Work with central information protection and application development experts to collaboratively define the baseline security requirements, security architecture and engineering standards and guidelines delivering secure architecture and design. Conduct audit of existing application code and recommend industry best practices in the area, as well as, having the capability to analyze multiple instances of vulnerability patterns that can be traced to single root causes to eliminate existing risks. Conduct audits of production and production-copy systems for potential data access violations. Perform security penetration and vulnerability testing against high risk applications and information classifications. Perform project reviews (ISPR) and develop project review methodologies and guidelines. Ensure existing application security controls in place are adequate or identify those that require improvement. Provide security consulting services to other application and IT teams. Support application security initiatives to ensure the software applications do not pose information risk to the company.
Required Knowledge, Skills and Abilities:
Expertise in application security and the ability to perform assessments using tools such as HP Fortify, WebInspect, Nessus, Nexpose, Burpsuite and open source tools
Perform Static Application Security Testing (SAST), validate findings, assess risk, provide recommendations, and work with application/system owners in remediation efforts
Act as an essential team member of the application security team and support various efforts in IAST and penetration testing
Define, maintain, and enforce application security best practices throughout the SDLC
Research threats and attack vectors that impact applications and infrastructure and stay up-to-date with current application security threats
Research additional application security related tools, conduct tool analysis, and provide recommendations on what tools will enhance security capabilities
Provide guidance to developers and other relevant team members on secure coding standards
Experience in security assessment following OWASP, PCI-DSS, GLBA, and other financial industry standards
Proficient in current and emerging threats and industry frameworks for vulnerability analysis and reporting
Strong verbal, written, and interpersonal skills
Demonstrate ethical behavior, the ability to recognize and deal appropriately with confidential and sensitive information, and maintain the highest levels of confidentiality
Application threat modelling experience
Bachelor's Degree in Computer Science, Information Technology, or related field
Programming experience in Java and/or .NET
Ability to reverse Engineer code
Strong knowledge of the financial services industry
Information security certifications such as OSCP, GWAPT, or CISSP
Hours: Monday through Friday, 8:00 am - 4:30 pm
Equal Employment Opportunity
Navy Federal Credit Union values, celebrates and enacts diversity in the workplace. EOE/AA/M/F/V/D
Employer will assist with relocation costs.
About Navy Federal Credit Union
Navy Federal, the world’s largest credit union, is looking for motivated, enthusiastic employees to help us deliver our world-class service to our 3.3 million members around the globe.
We offer employees a career, not just a job. A career at Navy Federal provides both stability and the opportunity to learn, develop and grow with us. Openings are available at our corporate headquarters in Vienna, Virginia; our Pensacola, Florida campus and our network of worldwide branches.
Our 7,000+ employees enjoy competitive salaries and a wide range of benefits:
Financial planning and retirement plans
Employee incentive programs
Navy Federal's workplace is a smoke-free environment, including buildings, grounds and parking areas.
EOE M/F/D/V - This is a drug- and smoke-free workplace.