Senior Cloud Security Engineer (Threat Discovery & Analysis)

Company: Navy Federal Credit Union
Location: Pensacola
Posted on: September 11, 2023

Job Description:

Overview
Come join the Threat Discovery & Analysis (TDA) team within Navy Federal's Cloud Security Group. In this role, you will deliver on a dynamic team responsible for threat modeling, security testing, and continuous threat discovery of Navy Federal cloud workloads. To drive embedding security seamlessly into the product development lifecycle for cloud applications and environments. Serve as a technical interface and subject matter expert working with development teams on securing cloud infrastructure and workloads by designing, implementing, and operationalizing capabilities. Support the implementation of continuous security monitoring practices along with threat and vulnerability prevention, detection, and response capabilities on cloud assets. Works independently under limited supervision and/or in a team environment.
Responsibilities
Provide subject matter expertise on secure architecture, design and coding practices based on current knowledge of security threats and vulnerabilities that could impact the technology stack
Leverage and develop automated techniques for continuously identifying cloud infrastructure and workload risks
Develop approaches for hardening cloud native containers starting with the build all the way through the lifecycle including the run time environment
Collaborate with dependent teams to develop cloud security standards and verify controls are implemented for hardening infrastructure, hardening infrastructure as code, hardening CI/CD pipelines, and hardening containers
Translate cloud security policies and standards into machine-readable, automated guardrails using cloud-native, open source, custom scripting, and commercial security tools
Design and implement continuous monitoring practices to verify security properties at runtime with continuous feedback to teams responsible for triage, detect tracking, and remediation workflows
Develop and implement monitoring and contextual incident response alerting patterns targeting cloud infrastructure and runtime assets for the security operations center, including integration with SEIM/SOAR technologies
Support definition of Secure SDLC standard to include security architecture, design and coding requirements for infrastructure, application and data to align with application security maturity model and adopt a shift-left approach for security
Lead security innovation and best practices in product development through collaboration and learning from industry professionals and consortiums
Perform other duties as assigned
Qualifications
Bachelor's Degree in Information Technology or the equivalent combination of education, training or experience
6 years or more experience in the field of cybersecurity and/or application security
Experience implementing cloud security posture management, workload protection, and cloud-native application protection platform tools (e.g. Defender for Cloud, Aqua, Prisma Cloud, Orca, Wiz)
Experience with one or more cloud platforms (e.g. Azure, Amazon, Oracle, GCP)
Experience with methodologies and security testing tools for threat analysis of complex applications and services including threat modeling, software fuzzing, static and dynamic analysis and penetration testing.
Build automation for continuous cloud asset discovery and configuration management
Implement cloud security automation such as cloud security posture management (CSPM) and cloud workload protection capabilities (CWPP)
Implement automation to support Information Security reporting metrics to reflect overall cloud compliance and cloud security health to senior leadership
Experience in software development including Java, Python, .Net, and scripting languages --- Experience with cloud security analysis and design techniques
Experience with cloud security practices and procedures, including risk assessment, authentication technologies, security monitoring, runtime defenses, and security attack patterns and practices
Advanced knowledge in security best practices, principles, and common security frameworks such as OWASP, NIST and ISO
Experience building secure software based on frameworks such OWASP ASVS, BSIMM, or NIST SSDF
Advanced knowledge of secure architecture and design patterns for Web, Mobile and Microservices
Advanced knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
Experience securing cloud infrastructure and applications
Advanced organizational, planning and time management skills
Advanced communication, presentation and analytical skills
Desired Qualifications and Education Requirements
Advanced degree in Information Technology, or the equivalent combination of education, training or experience
Experience with Azure DevOps, Kubernetes, Splunk, and Tanzu/Pivotal Cloud Foundry technologies
Experience with ARM and Infrastructure as code
Proficient with Azure Resource Graph and Kusto Query and scripting languages
CISSP, CISM or other related Information Security certifications
Advanced knowledge of Navy Federal's functions, philosophy, operations and organizational objectives
Hours: Monday - Friday, 8:00AM - 4:30PM
Location: 820 Follin Lane, Vienna VA Heritage Oaks Dr. Pensacola, FL Security Dr. Winchester, VA 22602 Remote
Navy Federal is now hybrid! Our standard enterprise requirement for a hybrid schedule is to report onsite 4-16 days each month. The number of days reporting onsite will ultimately be determined by the employee's leadership and business unit needs. You will learn more throughout the hiring and onboarding process.
About Us
You have goals, dreams, hobbies, and things you're passionate about-what's important to you is important to us. We're looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them-friends, family, and passions. And we're looking for team members who are passionate about our mission-making a difference in military members' and their families' lives. Together, we can make it happen. Don't take our word for it:
--- Military Times 2022 Best for Vets Employers
--- WayUp Top 100 Internship Programs
--- Forbes 2022 The Best Employers for New Grads
--- Fortune Best Workplaces for Women
--- Fortune 100 Best Companies to Work For
--- Computerworld Best Places to Work in IT
--- Ripplematch Campus Forward Award - Excellence in Early Career Hiring
--- Fortune Best Place to Work for Financial and Insurance Services
Equal Employment Opportunity: Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/Disability EOE/AA/M/F/Veteran/Disability
Disclaimers: Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position. Job postings are subject to close early or extend out longer than the anticipated closing date at the hiring team's discretion based on qualified applicant volume. Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position
Bank Secrecy Act: Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.

Keywords: Navy Federal Credit Union, Pensacola , Senior Cloud Security Engineer (Threat Discovery & Analysis), Engineering , Pensacola, Florida