- Responsible for the development, implementation, and management of the Districts Application Security Program.
- Assists in the review and update of cyber security policies, architectures, controls and standards
- Partners with IT and internal and external business partners to ensure that security is factored in the evaluation, selection, installation and configuration process for new hardware, software or cloud solutions.
- Partners with Information Technology teams to define and implement processes and procedures required to achieve security control requirements.
- Consults with application development teams on secure coding practices and strategies to prevent and remediate vulnerabilities.
- Participates in security testing and risk assessment activities providing expertise and input to ensure appropriate discovery and remediation control deficiencies or information security threats.
- Provides leadership and expertise to security monitoring and operations team by assisting team during incident response, analyzing complex threat scenarios, communicating to stakeholders, and by supporting root cause analysis activities.
- Organizes and leads table-top exercises to practice and rehearse organizational incident response to complex scenarios and security threat events.
- Champions and communicates security best practices and risk mitigation strategies to business leaders, organization management, and across IT development, engineering, and operational teams.
- Leads by example, demonstrating high performance in the areas of customer satisfaction, collaboration, teamwork and reliability.
- Bachelor’s degree or equivalent combination of education and experience; coursework in Computer Science or Management Information Systems (MIS) is preferred.
- Minimum of 8 years of combined experience within information technology and information security with a broad range of exposure to architecture, engineering, or cybersecurity disciplines.
- Strong background in application development with broad understanding of application, infrastructure, and cloud security best practices.
- Extensive knowledge of secure coding practices, ethical hacking and threat modeling techniques
- Extensive knowledge and experience with security tools and processes, including application and code scanning, container security and security testing.
- Well-versed in DevSecOps including deep knowledge of continuous integration and continuous delivery (CI/CD) practices and automation methodologies.
- Demonstrated experience serving as a lead technical subject matter expert (SME) for a software development, engineering, or security team.
- Strong written and verbal communication skills with a high degree of comfort speaking with developers, IT executives and business partners.
- Professional certification such as CISSP, SSCP, etc. is preferred.
- Candidates must be available to work on-site in at least a hybrid capacity. This is not a 100% remote opportunity.
Our total rewards program offers benefits that are the best fit for you at every stage of your career:
- Comprehensive healthcare options (Medical, Dental, and Vision)
- 401K match, and a fully funded pension plan
- Paid time off and holidays
- Generously subsidized public transportation
- Annual educational assistance
- On-site fitness facility
- Professional development programs, training and conferences
- And more…
*The Minneapolis Fed is committed to developing a diverse workforce and providing an inclusive environment where all employees are respected and valued. We believe that we can foster development opportunities for all and reach our full potential by recognizing the unique experiences and identities of each of our colleagues. From economists to cash specialists, we work together to represent you in our economy.
**A requirement of this position is that the employee must be fully vaccinated against COVID-19 and received all approved boosters or qualify for an accommodation from the Bank’s vaccination policy; the Bank will provide accommodations as required by law for individuals unable to be vaccinated due to medical condition or sincerely held religious belief.