Review, interpret, and provide guidance related to security frameworks (i.e. NIST, ISO, PCI). Identify information security risks associated with IT and business initiatives impacting information assets and business operations. Provide security consultation, guidance and requirements to IT application and infrastructure leaders, business sponsors and 3rd party business partners.
Perform, or review, technical security assessments of computing environments or software to identify points of vulnerability, non-compliance with established Information Security standards, and recommend mitigation strategies. Collaboratively define baseline security standards and requirements that lead to secure architecture and engineering solutions. Validate and verify security requirements based on established Information Security standards. Assist enterprise architects and software developers in the identification and implementation of appropriate information security controls. We are looking for focuses of knowledge and assessment on software/code or infrastructure, to include cloud or data center.
Required, Desired Knowledge, Skills and Abilities:
• Expertise in performing technical risk evaluations of operating systems, network designs, application and vulnerability assessments and compliance assessments. • Expertise in security policy creation and lifecycle management, auditing methodology, and technology risk assessments. • Experience with assessing and implementing technical controls for software development or infrastructure. • Experience in code analysis, static and dynamic, of .NET/JAVA/SWIFT based applications. • Experience with application testing tools such as WebInspect/Burp and others. • Experience with mobile application security assessments. • Experience with physical and/or cloud infrastructure assessments. • Experience with current and emerging threats and industry frameworks for vulnerability analysis and reporting. • Working knowledge of applications and systems hardening principles and practices. • Working knowledge of Microsoft, Linux and Unix security engineering principals. • Working knowledge of Cloud technologies and security principals. • Working knowledge of Network principles specifically around firewalls, proxies, load balancers and cloud networking. • Strong verbal, written, and interpersonal skills.
Desired: • Bachelor's Degree in Computer Science, Information Security or related field • Information Security certifications(CISSP, CEH, MCSE) • Knowledge of the financial services industry • Strong influence skills, the ability to network and build consensus
Hours: Monday-Friday, 8:00AM-4:30PM
About Navy Federal Credit Union
At Navy Federal our culture is rooted in our Guiding Principles of Service, Commitment and Integrity. We believe that it is an honor and privilege to serve our members and provide them outstanding products and services. That is why we offer our employees a career, not just a job.
Our employee total rewards package includes competitive salaries, incentive programs, comprehensive benefits, retirement plans with employer match, award-winning training programs, professional development programs, tuition assistance and paid leave.
We have large campuses in Vienna and Winchester, Virginia; Pensacola, Florida; and San Diego, California, with over 290 branches around the world.
Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/Disability?