Senior Information Security Analyst (Application Security)

Employer
Navy Federal Credit Union
Location
Vienna, VA
Posted
May 17, 2018
Closes
May 21, 2018
Industry
Security
Hours
Full Time
Employee Perks Why You Will Love Being Part of the Navy Federal Team: *Competitive compensation with opportunities for annual raises, promotions, and bonus potential*Best-in-Class Benefits! (7% 401k match / Pension plan / Tuition reimbursement / Great insurance options)*On-site amenities include fitness center, wellness center, cafeteria, etc. at Pensacola, FL; Vienna, VA and Winchester, VA campuses*Consistently Awarded Top Workplace*Nationally recognized training department by TRAINING Magazine IND123*An employee-focused, diverse, and service-oriented workplace environment Basic Purpose Work with central information protection and application development experts to collaboratively define the baseline security requirements, security architecture and engineering standards and guidelines delivering secure architecture and design. Conduct audit of existing application code and recommend industry best practices in the area, as well as, having the capability to analyze multiple instances of vulnerability patterns that can be traced to single root causes to eliminate existing risks. Conduct audits of production and production-copy systems for potential data access violations. Perform security penetration and vulnerability testing against high risk applications and information classifications. Perform project reviews (ISPR) and develop project review methodologies and guidelines. Ensure existing application security controls in place are adequate or identify those that require improvement. Provide security consulting services to other application and IT teams. Support application security initiatives to ensure the software applications do not pose information risk to the company.Required Knowledge, Skills and Abilities:* Expertise in application security and the ability to perform assessments using tools such as HP Fortify, WebInspect, Nessus, Nexpose, Burpsuite and open source tools* Perform Static Application Security Testing (SAST), validate findings, assess risk, provide recommendations, and work with application/system owners in remediation efforts * Act as an essential team member of the application security team and support various efforts in IAST and penetration testing * Define, maintain, and enforce application security best practices throughout the SDLC * Research threats and attack vectors that impact applications and infrastructure and stay up-to-date with current application security threats * Research additional application security related tools, conduct tool analysis, and provide recommendations on what tools will enhance security capabilities* Provide guidance to developers and other relevant team members on secure coding standards* Experience in security assessment following OWASP, PCI-DSS, GLBA, and other financial industry standards* Proficient in current and emerging threats and industry frameworks for vulnerability analysis and reporting* Strong verbal, written, and interpersonal skills* Demonstrate ethical behavior, the ability to recognize and deal appropriately with confidential and sensitive information, and maintain the highest levels of confidentiality* Application threat modelling experienceDesired:* Bachelor's Degree in Computer Science, Information Technology, or related field* Programming experience in Java and/or .NET* Ability to reverse Engineer code* Strong knowledge of the financial services industry* Information security certifications such as OSCP, GWAPT, or CISSP Hours: Monday through Friday, 8:00 am - 4:30 pm Equal Employment Opportunity Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/Disability

Similar jobs