To perform penetration testing against systems across NFCU in order to identify weaknesses and provide guidance on remediation and prevention. Conduct application, network, wireless, and mobile assessments as well as lead red team campaigns. Assess a wide variety of critical systems and applications to discover exploitable risks to the credit union and improve the risk posture of the organization. Provide findings and remediation guidance to relevant teams and serve as subject matter expert to help engineering teams understand findings and successfully manage risk. Work is performed under limited supervision.
• Independently manage penetration tests from inception through delivery to include: o Scoping assessments and establishing rules of engagement o Designing penetration tests for systems and applications using established assessment frameworks; account for common and unique application and system considerations o Sourcing and leveraging information such as source code, architecture diagrams, etc. to enhance assessment coverage o Coordinating & scheduling testing with engineering teams across the enterprise o Effectively managing relationships and communicating with engineering teams before, during, and after testing o Acting as subject matter expert with engineering teams when communicating results, preventative measures, remediation steps, and other security related information o Acting as a technical lead for multi-resource engagements • Identify and prescribe remediation for vulnerabilities in NFCU applications, systems, and networks • Leverage complex tactics including, but not limited to, lateral movement, network tunneling/pivoting, credential compromise, and hash cracking • Lead red team exercises with a focus on stealth, long campaigns, social engineering, and realistic threats • Enhance testing by identifying novel attack patterns against NFCU systems and applications based on real-world data • Perform attacks consistent with common threats (e.g OWASP top 10) as well as uncommonly observed attacks specific to certain technologies and frameworks • Research and develop exploits for local and remote targets • Craft proofs of concept as well as deployable exploits for both public and novel vulnerabilities • Create and automate custom fuzzing leveraging techniques relevant to NFCU technologies • Develop custom scripts (Nuclei, Python, etc) to check for security requirements specific to individual applications • Communicate complex technical risks concisely to non-technical and executive audiences • Effectively employ OpSec best practices to minimize distribution of vulnerability data • Mentor and support more junior staff across the security organization • Perform other duties as assigned
Qualifications and Education Requirements:
Desired Qualifications and Education Requirements:
• Advanced degree in Information Technology, Electrical Engineering, Computer Science, or the equivalent combination of education, training or experience • At least one of the following certifications: OSCP, OSCE, OSEE, OSWE, OSWP, CREST penetration testing certifications (“Registered” and “Certified” levels such as CRT or CCSAS) • Experience writing enterprise applications or performing techniques such as source code review, pair programming, etc. • Advanced knowledge of Navy Federal’s functions, philosophy, operations and organizational objectives
Hours: Monday - Friday, 8:00am - 4:30pm
Location: 820 Follin Lane, Vienna, VA 22180 or Remote
Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position.
The salary range for this position is: $130,500 - $160,400
Due to COVID-19 and social distancing, this position will be temporarily working from home with plans to return to campus at the desired location listed once Navy Federal is back to normal operations. The specific logistics for returning to campus will be determined at a future date by individual leadership