Jobs · Information Technology · Massachusetts

Cyber Security Engineer Principal

Federal Reserve Bank of Boston · Boston, MA · 1 wk ago
Information Technology$170k–$213k/yrFull-time

About the role

The position will be primarily on-site with residency commutable to one of our offices required. This individual will directly support security engineering and operations, and provide cybersecurity expertise through consultation and hands-on technical activities.

Responsibilities

  • Develop code to automate security frameworks into functional, secure infrastructure and deploy security tooling using automation as a foundation.
  • Design and execute point-in-time security tests, automated or manually, against cloud workloads.
  • DevSecOps integration – enable automate static and dynamic API security checks using CI/CD tools.
  • Enforce governance gates during key lifecycle phases (eg. Design, Validate, Publish).
  • Partner with application, security, and platform teams to embed security into API design, development, and deployment.
  • Contribute to security architecture reviews, threat modeling, and technical design discussions.
  • Define, configure, and enforce API gateway policies for authentication, authorization, encryption, and traffic-management controls.
  • Monitor traffic and collaborate with security and engineering teams on incident response and remediation.
  • Represent a technologist’s point of view in selecting tooling and solutions.
  • Proven ability to collaborate, build relationships and influence direct & in-direct team members in a matrix-management environment.
  • Present and debrief cybersecurity findings, risk posture, and control effectiveness to leadership and management audiences, translating technical security data into clear, actionable insights to support informed decision-making.
  • Actively seek to remove barriers and improve security across the program.
  • Document technical solutions developed and the supporting processes.
  • Identify and address the root causes of issues, focusing on solving problem categories rather than individual instances.
  • Engage early and comprehensively.

Requirements

  • Programming Languages relevant to web and API development such as Python, Java, GO is required.
  • Experience security testing cloud workloads.
  • Strong understanding of web service protocols, REST principles, and client-server architecture is necessary.
  • Strong understanding of API defense strategies and ability to implement.
  • Foundational understanding of logging and monitoring tools to detect anomalies and respond to incidents in real-time.
  • Strong attention to detail and creative problem-solving are essential for navigating complex security challenges.
  • Ability to effectively communicate risks and solutions to both technical and non-technical stakeholders.

Qualifications

  • Desired Qualifications: 5+ years of experience in an object-oriented language (Python, Java, or Go preferably); 5+ years of experience in Cyber Security, with a focus on API gateway engineering; 5+ years of Cloud Native experience (AWS preferred); Strong understanding of API Security, OWASP API Top 10, secure API design principles; Exposure to API gateway security tools (runtime protection, discovery, or posture mgmt.); Proficiency in working with Infrastructure as Code (i.e Terraform, Pulumi); Proven experience building and securing CI/CD pipelines (GitHub, GitLab CI, Jenkins, etc.); Proficiency with container technologies (Docker, Kubernetes) and their security implications; Expertise with Cloud IAM configuration/policies, container orchestration/testing; Lead and execute cyber incident response activities, including detection, analysis, containment, eradication, and recovery with a focus on senior-level responsibilities; Strong communication skills with ability to influence at all levels of the organization; ability to simplify complex security topics for consumption and critical decision making.

Skills

  • Expertise you would bring: 5+ years of experience in an object-oriented language (Python, Java, or Go preferably); 5+ years of experience in Cyber Security, with a focus on API gateway engineering; 5+ years of Cloud Native experience (AWS preferred); Strong understanding of API Security, OWASP API Top 10, secure API design principles; Exposure to API gateway security tools (runtime protection, discovery, or posture mgmt.); Proficiency in working with Infrastructure as Code (i.e Terraform, Pulumi); Proven experience building and securing CI/CD pipelines (GitHub, GitLab CI, Jenkins, etc.); Proficiency with container technologies (Docker, Kubernetes) and their security implications; Expertise with Cloud IAM configuration/policies, container orchestration/testing; Lead and execute cyber incident response activities, including detection, analysis, containment, eradication, and recovery with a focus on senior-level responsibilities; Strong communication skills with ability to influence at all levels of the organization; ability to simplify complex security topics for consumption and critical decision making.

Benefits

Not specified.

Pay

$170,200 - $255,200

Schedule

Not specified.

Similar jobs