Manager, Global Application Security

Navy Federal Credit Union Vienna , VA 22181

Posted 2 months ago

Email

Job Description

YOUR LIFE'S MISSION: POSSIBLE

You have goals, dreams, hobbies and things you're passionate about.

What's Important to You Is Important to Us

We're looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them-friends, family and passions. And we're looking for team members who are passionate about our mission-making a difference in military members' and their families' lives. Together, we can make it happen.

Don't take our word for it.

  • FORTUNE 100 Best Companies to Work For

  • Computerworld Best Places to Work in IT

  • FORTUNE Best Workplaces for Millennials

  • Forbes America's Best Employers

  • PEOPLE Companies That Care

IND123

Basic Purpose

To plan, build and run its Software Security Group (SSG). This thought leader will help ensure NFCU's in house developed software is secure while enabling developers and business units to build and release at their own pace.

Responsibilities:

  • Lead application security strategy and implementation

o Applying enterprise-wide thought leadership to build out and execute our global application security program strategy

o Embed software security best practices into the SDLC while reducing friction and dependencies on Information Security by enabling the development organization

o Plan, implement and track key initiatives focused on product / application security strategy, metrics, compliance, policy, developer awareness, training and stakeholder engagement.

o Lead a team of technical experts who partner with IT (ISD) and business teams in releasing software that meets the organization's security and compliance requirements

o Effective management of projects or issues of high complexity and visibility, requiring an individual who can quickly think on their feet, challenge the status quo, and rapidly move from ideation to delivery, working across multiple organizations, countries and cultures.

o Lead a team of high performing individuals who create remediation plans, perform security reviews, and recommend security solutions to meet current and future needs for NFCU products and applications.

o Demonstrate an ability to influence all project and portfolio stakeholders; communicate relevant security information to both executive leaders and individual contributors in an effective manner.

o Create and provide leadership to an effective security champion program embedded in development teams

o Play a key role in maturing and automating application security testing processes

o Actively guide the application development teams to help them comply with published Policies and Standards

o Provide input into the Information Security strategy to ensure that future security investments are aligned appropriately when considering key priorities such as business requirements, industry threat landscape, and risk appetite

o Drive the development and implementation of standard security review processes that result in effective methods for reducing security risks before product releases.

o Influence all project and portfolio stakeholders; communicate relevant security information to both executive leaders and individual contributors in an effective manner.

o Run project budgets and scope as well as conduct resource planning for risks that are proactively identified

  • Drive application security awareness through the organization

o Communicate security directives to all employees including but not limited to Team Members, Leadership and Executives when required.

o Work closely with multiple teams that make up Information Security, IT (ISD), Product Management, Engineering, Legal, Risk and Compliance to improve product / application security controls and drive impactful change to the team and its members

o Develop and lead the evangelization of an application security strategy to support strategic initiatives in application modernization, DevSecOps, and public cloud adoption

  • Act as a subject matter expert for application security needs

o Partner with architects and application development teams in secure software design and development

o Provide technical guidance to developers on writing code securely and remediating software security weaknesses

o Apply knowledge of software security and application development industry trends and technology to align the requisite software security practices with modern development methodologies

o Partner with technology, product development and business leaders to promote security awareness and integration of security into the product lifecycle

o Evaluate, design and implement testing processes that accurately identify and track remediation of software security weaknesses

o Aid in the automation of implementing security controls within development lifecycle

  • Perform supervisory/managerial responsibilities

o Ensure adequate/skilled staffing; select employees

o Establish performance goals and priorities

o Prepare, conduct and review performance appraisals

o Develop, mentor and counsel staff

o Provide input and/or prepare budget requirements for Annual Financial Plan (AFP)

o Ensure section/business unit goals and objectives align with division/department strategy

o Ensure efficiency of operations

o Leadership Level

  • Supervise daily activities
  • Perform other duties as assigned

Qualifications and Education Requirements:

  • Thought leader in application security

  • 7+ years of application development experience in languages such as Java, C, .NET, and Ruby

  • Solid understanding of Secure DevOps methodologies and previous experience driving adoption and implementation of security practices within DevOps environments

  • Previous experience working with agile teams

  • Familiarity with key software security frameworks and maturity models (e.g. BSIMM, OpenSAMM, OWASP)

  • Good verbal, written, and interpersonal communication skills

  • Ability to evangelize, sell, and influence

  • Proven experience building, leading, motivating, growing, and mentoring a team of engineers and security practitioners

  • Secure SDLC methodologies experience

  • Working knowledge of SAST, DAST, IAST, RASP and WAF.

  • Working knowledge of public cloud service providers (e.g. Azure, AWS, GCP)

  • Ability to identify and manage complex issues and negotiate solutions

  • Demonstrated experience handling the demand/supply of project and program resources and tracking allocation.

Desired Qualifications and

Education Requirements:
  • Experience in application security consulting

  • Application security experience in the banking / financial services industry

  • Hands-on experience with common defensive programming techniques

  • MBA and/or CISM, CISSP preferred

  • B.S. in Computer Science (with focus on information security), or a related field. M.S. preferred

  • 8-12 years of experience leading and developing teams focused in the areas of Security Architecture, Secure Development Lifecycle Management, Application Security in web and mobile, Cloud Security, Risk and Compliance; should include comprehensive experience as a business/process leader or as a leader in an IT role

  • Demonstrated experience leading direct reports, as well as teams within large cross functional projects

  • Consistent record of being results orientated with demonstrated ability to achieve bold goals.

