SR Application Security Engineer
Company: BJ's Wholesale Club
Posted on: November 22, 2021
Senior Application Security Engineer with extensive product
security experience and deep expertise in web security, applied
cryptography, software security vulnerabilities, knowledge of IAM
solutions including federation as well as excellent knowledge of
software security standards/best practices to join our team. You
will be the technical subject matter expert for multiple areas of
application and product security. You will be responsible for
performing design reviews, technical security assessments, and code
reviews to highlight risk and help software engineering teams
improve the overall security of our products. You will be a
security leader within the company, gaining a solid understanding
of our products and systems, and ensuring that security is built
in. This position requires both deep and broad technical knowledge
across a range of disciplines, and the ability to work hands-on
across a wide variety of software designs and technology stacks.In
addition to having strong technical skills, you must be comfortable
in effectively communicating with business end users, technical IT
teams, business partners, network providers, and business process
outsourced vendors, all while being sensitive to a wide diversity
of cultural and technical backgrounds in a retail business
environment. Responsibilities include but are not limited to:
- Perform design reviews and technical security assessments to
highlight risk and help software engineering teams improve the
overall security of our products, for both internally developed and
- Design and implement security best practices and standards
across varied software engineering teams and environments.
- Implement and conduct code reviews with a combination of static
testing, manual reviews, and dynamic analysis / pen-testing.
- Conduct threat modelling, identify & drive risk decisions, and
influence technical designs and architectures.
- Engage with developers to provide remediation support.
- Perform security reviews of new services and features.
- Build tools to simplify and automate Vulnerability Management
processes, including environment-specific risk rankings and
- Providing engineering designs to mitigate security
vulnerabilities in new software solutions.
- Performing regular security testing as well as code reviews for
improving the software security
- Maintaining technical documentation related to software
- Ensuring software security at all levels of architecture
- Staying updated with latest tools and advanced industry
practices for software security.
- Advocate for security culture and educate colleagues
- 10+ years of hands-on technical experience.
- Bachelor's degree in Computer Science, Computer Engineering,
Software Engineering, Cybersecurity, Information Security, or a
related technical field.
- In-depth technical and foundational knowledge of software
engineering, computer systems, security engineering,
authentication, and/or applied cryptography.
- Sound knowledge of all procedures, standards, and regulations
for authorization and authentication, applied cryptography, and
- Software engineering experience in all phases of the software
- Strong experience in web security and federation protocols
(SSL/TLS, REST, OAuth, SAML, LDAP-S, SAML, WS-Federation, SCIM,
OAuth, and OIDC, XSS, etc.)
- Experience working with AWS or other cloud environments
- Experience with cloud and web application security standards
(OWASP ASVS, SANS 25, etc.)
- An analytical mind with a problem-solving attitude
- Excellent organizational and communication skills
- Experience with regulatory requirements, and aligning security
standards, frameworks, and corporate policy with overall business
and technology strategy.
- Experience securing operating systems, networks, and low-level
- Experience with attacker tactics, techniques, and procedures,
and corresponding mitigation methods.
Keywords: BJ's Wholesale Club, Worcester , SR Application Security Engineer, Engineering , Westborough, Massachusetts
Didn't find what you're looking for? Search again!