Key skills
Secure application designThreat modelingSecure coding practicesObject-oriented programmingOWASP Top 10Agile/Scrum certificationSecurity practices knowledgeSANS/GIAC certificationCISSP certificationCuriosity to learnTask ownershipProject managementJavaC#C++CAgileScrumLeadershipProject ManagementCollaborationOWASP
About this role
Meijer is a family company that serves people and communities, providing career and community opportunities centered around leadership and personal growth. The Senior IT Application Security Engineer will act as a subject matter expert in secure application design and will lead application security initiatives, ensuring security standards are enforced throughout the software development life cycle.
Responsibilities:
- Develop and provide presentations on application security topics to both technical and non-technical audiences
- Advise executive leadership on current and evolving threats to enable risk-informed decisions
- Mentor members of the information security team on matters of application security
- Facilitate third-party penetration tests, triage findings, and create remediation plans with development teams
- Provide tailored remediation guidance to software developers to address security findings
- Provide architectural and security guidance for third-party platforms and services as they integrate into Meijer environments and/or code
- Review the security of third-party/open-source software used by Meijer
- Provide risk-based analysis of security posture to drive business decisions
- Foster relationships with key business partners to create a culture of security and achieve prioritization of security initiatives
- Develop internal security tooling for identifying or remediating security risks
- Assist/lead on matters of application security in the event of an incident
- This job profile is not meant to be all inclusive of the responsibilities of this position. May perform other duties as assigned or required
Requirements:
- Bachelor's degree or above in Computer Science, Information Security, or related field
- At least four years of professional experience, with at least two years in a security field and at least one year with direct experience writing code
- Familiar with object-oriented programming and have written code in one or more programming languages (e.g. C#, Java, C++)
- Familiarity with secure coding best practices such as the OWASP Top 10
- Knowledge of common application architectures and the relative risks associated with them (e.g. single page apps, client-server, native mobile, microservices)
- Foundational knowledge of security practices in several applied contexts, e.g. networking, cloud infrastructure, containerization, operations, audit, or governance
- Knowledge of relevant technology, tools, databases, and development techniques
- Strong focus on team dynamics and interpersonal relationships
- Strong sense of task ownership with consistent follow-through
- Ability to anticipate risks and devise solutions with limited information or context
- Excellent project management, organization, and team collaboration skills
- Curiosity to learn
- Capable of defining and measuring key performance indicators
- Able to work cross-functionally with IT and business partners across all areas of Meijer and vendor partners
- Adaptive, flexible, and responsive to challenges
- Awareness of how security controls influence both internal stakeholders and Meijer customers
- Agile/Scrum, SAFe, or Lean certification preferred
- SANS/GIAC, CompTIA, ISC2 (e.g. CISSP) or other applicable industry certifications preferred