Cyber Security Engineer Principal
Federal Reserve Bank of Boston · Boston, MA · 1 wk ago
Information Technology$170k–$213k/yrFull-time
About the role
The position will be primarily on-site with residency commutable to one of our offices required. This individual will directly support security engineering and operations, and provide cybersecurity expertise through consultation and hands-on technical activities.
Responsibilities
- Develop code to automate security frameworks into functional, secure infrastructure and deploy security tooling using automation as a foundation.
- Design and execute point-in-time security tests, automated or manually, against cloud workloads.
- DevSecOps integration – enable automate static and dynamic API security checks using CI/CD tools.
- Enforce governance gates during key lifecycle phases (eg. Design, Validate, Publish).
- Partner with application, security, and platform teams to embed security into API design, development, and deployment.
- Contribute to security architecture reviews, threat modeling, and technical design discussions.
- Define, configure, and enforce API gateway policies for authentication, authorization, encryption, and traffic-management controls.
- Monitor traffic and collaborate with security and engineering teams on incident response and remediation.
- Represent a technologist’s point of view in selecting tooling and solutions.
- Proven ability to collaborate, build relationships and influence direct & in-direct team members in a matrix-management environment.
- Present and debrief cybersecurity findings, risk posture, and control effectiveness to leadership and management audiences, translating technical security data into clear, actionable insights to support informed decision-making.
- Actively seek to remove barriers and improve security across the program.
- Document technical solutions developed and the supporting processes.
- Identify and address the root causes of issues, focusing on solving problem categories rather than individual instances.
- Engage early and comprehensively.
Requirements
- Programming Languages relevant to web and API development such as Python, Java, GO is required.
- Experience security testing cloud workloads.
- Strong understanding of web service protocols, REST principles, and client-server architecture is necessary.
- Strong understanding of API defense strategies and ability to implement.
- Foundational understanding of logging and monitoring tools to detect anomalies and respond to incidents in real-time.
- Strong attention to detail and creative problem-solving are essential for navigating complex security challenges.
- Ability to effectively communicate risks and solutions to both technical and non-technical stakeholders.
Qualifications
- Desired Qualifications: 5+ years of experience in an object-oriented language (Python, Java, or Go preferably); 5+ years of experience in Cyber Security, with a focus on API gateway engineering; 5+ years of Cloud Native experience (AWS preferred); Strong understanding of API Security, OWASP API Top 10, secure API design principles; Exposure to API gateway security tools (runtime protection, discovery, or posture mgmt.); Proficiency in working with Infrastructure as Code (i.e Terraform, Pulumi); Proven experience building and securing CI/CD pipelines (GitHub, GitLab CI, Jenkins, etc.); Proficiency with container technologies (Docker, Kubernetes) and their security implications; Expertise with Cloud IAM configuration/policies, container orchestration/testing; Lead and execute cyber incident response activities, including detection, analysis, containment, eradication, and recovery with a focus on senior-level responsibilities; Strong communication skills with ability to influence at all levels of the organization; ability to simplify complex security topics for consumption and critical decision making.
Skills
- Expertise you would bring: 5+ years of experience in an object-oriented language (Python, Java, or Go preferably); 5+ years of experience in Cyber Security, with a focus on API gateway engineering; 5+ years of Cloud Native experience (AWS preferred); Strong understanding of API Security, OWASP API Top 10, secure API design principles; Exposure to API gateway security tools (runtime protection, discovery, or posture mgmt.); Proficiency in working with Infrastructure as Code (i.e Terraform, Pulumi); Proven experience building and securing CI/CD pipelines (GitHub, GitLab CI, Jenkins, etc.); Proficiency with container technologies (Docker, Kubernetes) and their security implications; Expertise with Cloud IAM configuration/policies, container orchestration/testing; Lead and execute cyber incident response activities, including detection, analysis, containment, eradication, and recovery with a focus on senior-level responsibilities; Strong communication skills with ability to influence at all levels of the organization; ability to simplify complex security topics for consumption and critical decision making.
Benefits
Not specified.
Pay
$170,200 - $255,200
Schedule
Not specified.