WorcesterRecruiter Since 2001
the smart solution for Worcester jobs

SR Application Security Engineer

Company: BJ's Wholesale Club
Location: Westborough
Posted on: November 22, 2021

Job Description:

Senior Application Security Engineer with extensive product security experience and deep expertise in web security, applied cryptography, software security vulnerabilities, knowledge of IAM solutions including federation as well as excellent knowledge of software security standards/best practices to join our team. You will be the technical subject matter expert for multiple areas of application and product security. You will be responsible for performing design reviews, technical security assessments, and code reviews to highlight risk and help software engineering teams improve the overall security of our products. You will be a security leader within the company, gaining a solid understanding of our products and systems, and ensuring that security is built in. This position requires both deep and broad technical knowledge across a range of disciplines, and the ability to work hands-on across a wide variety of software designs and technology stacks.In addition to having strong technical skills, you must be comfortable in effectively communicating with business end users, technical IT teams, business partners, network providers, and business process outsourced vendors, all while being sensitive to a wide diversity of cultural and technical backgrounds in a retail business environment. Responsibilities include but are not limited to:

  • Perform design reviews and technical security assessments to highlight risk and help software engineering teams improve the overall security of our products, for both internally developed and commercial solutions.
  • Design and implement security best practices and standards across varied software engineering teams and environments.
  • Implement and conduct code reviews with a combination of static testing, manual reviews, and dynamic analysis / pen-testing.
  • Conduct threat modelling, identify & drive risk decisions, and influence technical designs and architectures.
  • Engage with developers to provide remediation support.
  • Perform security reviews of new services and features.
  • Build tools to simplify and automate Vulnerability Management processes, including environment-specific risk rankings and prioritizations.
  • Providing engineering designs to mitigate security vulnerabilities in new software solutions.
  • Performing regular security testing as well as code reviews for improving the software security
  • Maintaining technical documentation related to software security.
  • Ensuring software security at all levels of architecture
  • Staying updated with latest tools and advanced industry practices for software security.
  • Advocate for security culture and educate colleagues Requirements
    • 10+ years of hands-on technical experience.
    • Bachelor's degree in Computer Science, Computer Engineering, Software Engineering, Cybersecurity, Information Security, or a related technical field.
    • In-depth technical and foundational knowledge of software engineering, computer systems, security engineering, authentication, and/or applied cryptography.
    • Sound knowledge of all procedures, standards, and regulations for authorization and authentication, applied cryptography, and security vulnerabilities.
    • Software engineering experience in all phases of the software development lifecycle.
    • Strong experience in web security and federation protocols (SSL/TLS, REST, OAuth, SAML, LDAP-S, SAML, WS-Federation, SCIM, OAuth, and OIDC, XSS, etc.)
    • Experience working with AWS or other cloud environments (development/architecture)
    • Experience with cloud and web application security standards (OWASP ASVS, SANS 25, etc.)
    • An analytical mind with a problem-solving attitude
    • Excellent organizational and communication skills
    • Experience with regulatory requirements, and aligning security standards, frameworks, and corporate policy with overall business and technology strategy.
    • Experience securing operating systems, networks, and low-level infrastructure.
    • Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods.

Keywords: BJ's Wholesale Club, Worcester , SR Application Security Engineer, Engineering , Westborough, Massachusetts

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Log In or Create An Account

Get the latest Massachusetts jobs by following @recnetMA on Twitter!

Worcester RSS job feeds