Senior Product Security Engineer

Overview

To embed security seamlessly into the product development lifecycle. Work with development and engineering teams across the enterprise to enhance the security of our applications through automation, security reviews, and DevSecOps best practices. Collaborate with NFCU teams and vendors to determine security requirements and support or automate security across all phases of product integration, operations, and maintenance to ensure a secure Navy Federal environment. Work under minimal supervision and use complete understanding of business needs and objectives to support projects that have impact on the achievement of operational goals. Advanced skill set and proficiency with procedures and techniques.

Responsibilities

• Guide the integration of security best practices into product design and engineering efforts as well as software development lifecycles (SDLC)
• Support development teams with secure code reviews and other assessments to identify security weaknesses and vulnerabilities
• Support and maintain the Secure SDLC standard to include security architecture, design and coding requirements for infrastructure, application and data to align with application security maturity model and adopt a shift-left approach for security
• Conduct application security reviews, including code reviews, threat modeling, and static and dynamic analysis
• Implement automated security controls as part of CICD pipelines
• Identify and develop relevant security controls and processes for products and services developed and deployed across Navy Federal on-prem and cloud environments
• Establish and maintain secure coding standards and best practices to provide guidance and training to development teams on security best practices
• Build working relationships with team members and subject matter experts
• Lead small projects and initiatives

Qualifications

• Bachelor's Degree in Computer Science or the equivalent combination of education, training or experience
• 5-7 years of experience in security engineering
• Complete knowledge and understanding of business area/specialization
• Advanced skill with application security and software development in one or more programming languages such as C#, Java, Python, etc.
• Experience with security tools such as SAST, DAST, IAST, SCA and other security tools
• Advanced knowledge of industry-standard security frameworks such as OWASP, NIST, BSIMM etc.
• Experience with CICD pipeline, security tools integration and secure SDLC
• Experience collaborating with cross functional engineering and product teams to scale secure SDLC
• Advanced knowledge of secure architecture and design patterns for Web, Mobile and Microservices
• Advanced knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
• Advanced skill using methodologies and security testing tools for threat analysis of complex applications and services including threat modeling, software fuzzing, static and dynamic analysis

Hours: Monday - Friday, 8:00AM - 4:30PM

Location: 820 Follin Lane, Vienna, VA 22180 | 5510 Heritage Oaks Drive, Pensacola, FL 32526 | 141 Security Drive, Winchester, VA 22602

About Us
Navy Federal provides much more than a job. We provide a meaningful career experience, including a culture that is energized, engaged and committed; and fierce appreciation for our teams, who are rewarded with highly competitive pay and generous benefits and perks.

Our approach to careers is simple yet powerful: Make our mission your passion.

Best Companies for Latinos to Work for 2024

Computerworld Best Places to Work in IT

Forbes 2025 America's Best Large Employers

Forbes 2024 America's Best Employers for New Grads

Forbes 2024 America's Best Employers for Tech Workers

Fortune Best Workplaces for Millennials 2024

Fortune Best Workplaces for Women 2024

Fortune 100 Best Companies to Work For 2025

Military Times 2024 Best for Vets Employers

Newsweek Most Loved Workplaces

2024 PEOPLE Companies That Care

Ripplematch Recruiting Choice Award

Yello and WayUp Top 100 Internship Programs

From Fortune . 2025 Fortune Media IP Limited. All rights reserved. Used under license. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of, Navy Federal Credit Union.

Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected Veteran.

Disclaimers: Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position. Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team's discretion based on qualified applicant volume. Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position

Bank Secrecy Act: Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.