Senior Product Security Engineer

Navy Federal•Pensacola, FL

15h•Onsite

About The Position

Navy Federal Credit Union currently does not provide sponsorship for this role. Applicants must be authorized to work in the United States without the need for current or future sponsorship. Come join the Exposure Defense & Monitoring team within Navy Federal’s Product Security Group. In this role, you will deliver on a dynamic team responsible for security testing, continuous threat discovery and exposure management of Navy Federal cloud workloads. To drive embedding security seamlessly into the product development lifecycle for cloud applications and environments. Serve as a technical interface and subject matter expert working with development teams on securing cloud infrastructure and workloads by designing, implementing, and operationalizing capabilities. Support the implementation of continuous security monitoring practices along with threat and vulnerability prevention, detection, and response capabilities on cloud assets. Works independently under limited supervision and/or in a team environment.

Requirements

Bachelor’s Degree in Information Technology or the equivalent combination of education, training or experience
6 years or more experience in the field of cybersecurity and/or application security
Experience implementing cloud security posture management, workload protection, and cloudnative application protection platform tools, and SaaS security posture management (e.g. Defender for Cloud, Obsidian Security, Adaptive Shield, AppOmni, Prisma Cloud, Orca Security, Wiz.io)
Experience with cloud security analysis and design techniques
Experience with cloud security practices and procedures, including risk assessment, authentication technologies, security monitoring, runtime defenses, and security attack patterns and practices
Experience evaluating and deploying AI security tooling
Advanced knowledge in security best practices, principles, and common security frameworks such as OWASP, NIST and ISO
Experience building secure software based on frameworks such OWASP ASVS, BSIMM, or NIST SSDF
Experience in software development including Java, Python, .NET, and scripting languages
Advanced knowledge of secure architecture and design patterns for Web, Mobile, Microservices, and AI design patterns
Advanced knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
Working knowledge of AI/ML security frameworks and standards including OWASP LLM top 10, OWASP ML top 10, MITRE ATLAS, and NIST AI RMF.
Experience with methodologies and security testing tools for threat analysis of complex applications and services including threat modeling, software fuzzing, static and dynamic analysis and penetration testing.
Advanced organizational, planning and time management skills
Advanced communication, presentation and analytical skills

Responsibilities

Provide subject matter expertise on secure architecture, design and coding practices based on current knowledge of security threats and vulnerabilities that could impact the technology stack of all major cloud architectures, to include IaaS, PaaS, and SaaS Secure Business applications and computing environments across public, private or hybrid cloud infrastructures.
Collaborate with dependent teams to develop cloud security standards, AI security guardrails and integrate controls for hardening infrastructure, hardening infrastructure as code, hardening CI/CD pipelines, hardening containers, applications, agentic ai and more.
Strong understanding of the Shared Security Responsibility matrix as it relates to SaaS Security risks
Translate security policies and standards into machine-readable, automated guardrails using cloudnative, open source, custom scripting, and commercial security tools
Design and implement continuous monitoring practices to verify security properties at runtime with continuous feedback to teams responsible for triage, detect tracking, and remediation workflows
Attend regular technical project and implementation meetings, and serve as the security consultant to help guide secure application and infrastructure configurations.
Implement cloud security automation such as cloud security posture management (CSPM) and cloud workload protection capabilities (CWPP), SaaS Security Posture Management (SSPM)
Partner with TPRM to ensure SaaS onboarding includes security requirements, SaaS security assessments to include AI security requirements and evidence that controls are functioning
Develop and implement monitoring and contextual incident response alerting patterns targeting cloud infrastructure, SaaS applications, AI-Specific telemetry and runtime assets for the security operations center, including integration with SEIM/SOAR technologies
Manage remediation efforts to support Information Security assessments and reporting metrics to reflect overall security compliance and security health to senior leadership across SaaS, IaaS and PaaS.
Support definition of Secure SDLC standard to include security architecture, design and coding requirements for infrastructure, application and data to align with application security maturity model and adopt a shift-left approach for security
Lead security innovation and best practices in product development through collaboration and learning from industry professionals and consortiums
Perform other duties as assigned