Information Security Specialist, Sr. Associate

Job Description:

Purpose: 

Responsible for assisting with the operation of the Bank information security systems and controls with a goal to maintain a strong information security program that enables comprehensive monitoring and compliance verification.  The Specialist will play a key role in Information Security event triage and incident response by monitoring and tuning the Security Information and Event Management (SIEM) system and other alerts generated by security related tools.  The Specialist will also be involved in security operations and is expected to provide hands-on support for a broad spectrum of technologies, including security software running on Windows and Linux systems, network devices, virtual machines, as well as the Bank’s own products and services.

Primary Responsibilities:

• Monitor security systems for anomalies, alerts, and respond to potential security issues.
• Investigate security related alerts and analyze events for impact and escalation.
• Derive conclusions on security events and propose solutions.
• Assist in preparing and updating runbooks and documentation related to security operations, issues, and cyber incidents.
• Manage the Information Security service tickets to provide updates and closure.
• Promote security awareness through newsletter communications, classroom training, and facilitating computer-based training exercises.
• Work with and support Security Engineers in troubleshooting security infrastructure devices and solutions.
• Stay current on IT security trends and news, including researching emerging technologies and maintain awareness of current security risks.
• Participate and provide analysis in security vulnerability assessments and penetration tests on Bank systems and applications.
• Participate in periodic policy compliance reviews, risk assessments, and control testing.
• Participate in internal security audits and investigations.
• Participate in on-call system administration support including but not limited to weekends, holidays and after-business hours as required to service the needs of the business.

Skills/Knowledge:

• Required Skills:
  • Basic functional knowledge with Windows/Linux/commandlines/networking and networking security, vulnerability management, cloud security, Identity and Access Management.
  • Hands-on experience with one or more security tools such as firewalls, IDS/IPS, SIEM, antivirus/anti-malware, patch management, Network Access Control, Data Loss Prevention, Privilege Access Managment, and vulnerability scanners.
  • Understanding of security concepts.
  • Excellent written and verbal communication skills, demonstrating the ability to write with purpose, clarity, and accuracy to both technical and non-technical audiences.
  • Minimum of two years of hands-on experience in an equivalent Information Security role. Banking and/or financial services industry experience, a plus.
  • Self-motivated, organized, and able to multi-task and prioritize work.
  • Able to acquire proficiency and operate independently within 3 to 4 months.

• Additional Desired Skills:
  • Bachelor's or Associate degree in Computer Science, Information Systems or a related field,
  • Industry certification such as: GSEC, CEH, GCIH, and/or CISSP.
  • Previous systems and/or network administration experience
  • Scripting knowledge such as Perl, Python, and/or PowerShell

SALARY RANGE: $115 - 137K

The Federal Home Loan Bank of San Francisco is committed to the principles of equal opportunity in employment (e.g., employees, applicants) and in contracting (e.g., suppliers, vendors) regardless of race, color, religion, sex, national origin, disability status, genetic information, age, sexual orientation, gender identity, status as a parent, or any other characteristic protected by law. We are committed to cultivating a workplace free of unlawful discrimination, harassment, and retaliation, and are dedicated to fostering vibrant communities by serving as a reliable source of liquidity and resources for affordable housing and economic development.

Salary ranges reflect the base salary that the Bank reasonably expects to pay for a given role and is not inclusive of annual incentive award opportunities, retirement benefits or the value of other health and welfare or other ancillary benefits. We consider many factors when determining base salaries such as individual background and experience, the competitive environment, education, particular skill set(s), and industry and institutional knowledge.

The Bank is committed to offering all team members challenging and engaging work with market competitive pay, retirement, and benefit offerings. In support of this commitment, the Bank routinely engages in market competitive benchmarking surveys and analysis to ensure our team members continue to be paid fairly and competitively.