Key skills
Secure application designThreat modelingSecure coding practicesOWASP Top 10Object-oriented programmingProgramming languages - C#Programming languages - JavaProgramming languages - C++Application architecturesNetworking securityCloud infrastructure securityContainerization securitySecurity auditSecurity governanceSecurity risk analysisPenetration testingSecurity remediationSecurity trainingSANS/GIAC certificationsCompTIA certificationsISC2 CISSP certificationInterpersonal relationshipsTask ownershipResponsivenessCuriosityProject managementJavaC#C++CAgileScrumLeadershipProject ManagementCollaborationOWASP
About this role
Meijer is a family company dedicated to serving people and communities, and they are seeking an IT Application Security Engineer. This role focuses on secure application design, threat modeling, and secure coding practices, assisting software development teams by ensuring security checks are followed throughout the software development life cycle.
Responsibilities:
- Develop and provide presentations on application security topics to both technical and non-technical audiences, including leadership
- Facilitate third-party penetration tests, triage findings, and create remediation plans with development teams
- Provide tailored remediation guidance to software developers to address security findings
- Provide architectural and security guidance for third-party platforms and services as they integrate into Meijer environments and/or code
- Review the security of third-party/open-source software used by Meijer
- Provide risk-based analysis of security posture to drive business decisions
- Foster relationships with key business partners to create a culture of security and achieve prioritization of security initiatives
- This job profile is not meant to be all inclusive of the responsibilities of this position. May perform other duties as assigned or required
Requirements:
- Bachelor's degree or above in Computer Science, Information Security, or related field
- At least 2-3 years of professional experience, including a minimum of one year writing code, with relevant experience in a security-related field preferred
- Familiar with object-oriented programming and have written code in at least one programming language (e.g. C#, Java, C++)
- Familiarity with secure coding best practices such as the OWASP Top 10
- Knowledge of common application architectures and the relative risks associated with them (e.g. single page apps, client-server, native mobile, microservices)
- Foundational knowledge of security practices in one or more applied contexts, e.g. networking, cloud infrastructure, containerization, operations, audit, or governance
- Knowledge of relevant technology, tools, databases, and development techniques
- Strong focus on team dynamics and interpersonal relationships
- Strong sense of task ownership with consistent follow-through
- Ability to anticipate risks and devise solutions with limited information or context
- Excellent project management, organization, and team collaboration skills
- Curiosity to learn
- Capable of defining and measuring key performance indicators
- Able to work cross-functionally with IT and business partners across all areas of Meijer and vendor partners
- Adaptive, flexible, and responsive to challenges
- Awareness of how security controls influence both internal stakeholders and Meijer customers
- Agile/Scrum, SAFe, or Lean certification preferred
- SANS/GIAC, CompTIA, ISC2 (CISSP) or other applicable industry certifications are a plus