.