For the business lines supported by Cleveland (Pay.gov, Debit Gateway, TCMS/DVS, CIR, eCommerce and any potential future business lines) which are owned by the Department of Treasury's Bureau of the Fiscal Service, The Application Security Associate or Application Security Analyst position provides leadership for protecting the confidentiality, integrity, and availability of web and/or mobile applications by establishing and enforcing system access controls; defining system security requirements, recommending improvements to system security frameworks, ensuring authorized access to systems through monitoring, performing testing or scanning for security vulnerabilities, and raising security awareness.
Essential Accountabilities- Identify security related issues and define security requirements during all phases of the application development lifecycle.
- Review program/development documents to ensure adherence to secure coding standards, guidelines and security requirements.
- Coordinate with developers to ensure secure and resilient design, prototyping, development, testing, support, and documentation of moderately complex application software.
- Monitor for atypical usage of information system accounts and other abnormalities to identify possible breaches.
- Assist with FISMA initiatives, e.g., updating security plans, to support ISSO responsibilities.
- Coordinate the identification of security-related issues and definition of security requirements during all phases of the software development lifecycle (SDLC).
- Perform penetration testing activities to ensure web vulnerabilities are not present within Treasury Services applications.
- Conducts analysis and interpreting of cybersecurity trends and emerging risks, quantifies potential impact, and develops conclusions and recommended application security responses.
- Performs other duties as assigned or requested
Education and Experience - Application Security Associate- Associates degree and 2 years of related work experience OR
- Bachelor's degree and no prior related work experience
Education and Experience - Application Security Analyst- Associates degree and 5 years of related work experience OR
- Bachelor's degree and 3 years of related work experience OR
- Master's degree and 0-1 year of related work experience
Knowledge and Skills- Ability to analyze highly complex business requirements.
- Thorough understanding of industry based security controls relating to applications, services, and systems.
- Knowledge of cloud-based platforms and technologies.
- Thorough understanding of security controls relating to access control, authentication, and auditing.
- Demonstrated knowledge and understanding of information security industry trends and emerging technologies, especially relating to application security vulnerabilities.
- Proficient at testing web application for security vulnerabilities, such as those listed in the Open Web Application Security Project (OWASP) Top 10 and familiar with the tools used for testing
Location: Cleveland, OHThe expected starting salary range for the Application Security Associate is between $73,400 and $91,800 and the Application Security Analyst is between $81,600 and $102,300 annually.
Final salary and offer will be determined by the applicant's background, experience, skills, internal equity, and market data. The Cleveland Fed offers benefits to support overall health and financial security. Learn more about our benefits here: https://www.clevelandfed.org/careersPhysical Demands and General Working ConditionsThis is not necessarily an exhaustive list of all responsibilities, duties, standards or requirements, efforts, skills or working conditions associated with the job. While this is intended to be an accurate reflection of the current job, the Federal Reserve Bank of Cleveland reserves the right to revise this or any job description at any time.
