Computer Security Systems Specialist Level III

The mission of the OFR is to support the Financial Stability Oversight Council (FSOC) in promoting financial stability by: collecting data on behalf of FSOC; providing such data to FSOC and member agencies; standardizing the types and formats of data reported and collected; performing applied research and essential long-term research; developing tools for risk measurement and monitoring; performing other related services; making the results of the activities of the OFR available to financial regulatory agencies; and assisting such member agencies in determining the types of formats of data authorized to be collected by such member agencies.

Design, develop, engineer, and implement solutions to MLS requirements. Perform complex risk analyses which include risk assessment, SIEM-based threat detection and monitoring, and secure code review processes to identify and mitigate security vulnerabilities throughout the development lifecycle. Establish and validate information assurance and security controls based upon the analysis of user, policy, regulatory, and incorporating vulnerability scanning results, SIEM alert correlation, and code analysis findings into security posture assessments. Perform analysis, design, and development of security features for system architectures that incorporate vulnerability management capabilities, SIEM integration points, and secure code review checkpoints to ensure comprehensive security coverage across all system components.

This highly technical role requires deep understanding of modern cybersecurity engineering principles, control validation, including security-as-code, infrastructure-as-code, and DevSecOps practices. The engineer should have proven experience conducting security assessments, hands-on experience managing a vulnerability management program, reviewing and recommending detection rules, incident response playbooks, and performing regular audits of security controls and access management systems.

Key Tasks and Responsibilities:

• To effectively manage Cybersecurity risk to the Office, the contractor will assist the OFR in refining and implementing the processes and methodologies to assess internal and external/third-party systems and provide accurate accounting and tracking for risks and findings.

• Conducting comprehensive vulnerability management using Nexpose, Rapid7, and Qualys platforms to identify, prioritize, and remediate security vulnerabilities and configuration baselines across the enterprise infrastructure.

• Implements automated container vulnerability scanning tools, such as AWS Clair, to identify and evaluate critical findings.

• Perform application security testing using Fortify WebInspect to assess web applications for security flaws and conduct thorough code reviews using Veracode to identify vulnerabilities in source code.

• Create custom queries and generate detailed reports in Splunk to support security monitoring, incident analysis, and compliance reporting.

• Tracked, monitor and report on Plans of Action and Milestones (POA&Ms). Findings discovered through risk assessments, Security Controls Assessments (SCA), continuous monitoring activities, vulnerability scans, application security tests, and code analysis will be collected, analyzed and used to provide continuous reporting and support informed, risk-based decision making.

• Develop policies for least-privilege access controls, implement network segmentation strategies, integrate identity and access management solutions with network security controls, and establish continuous monitoring and validation processes to ensure all network communications are authenticated, authorized, and encrypted.

• Serving as the principal liaison between the OFR and supporting personnel for the specific subtask area (e.g., Security Controls Assessors, ISSOs, Continuous Monitoring).

Job Requirements: