Senior Information Security Analyst (Application Security)

  • Location: FL Pensacola - GPO
  • Full/Part Time: Full-Time
  • Regular/Temporary: Regular

Job Description

Share:

Employee Perks

Why You Will Love Being Part of the Navy Federal Team:

*Competitive compensation with opportunities for annual raises, promotions, and bonus potential
*Best-in-Class Benefits! (7% 401k match / Pension plan / Tuition reimbursement / Great insurance options)
*On-site amenities include fitness center, wellness center, cafeteria, etc. at Pensacola, FL; Vienna, VA and Winchester, VA campuses
*Consistently Awarded Top Workplace
*Nationally recognized training department by TRAINING Magazine IND123
*An employee-focused, diverse, and service-oriented workplace environment

Basic Purpose

Work with central information protection and application development experts to collaboratively define the baseline security requirements, security architecture and engineering standards and guidelines delivering secure architecture and design. Conduct audit of existing application code and recommend industry best practices in the area, as well as, having the capability to analyze multiple instances of vulnerability patterns that can be traced to single root causes to eliminate existing risks.  Conduct audits of production and production-copy systems for potential data access violations. Perform security penetration and vulnerability testing against high risk applications and information classifications. Perform project reviews (ISPR) and develop project review methodologies and guidelines.  Ensure existing application security controls in place are adequate or identify those that require improvement. Provide security consulting services to other application and IT teams.  Support application security initiatives to ensure the software applications do not pose information risk to the company.

Required Knowledge, Skills and Abilities:

•    Expertise in application security and the ability to perform assessments using tools such as HP Fortify, WebInspect, Nessus, Nexpose, Burpsuite and open source tools
•    Perform Static Application Security Testing (SAST), validate findings, assess risk, provide recommendations, and work with application/system owners in remediation efforts 
•    Act as an essential team member of the application security team and support various efforts in IAST and penetration testing 
•    Define, maintain, and enforce application security best practices throughout the SDLC 
•    Research threats and attack vectors that impact applications and infrastructure and stay up-to-date with current application security threats 
•    Research additional application security related tools, conduct tool analysis, and provide recommendations on what tools will enhance security capabilities
•    Provide guidance to developers and other relevant team members on secure coding standards
•    Experience in security assessment following OWASP, PCI-DSS, GLBA, and other financial industry standards
•    Proficient in current and emerging threats and industry frameworks for vulnerability analysis and reporting
•    Strong verbal, written, and interpersonal skills
•    Demonstrate ethical behavior, the ability to recognize and deal appropriately with confidential and sensitive information, and maintain the highest levels of confidentiality
•    Application threat modelling experience

Desired:
•    Bachelor's Degree in Computer Science, Information Technology, or related field
•    Programming experience in Java and/or .NET
•    Ability to reverse Engineer code
•    Strong knowledge of the financial services industry
•    Information security certifications such as OSCP, GWAPT, or CISSP   

Hours:  
Monday through Friday, 8:00 am - 4:30 pm

Equal Employment Opportunity

 

Navy Federal values, celebrates, and enacts diversity in the workplace.  Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans.  EOE/AA/M/F/Veteran/Disability