Navy Federal Credit Union

Senior Product Security Engineer

Navy Federal Credit Union$100K — $130K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's Degree in Information Technology or equivalent experience
  • 6+ years in cybersecurity or application security
  • Experience with cloud security tools like Defender for Cloud and Prisma Cloud
  • Proficient in cloud security analysis and design techniques
  • Knowledge of modern authentication technologies and security practices
  • Familiarity with AI security tooling and frameworks
  • Understanding of OWASP, NIST, and ISO security standards

Responsibilities

  • Provide expertise on secure architecture and design practices
  • Secure business applications across cloud infrastructures
  • Collaborate to develop and integrate cloud security standards
  • Translate security policies into automated guardrails
  • Design continuous monitoring practices for security verification
  • Serve as a security consultant in technical meetings
  • Implement cloud security automation and posture management

Benefits

  • Flexibility in work hours
  • Potential for professional development opportunities
  • Collaboration within a dynamic security team
  • Opportunity to work with cutting-edge technology
  • Support from leadership in secure application development
Full Job Description
Job Description

Navy Federal Credit Union currently does not provide sponsorship for this role. Applicants must be authorized to work in the United States without the need for current or future sponsorship.

Come join the Exposure Defense & Monitoring team within Navy Federal's Product Security Group. In this role, you will deliver on a dynamic team responsible for security testing, continuous threat discovery and exposure management of Navy Federal cloud workloads. To drive embedding security seamlessly into the product development lifecycle for cloud applications and environments. Serve as a technical interface and subject matter expert working with development teams on securing cloud infrastructure and workloads by designing, implementing, and operationalizing capabilities. Support the implementation of continuous security monitoring practices along with threat and vulnerability prevention, detection, and response capabilities on cloud assets. Works independently under limited supervision and/or in a team environment.

Responsibilities

  • Provide subject matter expertise on secure architecture, design and coding practices based on current knowledge of security threats and vulnerabilities that could impact the technology stack of all major cloud architectures, to include IaaS, PaaS, and SaaS
  • Secure Business applications and computing environments across public, private or hybrid cloud infrastructures.
  • Collaborate with dependent teams to develop cloud security standards, AI security guardrails and integrate controls for hardening infrastructure, hardening infrastructure as code, hardening CI/CD pipelines, hardening containers, applications, agentic ai and more.
  • Strong understanding of the Shared Security Responsibility matrix as it relates to SaaS Security risks
  • Translate security policies and standards into machine-readable, automated guardrails using cloudnative, open source, custom scripting, and commercial security tools
  • Design and implement continuous monitoring practices to verify security properties at runtime with continuous feedback to teams responsible for triage, detect tracking, and remediation workflows
  • Attend regular technical project and implementation meetings, and serve as the security consultant to help guide secure application and infrastructure configurations.
  • Implement cloud security automation such as cloud security posture management (CSPM) and cloud workload protection capabilities (CWPP), SaaS Security Posture Management (SSPM)Partner with TPRM to ensure SaaS onboarding includes security requirements, SaaS security assessments to include AI security requirements and evidence that controls are functioning
  • Develop and implement monitoring and contextual incident response alerting patterns targeting cloud infrastructure, SaaS applications, AI-Specific telemetry and runtime assets for the security operations center, including integration with SEIM/SOAR technologies
  • Manage remediation efforts to support Information Security assessments and reporting metrics to reflect overall security compliance and security health to senior leadership across SaaS, IaaS and PaaS.
  • Support definition of Secure SDLC standard to include security architecture, design and coding requirements for infrastructure, application and data to align with application security maturity model and adopt a shift-left approach for security
  • Lead security innovation and best practices in product development through collaboration and learning from industry professionals and consortiums
  • Perform other duties as assigned


Qualifications

  • Bachelor's Degree in Information Technology or the equivalent combination of education, training or experience
  • 6 years or more experience in the field of cybersecurity and/or application security
  • Experience implementing cloud security posture management, workload protection, and cloudnative application protection platform tools, and SaaS security posture management (e.g. Defender for Cloud, Obsidian Security, Adaptive Shield, AppOmni, Prisma Cloud, Orca Security, Wiz.io)
  • Experience with cloud security analysis and design techniques
  • Experience with cloud security practices and procedures, including risk assessment, authentication technologies, security monitoring, runtime defenses, and security attack patterns and practices
  • Experience evaluating and deploying AI security tooling
  • Advanced knowledge in security best practices, principles, and common security frameworks such as OWASP, NIST and ISO
  • Experience building secure software based on frameworks such OWASP ASVS, BSIMM, or NIST SSDF
  • Experience in software development including Java, Python, .NET, and scripting languages
  • Advanced knowledge of secure architecture and design patterns for Web, Mobile, Microservices, and AI design patterns
  • Advanced knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
  • Working knowledge of AI/ML security frameworks and standards including OWASP LLM top 10, OWASP ML top 10, MITRE ATLAS, and NIST AI RMF.
  • Experience with methodologies and security testing tools for threat analysis of complex applications and services including threat modeling, software fuzzing, static and dynamic analysis and penetration testing.
  • Advanced organizational, planning and time management skills
  • Advanced communication, presentation and analytical skills

Additional Information

Hours:
  • Monday - Friday, 8:00AM - 4:30PM

Locations:
  • 820 Follin Lane, Vienna, VA 22180
  • 5550 Heritage Oaks Drive, Pensacola, FL 32526
  • 141 Security Dr. Winchester, VA 22602


About Navy Federal Credit Union

Navy Federal Credit Union is a credit union that serves members of the military and their families. The credit union offers a range of financial products and services, including checking and savings accounts, loans, and credit cards. Navy Federal Credit Union was founded in 1933 and is headquartered in Vienna, Virginia. The credit union has more than 9 million members and operates more than 300 branches across the United States and around the world.
Learn more about Navy Federal Credit Union
Size
18,000 employees
Industry
Founded
1933

Similar Jobs

More Jobs at Navy Federal Credit Union

More Information Technology Jobs

Find similar Senior Product Security Engineer jobs: