IT Sr Security Engineer

This position requires to be working in office, 3 - 4 days per week, from our Bala Cynwyd, PA office.

Job Summary

Pep Boys is seeking a highly skilled and experienced security engineer to lead the design, implementation and management of secure software development practices across our organization. This role will be responsible for integrating, automating and enabling security as a function into the software development lifecycle (SDLC), conducting code reviews, implementing and managing security tools and collaborating with the development teams to ensure secure application delivery. Further, this security engineer will be responsible for supplementing defense in depth, threat hunting and security operations in order to enhance Pep Boys security posture and resiliency.

Key Responsibilities

• Lead the application security program and define secure coding standards and best practices.
• Design and implement appropriate and relevant application security architecture into CI/CD pipelines and development workflows.
• Perform threat modeling, code reviews, and vulnerability assessments on internal and third-party applications.
• Develop and deliver secure coding training and awareness programs for developers.
• Monitor and respond to application-layer security incidents and provide root cause analysis and remediation opportunities.
• Ensure compliance with relevant security standards (e.g. OWASP, NIST, PCI-DSS).
• Review and contribute to security architecture and design decisions for new and existing applications.
• Collaborate with software engineers, DevOps, and QA teams to remediate vulnerabilities and improve security posture.         

Education and Experience

• Bachelor's degree in relevant field preferred.
• 8 - 10 years of overall relevant experience
• 5+ years of experience in application security, software development, or other security related roles.
• Strong understanding of web application architecture, API's and secure coding principles.
• Hands-on experience with security tools (i.e., Burp Suite, Metasploit, Veracode, etc...)
• Proficiency in one or more programming languages (e.g., Java, Pythoong, JavaScript)
• Familiarity with Artificial Intelligence and Large Language Models
• Familiarity with DevSecOps practices and CI/CD tools (e.g., Jenkins, GitHub Actions, etc...)

Knowledge, Skills and Abilities

• Knowledge of cloud security (AWS) and container security (Docker, Kubernetes, ECS)
• Ability to perform threat modeling aligned with threat modeling frameworks
• Knowledge of regulatory and compliance requirements (SOX 404, PCI-DSS)
• Ability to apply common security frameworks to development lifecycles (i.e., OWASP API, OWASP Top 10, etc…)
• Strong analytical, communication and problem-solving skills.
• Able to implement SAST/DAST tools into CI/CD pipelines.
• Able to travel up to 25%

Physical Demands/Work Environment:

• Repetitive movement of hands and fingers, typing or writing.
• Talk and hear.
• Ability to work under tight time constraints, handle sensitive date and multi-task so that deadlines can be met.
• High organized and able to prioritize and manage time efficiently with the ability to handle stress in a fast-paced, deadline driven environment.
• The physical demands described above are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Pep Boys is an equal opportunity employer that does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.

#LI-AE1