The National Incident Response Team (NIRT), a national service provider for the Federal Reserve System, delivers effective and efficient national intrusion detection, incident response, security intelligence, threat assessment, and vulnerability assessment services for the Federal Reserve System. The mission of the National Incident Response Team is to play a leading role in the Federal Reserve System's efforts to protect is information systems against unauthorized use. As a member of the Incident Detection and Analysis (IDA) Team, you will analyze a large volume of security event data from a variety of sources with the goal of identifying suspicious and malicious activity; perform post mortem analysis of traffic flows; perform case management throughout the incident life cycle; and complete projects and tasks associated with security monitoring, detection, and incident response on an as needed basis. You will interact directly with the NIRT's technical and business customers located across the United States.
Review and analyze SIEM security events from various monitoring and logging sources, as well as associated network traffic to identify and /or confirm suspicious activity.
Research potential containment and eradiation techniques for analyzed security events in order to provide proper mitigation guidance to incident responders.
Perform acquisition and basic to moderate static/behavioral analysis of malware specimens to determine the effects on internal systems at both the host and network level.
Perform post-mortem analysis on traffic flows in accordance with current and emerging threat and attack vectors to identify and/or confirm malicious activity or compromise.
Manage incident cases from inception to closure, which includes proper prioritization, assignment to incident response teams, and adherence to customer SLAs.
Research, develop, and keep abreast of testing tools, techniques, and process improvements in support of security detection and analysis.
Execute tasks or lead small projects as needed.
Participate in customer and partner facing meetings and projects.
Communicate and interact directly with other staff to ensure optimal individual and group performance.
Maintain understanding of unit, department, and applicable Bank regulations, policies and procedures.
Perform related duties as assigned or requested in compliance with ISO 9000 (International Standards Organization).
Work weekends and holidays on a rotational basis to ensure 24x7 coverage of Threat Analysis Center (TAC) Qualifications
Bachelor degree in Computer Science or a related discipline and experience in security aspects of multiple platforms, operating systems, software, communications and network protocols or an equivalent combination of education and work experience.
Two or more years working in IT security, preferably with hands on experience performing incident detection and analysis in a 24x7 operational environment, or educational equivalent.
Strong knowledge of current security threats, techniques, and landscape.
Strong conceptual understanding of SIEM technology as used by information security analysts.
Knowledge of, and experience with, TCP/IP protocols and packet analysis.
Knowledge of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network protocols.
Working knowledge of Microsoft Office products, including Visio and Project.
Good communication skills, analytical ability, strong judgment and leadership skills, and the ability to work effectively with clients and IT management and staffs.
Ability to communicate technical issues to technical and non-technical business representatives on an as needed basis with direction from management.
Ability to understand strategic objectives and vision, and work towards those goals
Dedicated and self driven desire to research current information security landscape
Knowledge of Perl, Python, scripting, or other languages a plus.
Knowledge of Linux and Microsoft Windows Server or other operating systems.
Knowledge of databases or SQL a plus.
Ability to obtain and maintain National Security Clearance.
GIAC Certified Intrusion Analyst (GCIA) desired or demonstrated skills and ability to obtain certification.
Ability to work on weekends and after-hours as necessary on an unscheduled basis, especially during security incidents and emergencies.
Ability to work rotational weekends and holidays on a scheduled basis. This position requires access to confidential supervisory information, which is limited to 'Protected Individuals' as defined in the U.S. federal immigration law. Protected Individuals include, but are not limited to, U.S. citizens, U.S. nationals, U.S. permanent residents who are not yet eligible to apply for naturalization, and U.S. permanent residents who have applied for naturalization within six months of being eligible to do so. The Federal Reserve Bank of San Francisco is an Equal Opportunity Employer. Our people proudly reflect the diversity and ideas of the communities we serve.
The Federal Reserve Bank of San Francisco provides wholesale banking services to financial institutions in the nine western states through...