Job Description

YOUR LIFE'S MISSION : POSSIBLE

You have goals, dreams, hobbies and things you’re passionate about.

What’s Important to You Is Important to Us

We’re looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them friends, family and passions.

And we're looking for team members who are passionate about our mission making a difference in military members' and their families' lives.

Together, we can make it happen.

Don’t take our word for it.

• Military Times 2021 Best for Vets Employers
• WayUp Top 100 Internship Programs
• Forbes® 2021 The Best Employers for New Grads
• Forbes® America's Best Employers
• Newsweek Top 100 Most Loved Workplaces
• 2021 People Companies that Care
• Fortune Best Workplaces for Women
• Fortune 100 Best Companies to Work For®
• Fortune Best Workplaces for Millennials
• Computerworld® Best Places to Work in IT

Basic Purpose

To drive embedding security seamlessly into the product development lifecycle, the Senior Application Security Engineer will serve as a technical interface and subject matter expert working with ISD and Digital teams.

The engineer will collaborate with NFCU teams and vendors to determine security requirements and support all phases of product integration, operations, and maintenance to ensure a secure Navy Federal environment.

They will be able to work independently or in a team environment.

Responsibilities :

• Provide subject matter expertise on secure architecture, design and coding practices based on current knowledge of security threats and vulnerabilities that could impact the technology stack.
• Support definition of Secure SDLC standard to include security architecture, design and coding requirements for infrastructure, application and data to align with application security maturity model and adopt a shift-left approach for security.
• Evaluate various application security tools including SAST, DAST, SCA, IAST, and Pen Testing and operationalize security tools for integration with CI / CD.
• Perform application testing and review security test results from scans and penetration testing to identify viable vulnerabilities that may be exploited and propose remediation solutions or mitigation controls.
• Develop security controls and processes for products and services developed and deployed for both on-prem and cloud environments.
• Perform threat modeling, conduct security architecture reviews and provide training to architects and developers to enhance adoption of secure coding practice within the product development lifecycle.
• Provide security related coaching and expertise to drive and elevate security expertise within the development teams.
• Lead security innovation and best practices in product development through collaboration and learning from industry professionals and consortiums

Qualifications and Education Requirements :

• Bachelor’s Degree in Information Technology or the equivalent combination of education, training or experience
• 8 years or more experience in the field of cybersecurity and / or application security
• Expert knowledge in security best practices, principles and common security frameworks such as OWASP, NIST and ISO
• Experience building secure software based on frameworks such OWASP ASVS, BSIMM, or NIST SSDF
• Experience in software development including Java, Python, .Net, and scripting languages
• Knowledge of secure architecture and design patterns for Web, Mobile and Microservices
• Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
• Experience securing cloud infrastructure and applications
• Experience with methodologies and security testing tools for threat analysis of complex applications and services including threat modeling, software fuzzing, static and dynamic analysis and penetration testing.
• Advanced organizational, planning and time management skills
• Advanced communication, presentation and analytical skills
• Desired : Advanced degree in Information Technology, or the equivalent combination of education, training or experience
• Desired : CISSP, CISM or other related Information Security certifications

Hours : Monday - Friday, 8 : 00am - 4 : 30pm

Location : 820 Follin Lane, Vienna, VA 22180 5550 Heritage Oaks Dr Pensacola, FL 32526 141 Security Dr. Winchester, VA 22602 Remote

The specific logistics for returning to campus will be determined at a future date by individual leadership

Salary : Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain

competitive. You are paid within the salary range, based on your experience, location and market position.

The salary range for this position is : $95,600 to $163,500 Annual Salary #LI-Remote

Equal Employment Opportunity

Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans.

EOE / AA / M / F / Veteran / Disability

COVID-19 Vaccine Information

As a COVID-19 safety measure, our employees must either provide proof of COVID-19 vaccination or follow additional safety protocols, including testing.

Disclaimer

Navy Federal reserves the right to fill this role at a higher / lower grade level based on business need. An assessment may be required to compete for this position.

Bank Secrecy Act

Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.

Last updated : 2022-06-21