  • Extraordinary communication skills, including the ability to gather relevant data and information, actively listen, dialogue freely, verbalize ideas effectively, negotiate tense situations successfully, and handle and resolve conflict

  • Proven presentation and facilitation skills

  • Demonstrated expertise of building a consensus across business partners and technology leaders and influencing successful outcomes

  • Must excel working in team-oriented roles that rely on ability to collaborate with others

  • Experience working successfully in a highly matrixed organization

Hours: Monday

  • Friday, 8:00am

  • 4:30pm

Location: 820 Follin Lane, Vienna, VA 22180

Equal Employment Opportunity

Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/Disability

Disclaimer

Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need.

Bank Secrecy Act

Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Application Developer (Usda Fam)

Criterion Systems

Posted 2 weeks ago

VIEW JOBS 5/12/2020 12:00:00 AM 2020-08-10T00:00 Overview At Criterion Systems, we developed a different kind of business-a company whose real value is a reputation for excellence built upon the collective skills, talents, perspectives, and backgrounds of its people. By accepting a position with Criterion Systems, you will join a group of professionals with a collaborative mindset where we share ideas and foster professional development to accomplish our goals. In addition to our great culture, we also offer competitive compensation and benefit packages, company-sponsored team building events, and advancement opportunities. To find out more about how Criterion can help you take your career to the next level please visit our website: www.criterion-sys.com. Criterion provides resources for Operations and Maintenance (O&M) support to the Forest Service's Fire and Aviation Management IT (FAM IT) team. We support 15 applications related primarily to Wildland Fire and On Call support 24 x 7 x 365. We also provide enhancement development support. Criterion Systems is looking to hire an Application Developer. This candidate will work and support the customer remotely. The right candidate will have exp At Criterion Systems, we developed a different kind of business-a company whose real value is a reputation for excellence built upon the collective skills, talents, perspectives, and backgrounds of its people. By accepting a position with Criterion Systems, you will join a group of professionals with a collaborative mindset where we share ideas and foster professional development to accomplish our goals. In addition to our great culture, we also offer competitive compensation and benefit packages, company-sponsored team building events, and advancement opportunities. Exprience providing Operations & Maintenance support on existing applications, and managing enhancement releases. The successful candidate will support the USDA Fire Aviation and Management (FAM) Application O&M application team and have the following skills: Responsibilities * Proven success in debugging and resolving issues in existing Java based systems and delivering releases and emergency code fixes as required. * Ability to interface successfully with customer/client to drive high customer satisfaction ratings and generated new development work. * Experience with completing applications development by coordinating requirements, schedules, and activities; contributing to team meetings; troubleshooting development and production problems across multiple environments and operating platforms. * Experience with supporting users by developing documentation and reports. •Ability to support On-Call tier 3 escalation function (schedule rotates through all team members) * Self-motivated, professional with proven experience. Flexible, team-player. * Highly skilled at debugging and resolving issues in existing Java based systems. * Strong knowledge of Java 6 or above. * Working knowledge of Eclipse based IDE's and SVN. * Working knowledge of JPA, ORM, Hibernate. * Working knowledge of Spring Framework. * Working knowledge of Java Messaging Service, Active MQ, Oracle, MS SQL or Postgres databases. * Confident knowledge of XML, SQL, CSS, HTML. * Familiarity with Jasper Reports, Tomcat/J2EE Server * Familiarity with Apache Flex * Familiarity with caching, threading, synchronization concepts * Strong working knowledge of software architecture and design/re-design experience especially in the Java application space * Familiar with UNIX/LINUX and Windows systems * Updates job knowledge by researching new Internet/intranet technologies and software products; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations Qualifications * Minimum of 5 years of experience providing JAVA based applications * Bachelor's degree or recent equivalent experience, with a major in a field that provides substantial knowledge useful for managing IT requirements. Four years of experience can be used in lieu of degree. * US Citizenship * Ability to receive public trust security clearance * Experience with the mix of the following: Java, Eclipse, UNIX/LINUX, SQL database, Teamwork, Verbal Communication, Software Requirements, Software Development Process, Object-Oriented Design (OOD), Software Debugging * Ability to work remotely and support after hours (if needed) Criterion Systems, Inc. is committed to equal employment opportunity and non-discrimination at all levels of our organization. We believe in treating all applicants and employees fairly and make employment decisions without regard to any individual's protected status: race, ethnicity, color, national origin, ancestry, religion, creed, sex/gender, gender identify/gender expression, sexual orientation, physical and mental disability, marital/parental status, pregnancy (including childbirth, lactation, and related medical conditions), age, genetic information (including characteristics and testing), military and veteran status, or any other characteristic protected by law. For our complete EEO/AA and Pay Transparency statement, please visit https://careers-criterion-sys.icims.com/. Criterion Systems Vienna VA

Manager, Global Application Security

Navy Federal Credit Union