Sr. Cybersecurity Analyst II (Sr Vulnerability Analyst) - Information Technology-R025652
: DC-Washington
: Regular
: Exempt
: Standard
Relocation Provided: Yes
Compensation Grade Low: FR PAY GRADE 27
Compensation Grade High: FR PAY GRADE 28
Minimum Salary: $140,500.00
Maximum Salary: $210,500.00
: May 14, 2026
Minimum Education
Bachelor's degree or equivalent experience
Minimum Experience
6
Summary
Oversees and/or participates in the instrumentation and administration of cybersecurity tools, appliances, and measures to protect the Board’s IT assets and ensure the Board’s ability to conduct its mission. Utilizes cybersecurity tools such as firewalls, proxies, intrusion detection, intrusion prevention, endpoint protection, and data analysis platforms as part of an integrated, defense in depth solution with a central security information and event management (SIEM) system and security orchestration tools. Develops an expert understanding of system architecture and the ability to identify security weaknesses that can be exploited to compromise a variety of systems used by the Board. Develops technical products and presents highly technical subjects to a variety of audiences ranging from non-technical senior leaders to highly technical subject matter experts. Oversees collaboration with other cybersecurity professionals to develop and implement cybersecurity solutions that enable threat hunt activities. With limited guidance provides technical and analytical assessments to support information security engineering decisions to ensure Board information and systems are adequately protected.
Duties and Responsibilities
Position Requirements
FR-27 Minimal Qualifications
Requires a bachelor’s degree, preferably in computer science, information technology, cybersecurity or a related business technology field and six years of experience. With limited guidance, manages cybersecurity projects focused on developing and instrumenting complex approaches to detect, prevent, and respond to cybersecurity intrusions and/or compromises. Authors documents and oversees the execution of project plans, schedules, requirements, risks, assumptions, cost, performance, and resource utilization with minimal supervision. Must have expert knowledge in at least one of the following areas: general cybersecurity fundamentals, cyber threat analysis, data science principles, digital forensics, incident handling, incident management, incident response, vulnerability management, security engineering, automation and programming, project management, and relevant technologies and programming languages. Must be able to work effectively with staff. Must be familiar with relevant policies, procedures, and be able to work with TOP SECRET / SENSITIVE COMPARTMENTED INFORMATION. Must be able to lead one or more of the following: providing threat assessments, recommending cybersecurity technologies for intrusion detection and prevention, assessing technical vulnerabilities, identifying automation opportunities, investigating, and resolving security breaches, technical writing, and communication.
FR-28 Minimal Qualifications
Requires a bachelor’s degree in computer science, information technology, cybersecurity or a related business technology field and eight years of experience. Must have expert knowledge in the in at least one of the following areas: general cybersecurity fundamentals, cyber threat analysis, data science principles, digital forensics, incident handling, incident management, incident response, vulnerability management, security engineering, automation and programming, project management, and relevant technologies and programming languages. Must be able to work effectively with staff. Must be familiar with relevant policies, procedures, and be able to work with TOP SECRET / SENSITIVE COMPARTMENTED INFORMATION. Must be able to direct one or more of the following: providing threat assessments, recommending cybersecurity technologies for intrusion detection and prevention, assessing technical vulnerabilities, identifying automation opportunities, investigating, and resolving security breaches, technical writing, and communication.
Remarks: The Sr. Cybersecurity Analyst II (Sr. Vulnerability Analyst) is an individual contributor position responsible for supporting the enterprise vulnerability management program for the Board. The Sr. Cybersecurity Analyst II (Sr. Vulnerability Analyst) possesses knowledge of policies and best practices pertinent to vulnerability management and has the ability to operationalize that information in the form of organizational governance and technical process (NIST, DHS/CISA, OWASP, NVD, SEI, etc.). The Sr. Cybersecurity Analyst II (Sr. Vulnerability Analyst) consumes cyber threat intelligence that describes new and emerging vulnerabilities and translates that information into active defense and preventive measures. The Sr. Cybersecurity Analyst II (Sr. Vulnerability Analyst) analyzes systems for potential weaknesses and/or vulnerabilities and proposes solutions to mitigate those risks. The Sr. Cybersecurity Analyst II (Sr. Vulnerability Analyst) establishes and oversees patch management operations for all kinds of assets in the environment and designs mitigations where patching is impractical or impossible. The Sr. Cybersecurity Analyst II (Sr. Vulnerability Analyst) establishes and implements a risk management approach for vulnerabilities including thresholds, mitigations, and risk tolerances that drives other vulnerability response actions. The Sr. Cybersecurity Analyst II (Sr. Vulnerability Analyst) provides services including static and dynamic application security testing, web application vulnerability scanning, vulnerability analysis, enterprise patch management, and proposing mitigations for specific threats. The Sr. Cybersecurity Analyst II (Sr. Vulnerability Analyst) develops technical products and presents highly technical subjects to a variety of audiences, ranging from non-technical senior leaders to highly technical subject matter experts. The Sr. Cybersecurity Analyst II (Sr. Vulnerability Analyst) collaborates with other vulnerability management professionals in the Federal space and throughout the Federal Reserve System to develop and implement cybersecurity solutions that enable vulnerability management activities. The Sr. Cybersecurity Analyst II (Sr. Vulnerability Analyst) provides technical and analytical vulnerability assessments to support information security engineering decisions to ensure Board information and systems are adequately protected.
Highly Desirable:
The expected salary range for this role is $140,500 - $210,000, which spans all the posted grades. Final offers are based on the grade for which you minimally qualify and are determined by experience and education, as well as internal and external factors.
This position requires an in-office presence in Washington, DC