Cyber Security Engineer Principal
Federal Reserve Bank of New York
Job Description
Overview The position will be primarily onâsite with residency commutable to one of our offices. It is responsible for ensuring the security and integrity of the FedNow organization across people, operations, and technology. The role directly supports security engineering and operations, providing cybersecurity expertise through both consultation and handsâon technical activities.
Responsibilities Develop code to automate security frameworks, deploying security tooling using automation as a foundation. Design and execute pointâinâtime security tests, automated or manual, against cloud workloads. Enable DevSecOps integrationâautomate static and dynamic API security checks using CI/CD tools.
Enforce governance gates during key lifecycle phases (e.g., Design, Validate, Publish). Partner with application, security, and platform teams to embed security into API design, development, and deployment. Contribute to security architecture reviews, threat modeling, and technical design discussions.
Define, configure, and enforce API gateway policies for authentication, authorization, encryption, and trafficâmanagement controls. Monitor traffic and collaborate with security and engineering teams on incident response and remediation. Represent a technologistâs perspective in selecting tooling and solutions.
Collaborate, build relationships, and influence direct and indirect team members in a matrixâmanagement environment. Present and debrief cybersecurity findings, risk posture, and control effectiveness to leadership and management audiences. Actively seek to remove barriers and improve security across the program.
Document technical solutions and supporting processes. Identify and address root causes of issues, focusing on solving problem categories rather than individual instances. Qualifications 5+ years of experience in an objectâoriented language (Python, Java, or Go preferably). 5+ years working in a DevSecOps software development environment. 5+ years of cybersecurity experience focused on API gateway engineering. 5+ years of cloudânative experience (AWS preferred).
Strong understanding of API security, OWASP API Top10, and secure API design principles. Exposure to API gateway security tools (runtime protection, discovery, or posture management). Proficiency with Infrastructure as Code (Terraform, Pulumi).
Proven experience building and securing CI/CD pipelines (GitHub, GitLab CI, Jenkins, etc.). Proficiency with container technologies (Docker, Kubernetes) and their security implications. Expertise with Cloud IAM configuration/policies and container orchestration/testing.
Lead and execute cyber incident response activities: detection, analysis, containment, eradication, and recovery. Strong communication skills, ability to influence at all levels of the organization, and ability to simplify complex security topics for consumption and critical decisionâmaking. Logistics and Requirements Ability to obtain a security clearance.
Support onâcall and workârotation activities. Relevant certifications (CISSP, CISM, GIAC, AWS, AZURE). Compensation range: $170,200 â $212,700 â $255,200.
Legal and EEO Statement The Federal Reserve System is committed to a diverse and inclusive workplace and to provide equal employment opportunities to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service. #J-18808-Ljbffr