Back to All Jobs
Wawa, PA, USA
1 day ago
Application Security Senior Engineer

Job Description

Job Title: Application Security Senior Engineer

Location: Corporate

Department: Information Technology

Job Summary:  The Application Security Senior Engineer is responsible for operating, supporting, improving and advising on the application security program by ensuring that security is built into all internally developed applications. This role executes all day-to-day operations, functions, and capabilities relating to application security.  Build and operate application security tooling, automation, and engage with developers and product owners to solve application security problems.  The role serves as a subject matter expert in the areas of secure software development at all stages of the SDLC and general information security best practices across all technology domains.  The roleis responsible for improving Wawa’s application security processes to secure and maintain Wawa’s technology.  As a secondary duty, this role will support incident response processes and partner with the Information Security Architecture and Information Security Engineering Team Leads to support overall security engineering processes.

Principal Duties:

Operate and Support the Application Security Program

Research, document, and educate on security topics to both technical and non-technical audiences.Create and deliver security presentations to technical and non-technical internal audiences.Research, design and create security unit tests that are shared with development.Identify gaps and inefficiencies in the Application Security Program on a continual basis, propose, develop and implement solutions.Contribute significantly to the direction of internal security-focused programs.Lead regular meetings of internal security-focused programs.Build security best practices into the software development lifecycle by way of engaging with developers, creating processes, and implementing technology.  Collaborate with developers and product owners to secure applications at all stages.Develop, maintain, and iterate on secure coding practices, policies, standards, and procedures.Test applications against security threats and vulnerabilities.Operate and support application security vulnerability management, partnering with Technology Security Risk and Compliance.Research, identify and communicate current and emerging application security threats and solutions.Create solutions that balance business requirements with information and cyber security requirements.Identify security design gaps in existing and proposed applications and recommend changes or enhancements.Participate in and support application security reviews, penetration tests, and threat modeling.Work with the Technology Security Risk and Compliance, Enterprise Architecture, and other Technology teams to ensure that information security requirements are built into applications.

Provide Strategic Support

Assist in the development of metrics and reporting framework to measure the effectiveness of the program.Partner with the Technology Security Risk and Compliance team to support the development and maintenance of Wawa’s technology security policies and standards and ensure their application to technology architectures.Assist Technology Security Risk and Compliance with ensuring the ongoing compliance with both regulatory obligations and internally developed policies and standards.

Provide support to Technology Security Incident Response team during cyber incidents.

Serve as Security Liaison

Maintain internal networks among information security, information technology, and development teams to ensure support and alignment on initiatives. Create internal network across IT functions.Maintain external networks consisting of industry peers, ecosystem partners, vendors, and other relevant parties to address common trends, findings, and cybersecurity risks.Act as technical consultant for internal business teams and the IT department to plan, implement, and support new and existing software. Serve as an expert in your technical field of knowledge.Support audit and assessment process for IT including annual PCI audit, IT general controls review, and any other audits or assessments of security and general IT controls.Provide application security expertise and guidance on IT and business-related projects as required by the business. Participate in IT and security related projects.Work effectively with business units to facilitate applications security engineering requirements and advocate application security best practices.

Essential Skills:

Ability to maintain and exude a positive attitude by committing to new ideas, being enthusiastic about work, and being helpful to, and thoughtful and considerate of, others across the organization.Proven experience securing custom software.Ability to work well individually and in a team environment.Ability to influence and motivate information technology and business teams to achieve tactical and strategic information security goals.Ability to learn on the job.Ability to track task progress effectively.Experience working with teams of developers and product owners.Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate application security and risk-related concepts to diverse audiences.Poise and ability to act calmly and competently in high-pressure, high-stress situations.Proven track record and experience in developing application security engineering concepts and designs.Must be a critical thinker, with strong problem-solving skills.Ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.Ability to engage in large internal security technology projects and security remediation projects with significant dependencies on external IT teams.Ability to understand large, complex technology implementations spanning hundreds of physical and virtual environments.High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.High degree of initiative, dependability, and ability to work with little supervision while being resilient to change.Ability to be on-call 24x7x365 rotation for information security incidents.

Basic Requirements:

Minimum of 5 years of experience in a complex technology environment, working in the application security engineering field. Proven track record for securing software.Advanced knowledge of containers and container security.Solid knowledge of AWS and AWS security.Advanced knowledge of Java programming.Basic knowledge of Golang programming.Basic knowledge of React and React Native programming.Advanced experience with reading and writing enterprise software.Advanced experience preventing and remediating software security flaws in enterprise software.Up-to-date knowledge of common security weaknesses and flaws, and how to prevent and remediate them.Advanced knowledge of OWASP guidance.Solid knowledge of web-related protocols (TCP/IP, HTTP, HTTPS, REST, etc.).Understanding of relevant legal and regulatory requirements, such as Payment Card Industry Data Security Standard.Degree in computer science preferred, or equivalent professional experience.Professional security management certification is preferred, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Defensible Security Certification (GDSA), Certified Secure Software Lifecycle Professional (CSSLP), Certified Ethical Hacker (CEH), etc.Solid knowledge of common information security management frameworks, such as ISO/IEC 27001, Critical Security Controls, and NIST 800-53 and Cybersecurity Framework.Significant knowledge of application security concepts and technologies such as: SAST, DAST, SCA, IaC, cryptography, authn/authz, API security, etc.Strong understanding of cloud, application security, and software engineering principles. Experience with scripting automation (Python, PowerShell, Unix shell, JavaScript, TypeScript etc.).Proven experience and strong understanding of the DevSecOps and SAFE Agile working methodologies.

Wawa will provide reasonable accommodation to complete an application upon request, consistent with applicable law. If you require an accommodation, please contact our Associate Service Center at asc@wawa.com or 1-800-444-9292.

Wawa, Inc. is an equal opportunity employer. Wawa maintains a work environment in which Associates are treated fairly and with respect and in which discrimination of any kind will not be tolerated. In accordance with federal, state and local laws, we recruit, hire, promote and evaluate all applicants and Associates without regard to race, color, religion, sex, age, national origin, ancestry, familial status, marital status, sexual orientation or preference, gender identity or expression, citizenship status, disability, veteran or military status, genetic information, domestic or sexual violence victim status or any other characteristic protected by applicable law. Unlawful discrimination will not be a factor in any employment decision.

Show More
Save & Apply Later Applying Later... Click to ApplyI AppliedDidn't Apply
Confirm your E-mail: Send Email
Apply for this job
Next Job »
All Jobs from Wawa
19 Wawa jobs in Wawa, PA 267 Wawa jobs in Pennsylvania 1,299 Wawa jobs in US
Next Job »
Search Jobs Wawa Apply Later
Processing Unique Jobs for You: