Software Security Architect

Full Time
San Francisco, CA
Areas of Interest: All Source Intelligence, Exploitation Analysis, Incident Response, Software Assurance and Security Engineering, Systems Security Architecture, Threat Analysis, Vulnerability Assessment and Management
report a problem
Federal Reserve Bank of San Francisco
Primary Location:   CA-San Francisco
Full-time / Part-time:   Full-time
Employee Status:   Regular
Overtime Status:   Exempt
Job Type:   Experienced
Travel:   Yes, 25 % of the Time
Shift:   Day Job
Job Sensitivity Tier II - Credit Check

Federal Reserve System

The Federal Reserve System (FRS), and its 12 District Banks located throughout the United States, is both a Private and a Public, Nonprofit Organization, whose objective is to: 1) Maximize Employment  2) Stabilize Inflation, and 3) Moderate long-term interest rates for its Citizens. (  
NIRT Overview
The National Incident Response Team (NIRT) is an in-house Information Security team that serves the entire Federal Reserve System across the United States and its territories.  NIRT is responsible for delivering effective and efficient nationwide cyber intrusion detection, incident response, threat assessment, cyber intelligence, software security, and vulnerability assessment services to the Federal Reserve System and its private and public sector clients.
NIRT’s primary mission is to play a leading role in the Federal Reserve System’s efforts to protect its information systems against cyber security attacks, monetary theft, and unauthorized use by both internal and external individuals who wish to do harm to the United States and destabilize the global economy.
Job Description
As a Software Security Architect within NIRT’s Software Security Group, you will provide secure architecture, coding, and design guidance to the Federal Reserve and its partners through threat modeling, code reviews, secure design reviews, and developer education to enhance the software security expertise across the Federal Reserve System.
This position will be a member of the team responsible for defining and overseeing secure development activities throughout the software development lifecycle, tailored for risk and application architecture, and will work closely with architecture, development, and information security teams in each development organization within the Federal Reserve System.
Job Responsibilities
  • Influence and define security architecture and design direction for business line technology platforms.
  • Perform threat modeling, code reviews, and secure design reviews for high risk applications.
  • Assist developers in remediating vulnerability findings by providing line-by-line coding guidance.
  • Provide education and training to developers on software security best practices.
  • Implement or manage the implementation of common application security controls like the Enterprise Security API (ESAPI).
Required Qualifications and Skills
  • By federal law, the candidate hired for this position must be a United States Citizen and be able to obtain and maintain a National Security Clearance
  • The candidate selected will be required to pass a background check including credit check, drug screen, and psychological exam
  • 5+ years of experience Information Security and Software Development combined
  • Strong knowledge of Software Security and solid understanding of a Secure SDLC Process
  • Experience testing web applications for common vulnerabilities including input validation, broken access controls, session management, cross-site scripting, SQL injection and web server configuration issues
  • Experience conducting threat modeling and secure design reviews
  • Experience with multiple development methodologies and software architectures
  • Proficient in .NET and/or Java
  • Ability to assess and correct cryptographic implementations for web applications
  • Familiarity with the OWASP Top 10
  • Exceptional analytical and critical thinking skills
  • Ability to travel up to 25%
Preferred Qualifications and Skills
  • Information Security consulting experience, providing subject-matter expertise on a range of information security topics
  • Ability to assess and code proper OWASP Top 10 controls in .NET and Java
  • Experience training developers in secure coding techniques
  • Experience with NIST 800-37, NIST 800-30, Open Software Assurance Maturity Model (Open SAMM), Building Security in Maturity (BSIMM)
  • Certifications such as: Certified Secure Software Lifecycle Professional (CSSLP), GSSP-Java, GSSP-.NET., GIAC Web Application Defender (GWEB), GIAC Web Application Penetration Tester (GWAPT)
Work Hours
  • 8:00 a.m. to 5:00 p.m., Monday – Friday
  • Overtime as required by project scheduled or management
  • ***Eligible to work from home up to 3 days per week***
  1. By federal law, the candidate hired for this position must be a United States Citizen and be able to obtain and maintain a National Security Clearance. 
  2. The candidate selected will be required to pass a background including criminal check, credit check, drug screen, and psychological assessment. 
  3. This position may be filled at various levels based on candidates experience and departmental needs.
  4. The Federal Reserve Bank of San Francisco is an Equal Opportunity Employer. Our people proudly reflect the diversity and ideas of the communities we serve.

Share this job:

Federal Reserve System

The Fed - Make a world of difference in the global economy
OUR BANK has one of the most recognizable brands around the world. The Federal Reserve is the central bank of the United States—one of the world's most influential, trusted and prestigious financial organizations. The Federal Reserve is charged with the important mission of promoting a strong economy and a stable financial system and fulfills this responsibility by formulating national monetary policy, supervising and regulating banks and bank holding companies, and providing financial services for banks and the U.S. government. 

OUR PEOPLE are diverse in background and ideas, which allows for ongoing creativity and innovation. Ultimately, they are the ones who push our high-performance, exchange-driven culture forward. 

Why Our People Choose Us: 

Our reputation precedes us 
There will always be room for personal growth 
Our people are first 
You’ll find the right balance 
Your responsibilities will be meaningful 

We hope that you will be our future colleague. 

monetary policy, economics, bankers' bank, bank supervision
Visit Federal Reserve System's Social Media pages:
Company Industry: Banking
Company Type: Non Profit
Company Size: 1,001-5000