Overview
To serve as a technical interface and subject matter expert between the Software Security Group and engineering teams across the enterprise to enhance the security of our applications through automation, security reviews, and DevSecOps best practices. Collaborate with NFCU teams and vendors to determine security requirements and support or automate security across all phases of product integration, operations, and maintenance to ensure a secure Navy Federal environment. Work independently or in a team environment.
Responsibilities
Act as a subject matter expert on application security to improve upon and further integrate security best practices into product design and engineering efforts as well as software development lifecycles (SDLC)
Support development teams with secure code reviews and other assessments to identify security weaknesses and vulnerabilities
Support and maintain the Secure SDLC standard to include security architecture, design and coding requirements for infrastructure, application and data to align with application security maturity model and adopt a shift-left approach for security
Implement automated security controls as part of CICD pipelines
Identify and develop relevant security controls and processes for products and services developed and deployed for across Navy Federal on-prem and cloud environments
Establish and maintain secure coding standards and best practices to provide guidance and training to development teams on security best practices
Advocate application security through trainings and outreach across NFCU
Provide security related coaching and expertise to drive and elevate security expertise within the development teams to promote security champions
Perform other duties as assigned
Qualifications
Bachelor's degree in Computer Science, or related field (e.g., cybersecurity) or the equivalent combination of education, training or experience
Solid experience in application security and software development in one or more programming languages such as C#, Java, Python, etc.
Experience with security tools such as SAST, DAST, IAST, SCA and other security tools
Familiarity with industry-standard security frameworks such as OWASP, NIST, BSIMM etc.
Experience with CICD pipeline, security tools integration and secure SDLC
Experience collaborating with cross functional engineering and product teams to scale secure SDLC
Knowledge of secure architecture and design patterns for Web, Mobile and Microservices
Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
Experience with methodologies and security testing tools for threat analysis of complex applications and services including threat modeling, software fuzzing, static and dynamic analysis
Strong communication, presentation and analytical skills
Desired Qualifications
Advanced degree in Computer Science, or related field (e.g., cybersecurity) or equivalent technical experience
CISSP, any DevSecOps or other related Information Security certifications
Experience with multiple programming languages such as Java, C#, Python and JavaScript
Experience with cloud-based infrastructure (AWS, Azure, or Google Cloud)
Advanced knowledge of Navy Federal’s functions, philosophy, operations and organizational objectives
Hours: Monday - Friday, 8:00AM - 4:30PM
Location: 820 Follin Lane, Vienna, VA 22180 | 5550 Heritage Oaks Dr. Pensacola, FL 32526 | 141 Security Dr. Winchester, VA 22602 | 9999 Willow Creek Road San Diego, CA 92131
Navy Federal is now hybrid! Our standard enterprise requirement for a hybrid schedule is to report on-site 4-16 days each month. The number of days reporting on-site will ultimately be determined by the employee's leadership and business unit needs. You will learn more throughout the hiring and on boarding process.
About Us
You have goals, dreams, hobbies, and things you're passionate about—what's important to you is important to us. We're looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them—friends, family, and passions. And we're looking for team members who are passionate about our mission—making a difference in military members' and their families' lives. Together, we can make it happen. Don't take our word for it:
• Military Times 2022 Best for Vets Employers
• WayUp Top 100 Internship Programs
• Forbes® 2022 The Best Employers for New Grads
• Fortune Best Workplaces for Women
• Fortune 100 Best Companies to Work For®
• Computerworld® Best Places to Work in IT
• Ripplematch Campus Forward Award - Excellence in Early Career Hiring
• Fortune Best Place to Work for Financial and Insurance Services
Equal Employment Opportunity: Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/Disability EOE/AA/M/F/Veteran/Disability
Disclaimers: Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position. Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team’s discretion based on qualified applicant volume. Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position
Bank Secrecy Act: Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.