Senior Product Security Engineer

Overview

Navy Federal Credit Union currently does not provide sponsorship for this role. Applicants must be authorized to work in the United States without the need for current or future sponsorship.

Come join the Exposure Defense & Monitoring team within Navy Federal's Product Security Group. In this role, you will deliver on a dynamic team responsible for security testing, continuous threat discovery and exposure management of Navy Federal cloud workloads. To drive embedding security seamlessly into the product development lifecycle for cloud applications and environments. Serve as a technical interface and subject matter expert working with development teams on securing cloud infrastructure and workloads by designing, implementing, and operationalizing capabilities. Support the implementation of continuous security monitoring practices along with threat and vulnerability prevention, detection, and response capabilities on cloud assets. Works independently under limited supervision and/or in a team environment.

Responsibilities

• Provide subject matter expertise on secure architecture, design and coding practices based on current knowledge of security threats and vulnerabilities that could impact the technology stack of all major cloud architectures, to include IaaS, PaaS, and SaaS
• Secure Business applications and computing environments across public, private or hybrid cloud infrastructures.
• Collaborate with dependent teams to develop cloud security standards, AI security guardrails and integrate controls for hardening infrastructure, hardening infrastructure as code, hardening CI/CD pipelines, hardening containers, applications, agentic ai and more.
• Strong understanding of the Shared Security Responsibility matrix as it relates to SaaS Security risks
• Translate security policies and standards into machine-readable, automated guardrails using cloudnative, open source, custom scripting, and commercial security tools
• Design and implement continuous monitoring practices to verify security properties at runtime with continuous feedback to teams responsible for triage, detect tracking, and remediation workflows
• Attend regular technical project and implementation meetings, and serve as the security consultant to help guide secure application and infrastructure configurations.
• Implement cloud security automation such as cloud security posture management (CSPM) and cloud workload protection capabilities (CWPP), SaaS Security Posture Management (SSPM)Partner with TPRM to ensure SaaS onboarding includes security requirements, SaaS security assessments to include AI security requirements and evidence that controls are functioning
• Develop and implement monitoring and contextual incident response alerting patterns targeting cloud infrastructure, SaaS applications, AI-Specific telemetry and runtime assets for the security operations center, including integration with SEIM/SOAR technologies
• Manage remediation efforts to support Information Security assessments and reporting metrics to reflect overall security compliance and security health to senior leadership across SaaS, IaaS and PaaS.
• Support definition of Secure SDLC standard to include security architecture, design and coding requirements for infrastructure, application and data to align with application security maturity model and adopt a shift-left approach for security
• Lead security innovation and best practices in product development through collaboration and learning from industry professionals and consortiums
• Perform other duties as assigned

Qualifications

• Bachelor's Degree in Information Technology or the equivalent combination of education, training or experience
• 6 years or more experience in the field of cybersecurity and/or application security
• Experience implementing cloud security posture management, workload protection, and cloudnative application protection platform tools, and SaaS security posture management (e.g. Defender for Cloud, Obsidian Security, Adaptive Shield, AppOmni, Prisma Cloud, Orca Security, Wiz.io)
• Experience with cloud security analysis and design techniques
• Experience with cloud security practices and procedures, including risk assessment, authentication technologies, security monitoring, runtime defenses, and security attack patterns and practices
• Experience evaluating and deploying AI security tooling
• Advanced knowledge in security best practices, principles, and common security frameworks such as OWASP, NIST and ISO
• Experience building secure software based on frameworks such OWASP ASVS, BSIMM, or NIST SSDF
• Experience in software development including Java, Python, .NET, and scripting languages
• Advanced knowledge of secure architecture and design patterns for Web, Mobile, Microservices, and AI design patterns
• Advanced knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
• Working knowledge of AI/ML security frameworks and standards including OWASP LLM top 10, OWASP ML top 10, MITRE ATLAS, and NIST AI RMF.
• Experience with methodologies and security testing tools for threat analysis of complex applications and services including threat modeling, software fuzzing, static and dynamic analysis and penetration testing.
• Advanced organizational, planning and time management skills
• Advanced communication, presentation and analytical skills

Additional Information

Hours:

• Monday - Friday, 8:00AM - 4:30PM

Locations:

• 820 Follin Lane, Vienna, VA 22180
• 5550 Heritage Oaks Drive, Pensacola, FL 32526
• 141 Security Dr. Winchester, VA 22602

About Us
Navy Federal provides much more than a job. We provide a meaningful career experience, including a culture that is energized, engaged and committed; and fierce appreciation for our teams, who are rewarded with highly competitive pay and generous benefits and perks.

Our approach to careers is simple yet powerful: Make our mission your passion.

FORTUNE 100 Best Companies to Work For 2026

Yello and WayUp Top 100 Internship Programs 2025

Computerworld Best Places to Work in IT 2026

Most Loved Workplace - America's Top Most Loved Workplaces 2025

2025 PEOPLE Companies That Care

Newsweek Most Trustworthy Companies in America 2026

Military Times 2025 Best for Vets Employers

Forbes 2026 America's Best Large Employers

Forbes 2025 America's Best Employers for New Grads

Forbes 2025 America's Best Employers for Tech Workers

2025 RippleMatch Campus Forward Award Winner for Overall Excellence

Military.com Top Military Spouse Employers 2025

2026 Handshake Early Talent Award

Newsweek America's Greatest Workplaces for Culture, Belonging and Community 2026

From Fortune Magazine. 2026 Fortune Media IP Limited. All rights reserved. Used under license. Fortune and Fortune 100 Best Companies to Work For are registered trademarks of Fortune Media IP Limited and are used under license. Fortune Magazine, Fortune Media (USA) Corporation, and its affiliates are not affiliated with, and do not endorse products or services of, Navy Federal Credit Union.

Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to age, race, sex, color, religion, national origin, disability, veteran status, pregnancy, sexual orientation, genetic information, gender identity or any other basis protected by applicable law.

Accommodations: If you need accommodation or assistance for a qualifying condition to complete the online application (or during any stage of the hiring process), you can contact Navy Federal's Medical Accommodations team at or by calling 1-. This team cannot provide any information on job postings or application status.

Disclaimers: Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position. Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team's discretion based on qualified applicant volume. Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position. For additional details regarding compensation and benefits, review the Benefits page of the Navy Federal Career Site.

Protect Yourself from Job Scams: Navy Federal Credit Union jobs are posted on our career site, jobs.navyfederal.org and reputable job boards (e.g., LinkedIn, Indeed). We do not post jobs on social media marketplaces, messaging apps or unverified websites. We will never ask candidates for payment, bank details or personal financial information during the hiring process.

Bank Secrecy Act: Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.