Manager, Global Application Security

Location: VA Vienna - Headquarters Full/Part Time: Full-Time Regular/Temporary: Regular

Job Description


You have goals, dreams, hobbies and things you’re passionate about.

What’s Important to You Is Important to Us
We’re looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them—friends, family and passions. And we're looking for team members who are passionate about our mission—making a difference in military members' and their families' lives. Together, we can make it happen.

Don’t take our word for it.

  • FORTUNE 100 Best Companies to Work For®
  • Computerworld® Best Places to Work in IT
  • FORTUNE® Best Workplaces for Millennials
  • Forbes® America’s Best Employers
  • PEOPLE® Companies That Care


Basic Purpose

To plan, build and run its Software Security Group (SSG).  This thought leader will help ensure NFCU’s in house developed software is secure while enabling developers and business units to build and release at their own pace. 


• Lead application security strategy and implementation
   o Applying enterprise-wide thought leadership to build out and execute our global application security program strategy
   o Embed software security best practices into the SDLC while reducing friction and dependencies on Information Security by enabling the development organization
   o Plan, implement and track key initiatives focused on product / application security strategy, metrics, compliance, policy, developer awareness, training and stakeholder engagement.
   o Lead a team of technical experts who partner with IT (ISD) and business teams in releasing software that meets the organization’s security and compliance requirements
   o Effective management of projects or issues of high complexity and visibility, requiring an individual who can quickly think on their feet, challenge the status quo, and rapidly move from ideation to delivery, working across multiple organizations, countries and cultures.
   o Lead a team of high performing individuals who create remediation plans, perform security reviews, and recommend security solutions to meet current and future needs for NFCU products and applications.
   o Demonstrate an ability to influence all project and portfolio stakeholders; communicate relevant security information to both executive leaders and individual contributors in an effective manner.
   o Create and provide leadership to an effective security champion program embedded in development teams
   o Play a key role in maturing and automating application security testing processes
   o Actively guide the application development teams to help them comply with published Policies and Standards
   o Provide input into the Information Security strategy to ensure that future security investments are aligned appropriately when considering key priorities such as business requirements, industry threat landscape, and risk appetite
   o Drive the development and implementation of standard security review processes that result in effective methods for reducing security risks before product releases.
   o Influence all project and portfolio stakeholders; communicate relevant security information to both executive leaders and individual contributors in an effective manner.
   o Run project budgets and scope as well as conduct resource planning for risks that are proactively identified
• Drive application security awareness through the organization
   o Communicate security directives to all employees including but not limited to Team Members, Leadership and Executives when required.
   o Work closely with multiple teams that make up Information Security, IT (ISD), Product Management, Engineering, Legal, Risk and Compliance to improve product / application security controls and drive impactful change to the team and its members
   o Develop and lead the evangelization of an application security strategy to support strategic initiatives in application modernization, DevSecOps, and public cloud adoption
• Act as a subject matter expert for application security needs
   o Partner with architects and application development teams in secure software design and development
   o Provide technical guidance to developers on writing code securely and remediating software security weaknesses
   o Apply knowledge of software security and application development industry trends and technology to align the requisite software security practices with modern development methodologies
   o Partner with technology, product development and business leaders to promote security awareness and integration of security into the product lifecycle
   o Evaluate, design and implement testing processes that accurately identify and track remediation of software security weaknesses
   o Aid in the automation of implementing security controls within development lifecycle
• Perform supervisory/managerial responsibilities
   o Ensure adequate/skilled staffing; select employees
   o Establish performance goals and priorities
   o Prepare, conduct and review performance appraisals
   o Develop, mentor and counsel staff
   o Provide input and/or prepare budget requirements for Annual Financial Plan (AFP)
   o Ensure section/business unit goals and objectives align with division/department strategy
   o Ensure efficiency of operations
   o Leadership Level – Supervise daily activities
• Perform other duties as assigned

Qualifications and Education Requirements:

• Thought leader in application security
• 7+ years of application development experience in languages such as Java, C, .NET, and Ruby
• Solid understanding of Secure DevOps methodologies and previous experience driving adoption and implementation of security practices within DevOps environments
• Previous experience working with agile teams
• Familiarity with key software security frameworks and maturity models (e.g. BSIMM, OpenSAMM, OWASP)
• Good verbal, written, and interpersonal communication skills
• Ability to evangelize, sell, and influence
• Proven experience building, leading, motivating, growing, and mentoring a team of engineers and security practitioners
• Secure SDLC methodologies experience
• Working knowledge of SAST, DAST, IAST, RASP and WAF.
• Working knowledge of public cloud service providers (e.g. Azure, AWS, GCP)
• Ability to identify and manage complex issues and negotiate solutions
• Demonstrated experience handling the demand/supply of project and program resources and tracking allocation.

Desired Qualifications and Education Requirements:

• Experience in application security consulting
• Application security experience in the banking / financial services industry
• Hands-on experience with common defensive programming techniques
• MBA and/or CISM, CISSP preferred
• B.S. in Computer Science (with focus on information security), or a related field.  M.S.  preferred
• 8-12 years of experience leading and developing teams focused in the areas of Security Architecture, Secure Development Lifecycle Management, Application Security in web and mobile, Cloud Security, Risk and Compliance; should include comprehensive experience as a business/process leader or as a leader in an IT role
• Demonstrated experience leading direct reports, as well as teams within large cross functional projects
• Consistent record of being results orientated with demonstrated ability to achieve bold goals.
• Extraordinary communication skills, including the ability to gather relevant data and information, actively listen, dialogue freely, verbalize ideas effectively, negotiate tense situations successfully, and handle and resolve conflict
• Proven presentation and facilitation skills
• Demonstrated expertise of building a consensus across business partners and technology leaders and influencing successful outcomes
• Must excel working in team-oriented roles that rely on ability to collaborate with others
• Experience working successfully in a highly matrixed organization

Hours: Monday - Friday, 8:00am - 4:30pm

Location: 820 Follin Lane, Vienna, VA 22180

Equal Employment Opportunity

Navy Federal values, celebrates, and enacts diversity in the workplace.  Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans.  EOE/AA/M/F/Veteran/Disability


Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need.

Bank Secrecy Act

Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.