Come join the Exposure Defense & Monitoring team within Navy Federal's Product Security Group. In this role, you will deliver on a dynamic team responsible for security testing, continuous threat discovery and exposure management of Navy Federal cloud workloads. To drive embedding security seamlessly into the product development lifecycle for cloud applications and environments. Serve as a technical interface and subject matter expert working with development teams on securing cloud infrastructure and workloads by designing, implementing, and operationalizing capabilities. Support the implementation of continuous security monitoring practices along with threat and vulnerability prevention, detection, and response capabilities on cloud assets. Works independently under limited supervision and/or in a team environment. Responsibilities • Provide subject matter expertise on secure architecture, design and coding practices based on current knowledge of security threats and vulnerabilities that could impact the technology stack of all major cloud architectures, to include IaaS, PaaS, and SaaS • Secure Business applications and computing environments across public, private or hybrid cloud infrastructures. • Collaborate with dependent teams to develop cloud security standards, AI security guardrails and integrate controls for hardening infrastructure, hardening infrastructure as code, hardening CI/CD pipelines, hardening containers, applications, agentic ai and more. • Strong understanding of the Shared Security Responsibility matrix as it relates to SaaS Security risks • Translate security policies and standards into machine-readable, automated guardrails using cloudnative, open source, custom scripting, and commercial security tools • Design and implement continuous monitoring practices to verify security properties at runtime with continuous feedback to teams responsible for triage, detect tracking, and remediation workflows • Attend regular technical project and implementation meetings, and serve as the security consultant to help guide secure application and infrastructure configurations. • Implement cloud security automation such as cloud security posture management (CSPM) and cloud workload protection capabilities (CWPP), SaaS Security Posture Management (SSPM)Partner with TPRM to ensure SaaS onboarding includes security requirements, SaaS security assessments to include AI security requirements and evidence that controls are functioning • Develop and implement monitoring and contextual incident response alerting patterns targeting cloud infrastructure, SaaS applications, AI-Specific telemetry and runtime assets for the security operations center, including integration with SEIM/SOAR technologies • Manage remediation efforts to support Information Security assessments and reporting metrics to reflect overall security compliance and security health to senior leadership across SaaS, IaaS and PaaS. • Support definition of Secure SDLC standard to include security architecture, design and coding requirements for infrastructure, application and data to align with application security maturity model and adopt a shift-left approach for security • Lead security innovation and best practices in product development through collaboration and learning from industry professionals and consortiums • Perform other duties as assigned Qualifications • Bachelor's Degree in Information Technology or the equivalent combination of education, training or experience • 6 years or more experience in the field of cybersecurity and/or application security • Experience implementing cloud security posture management, workload protection, and cloudnative application protection platform tools, and SaaS security posture management (e.g. Defender for Cloud, Obsidian Security, Adaptive Shield, AppOmni, Prisma Cloud, Orca Security, Wiz.io) • Experience with cloud security analysis and design techniques • Experience with cloud security practices and procedures, including risk assessment, authentication technologies, security monitoring, runtime defenses, and security attack patterns and practices • Experience evaluating and deploying AI security tooling • Advanced knowledge in security best practices, principles, and common security frameworks such as OWASP, NIST and ISO • Experience building secure software based on frameworks such OWASP ASVS, BSIMM, or NIST SSDF • Experience in software development including Java, Python, .NET, and scripting languages • Advanced knowledge of secure architecture and design patterns for Web, Mobile, Microservices, and AI design patterns • Advanced knowledge of current and emerging threats and techniques for exploiting security vulnerabilities • Working knowledge of AI/ML security frameworks and standards including OWASP LLM top 10, OWASP ML top 10, MITRE ATLAS, and NIST AI RMF. • Experience with methodologies and security testing tools for threat analysis of complex applications and services including threat modeling, software fuzzing, static and dynamic analysis and penetration testing. • Advanced organizational, planning and time management skills • Advanced communication, presentation and analytical skills Additional Information Hours: • Monday - Friday, 8:00AM - 4:30PM Locations: • 820 Follin Lane, Vienna, VA 22180 • 5550 Heritage Oaks Drive, Pensacola, FL 32526 • 141 Security Dr. Winchester, VA 22602