This job posting is no longer active

Information Security Engineer (AppSec Team)

Location: VA Vienna - Headquarters Full/Part Time: Full-Time Regular/Temporary: Regular

Job Description


You have goals, dreams, hobbies and things you’re passionate about.

What’s Important to You Is Important to Us
We’re looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them—friends, family and passions. And we're looking for team members who are passionate about our mission—making a difference in military members' and their families' lives. Together, we can make it happen.

Don’t take our word for it.

  • FORTUNE 100 Best Companies to Work For®
  • Computerworld® Best Places to Work in IT
  • FORTUNE® Best Workplaces for Millennials
  • Forbes® America’s Best Employers


Basic Purpose

Join a team delivering on a mission to advance and mature Navy Federal’s cloud resilience and DevSecOps strategy. A key member of the Secure Innovation & Resiliency (SIR) team, this team member will design, implement, and operationalize capabilities for securing cloud infrastructure and workloads. The successful team member will support the implementation of continuous monitoring practices along with threat and vulnerability discovery capabilities targeting cloud assets. Experience with modern software delivery infrastructure, agile, and/or cloud technology is preferred.


•    Designs, implements, supports and maintains operational security policies and security solutions based on security standards and best practices. Understands the cloud threat landscape and analyzes technical designs and architectures using threat modeling techniques to uncover security risks. Participates in reviewing and analyzing internal projects that may have an impact on security concerns such as identity and access management, secrets management, data protection, configuration management, and infrastructure security. Coordinates with and supports information security efforts and provides guidance on cloud security risks and vulnerabilities.
•    Turns cloud focused policies and standards into automated guardrails using automation and cloud-native security tools. Designs and implements continuous monitoring practices to enforce guardrails. Builds preventive feedback loops to development teams and continuous improvement processes. Implements cloud security posture management and workload protection capabilities. 
•    Develops and implements monitoring and alerting capabilities for security operations and incident response teams. Implements weekly reporting automation to reflect overall cloud compliance and cloud security health and hygiene to senior leadership.
•    Supports a build security in philosophy of risk prevention and cloud resiliency through proactive security awareness training, early lifecycle integration, and continuous security activity. 
•    Participates in new technology evaluations and implementations of information security systems. Researches and evaluates impact of the implementation of new security measures, systems and technologies into the corporate infrastructure, ensuring security best practices are met. Maintains cloud security knowledge by investigating new state-of-the-art technologies and methodologies, attending educational workshops, reviewing technical publications, performing technical hands-on evaluations and making recommendations to Information Security management. Maintains technical certifications in enterprise-wide information security competencies, security architecture, cloud security, and tools development languages.
•    Participates in the design and development of training for technical staff on information security technologies, methodologies, and best practices. Participates in the development of maintenance of formal documentation and procedures for information and cloud security architecture.
•    Performs other related duties as assigned

Qualifications and Education Requirements:

•    Degree in related area or combination of military and/or job experience and certifications
•    Minimum of 7 years of experience that demonstrates knowledge and skill of information security technology
•    Experience that demonstrates knowledge of cloud security analysis and threat modeling techniques
•    Experience that demonstrates knowledge of data security practices and procedures, including risk assessment, authentication technologies, and security attack patterns and defenses
•    Experience with one or more cloud platforms 
•    Experience in project planning and resource management
•    Effective planning and organizational skills
•    Effective research, analytical and problem solving skills
•    Effective verbal, written and interpersonal communication skills, including skill in negotiating and persuading others
•    Ability to present findings and conclusions clearly and concisely
•    Knowledge of NCUA and FFIEC regulations, GLBA, PCI, and other information security requirements and frameworks

Desired Qualifications and Education Requirements:

•    Bachelor Degree in business, information systems or related field
•    CISSP, CISA CCSP or other Information Security certifications
•    Microsoft Azure AZ-500 certification
•    Knowledge of Navy Federal operations
•    Strong knowledge of the financial services industry

Hours: Monday - Friday, 8:00am - 4:30pm

Location: 820 Follin Lane, Vienna, VA 22180

*Due to COVID-19 and social distancing, this position will be temporarily working from home with plans to return to campus at the desired location listed once Navy Federal is back to normal operations. The specific logistics for returning to campus will be determined at a future date by individual leadership* 

Equal Employment Opportunity

Navy Federal values, celebrates, and enacts diversity in the workplace.  Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans.  EOE/AA/M/F/Veteran/Disability


Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need.
An assessment may be required to compete for this position.

Bank Secrecy Act

Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.


Employee Referrals

This position is eligible for the TalentQuest employee referral program. Please indicate the employee who referred you when applying.