Information Security Specialist, Sr. Associate

Federal Home Loan Bank of San Francisco•San Francisco, CA

About The Position

Responsible for assisting with the operation of the Bank information security systems and controls with a goal to maintain a strong information security program that enables comprehensive monitoring and compliance verification. The Specialist will play a key role in Information Security event triage and incident response by monitoring and tuning the Security Information and Event Management (SIEM) system and other alerts generated by security related tools. The Specialist will also be involved in security operations and is expected to provide hands-on support for a broad spectrum of technologies, including security software running on Windows and Linux systems, network devices, virtual machines, as well as the Bank’s own products and services.

Requirements

Basic functional knowledge with Windows/Linux/commandlines/networking and networking security, vulnerability management, cloud security, Identity and Access Management.
Hands-on experience with one or more security tools such as firewalls, IDS/IPS, SIEM, antivirus/anti-malware, patch management, Network Access Control, Data Loss Prevention, Privilege Access Managment, and vulnerability scanners.
Understanding of security concepts.
Excellent written and verbal communication skills, demonstrating the ability to write with purpose, clarity, and accuracy to both technical and non-technical audiences.
Minimum of two years of hands-on experience in an equivalent Information Security role.
Self-motivated, organized, and able to multi-task and prioritize work.
Able to acquire proficiency and operate independently within 3 to 4 months.

Nice To Haves

Banking and/or financial services industry experience, a plus.
Bachelor's or Associate degree in Computer Science, Information Systems or a related field.
Industry certification such as: GSEC, CEH, GCIH, and/or CISSP.
Previous systems and/or network administration experience.
Scripting knowledge such as Perl, Python, and/or PowerShell.

Responsibilities

Monitor security systems for anomalies, alerts, and respond to potential security issues.
Investigate security related alerts and analyze events for impact and escalation.
Derive conclusions on security events and propose solutions.
Assist in preparing and updating runbooks and documentation related to security operations, issues, and cyber incidents.
Manage the Information Security service tickets to provide updates and closure.
Promote security awareness through newsletter communications, classroom training, and facilitating computer-based training exercises.
Work with and support Security Engineers in troubleshooting security infrastructure devices and solutions.
Stay current on IT security trends and news, including researching emerging technologies and maintain awareness of current security risks.
Participate and provide analysis in security vulnerability assessments and penetration tests on Bank systems and applications.
Participate in periodic policy compliance reviews, risk assessments, and control testing.
Participate in internal security audits and investigations.
Participate in on-call system administration support including but not limited to weekends, holidays and after-business hours as required to service the needs of the business.