Currently, Meijer is looking for an IT Application Security Engineer. The IT Application Security Engineer is considered an application security subject matter expert and is adept at blending industry best practices in application development and secured coding practices. In addition to application security, the Application Security Engineer will be called on to run other security engineering efforts across the entire scope of information security environment. The position assists solution development teams in designing, creating, and implementing secure solutions.
Key Deliverables and Responsibilities:
- Leading and coordinating others in application security project deployments across the organization
- Validating SDLC security checks and balances followed at each step of development processes
- Perform regular assessments of applications in conjunction with the Risk Evaluation group
- Ensure that third party products properly address security (privacy requirements etc.)
- Ensure latest security controls exist on legacy applications
- Managing outsourced development activities
- Defines, communicates, coordinates delivery of, and at times presents secured coding training content to development team members and leadership
- Develops and provides presentations as necessary for IT team members, project and program leaders, IT leadership, business customers and leadership and Senior/Executive-level leadership on application security topics
- Performs and leads others in secured coding reviews of sensitive applications/solutions
- Provide information to IT, business, project, program and portfolio leaders to enable sound business decisions
- Provides application security-focused technical consulting on business projects or system issues
- Utilizes knowledge of industry best practices for project and portfolio management, budget, Methodology and/or IT resource management to recommend and implement necessary changes
- Consults with, mentors and coaches IT and business team members and leadership, project and program managers and vendors on secured coding principles and guidelines
- Provides project management, portfolio, budget, Meijer Methodology, and/or IT resource management standards communication to IT team members, business customers, senior leadership and/or vendors
- Develops and provides presentations as necessary for IT team members, project and program leaders, IT leadership, business customers and leadership and Senior/Executive-level leadership
This job profile is not meant to be all inclusive of the responsibilities of this position; may perform other duties as assigned or required.
- Bachelor’s degree in Information Technology Security, Information Assurance or related discipline or equivalent work experience and technical training is required.
- Agile/Scrum, Lean and/or Six Sigma certification preferred
- CISSP or SANS certification preferred
- Scaled Agile Framework (SAFe) certification preferred
- 5+ years of experience in application development, secured coding, Infrastructure, and/or Information Security
- Extensive experience with and knowledge of Microsoft Visual Studio technology suite, Microsoft SQL Server, Microsoft Office Suite applications
- Strong technical knowledge of authentication and authorization concepts and technologies such as OAuth, SAML, MFA and others.
- Has extensive experience working and coordinating multiple simultaneous projects and programs, including those that are outsourced (vendors, consultants and/or contractors) and cross-functional
- Previous technical lead experiencepreferred
- Comfortable with ambiguity, frequent change, or unpredictability
- Experience with structured design, development, and implementation of new and established computing architectures
- Strong technical knowledge, with hands-on experience managing systems development in new and established computing architectures and environments
- Knowledge of relevant technology, tools, databases, infrastructure, and development techniques is critical
- Excellent project management, organization, and team collaboration skills
- Able to work cross-functionally across IT and the business areas, and with all levels of Meijer team members, project leads, management and vendor partners.