Sr Application Security Engineer

Responsibilities

H-E-B is a leading innovator in technology, and recently we’ve been investing in our customers’ digital experience. Our Digital Technology Partners collaborate to design, construct, implement, and support technology solutions, using the best available technologies to deliver modern engagement, reliability, and scalability to meet customer needs. 

 

As a Senior Application Security Engineer, you'll collaborate with internal business teams and external vendors to gather requirements, create, and validate specifications, and deploy cutting-edge technical solutions aligned with security needs. You'll also provide coaching and mentoring of junior AppSec Engineers and share your expertise with other engineering teams. 

 

Once you’re eligible, you’ll become an Owner in the company, so we’re looking for commitment, hard work, and focus on quality and Customer service. “Partner-owned” means our most important resources—People—drive the innovation, growth, and success that make H-E-B The Greatest Omnichannel Retailing Company. 

 

Do you have a: 

HEART FOR PEOPLE… a strong collaborative mindset? 

HEAD FOR BUSINESS… an ownership mentality? consistent track record of delivering timely, high-quality software? 

PASSION FOR RESULTS… drive to guide discussions and remove roadblocks as your team identifies challenges? 

 

We are looking for: 

• 5+ years of experience developing / supporting system and security solutions in medium to large size enterprises. 

 

What is the work? 

Design & Development / Information Technology: 

• Masters CI / CD pipelines; creates patterns of automation, infrastructure deployment, maintenance, monitoring, security, and compliance using industry and enterprise best practices. 

• Designs security standards for teams; integrates platform, including container and vulnerability management tools within CI / CD pipelines. 

• Serves as SME for application security; provides guidance on industry best practices / defense in-depth strategies for security posture of cloud-based digital platforms. 

• Collaborates with project teams on testing / evaluation of new solutions, tests cloud configurations and infrastructure for vulnerabilities. 

• Ensures cloud infrastructure complies with security and compliance control requirements. 

• Designs / develops / documents / automates / implements security infrastructure in code. 

• Creates concise documentation to formalize security processes and guardrails for other Engineers. 

• Guides development teams to apply secure automation patterns / encourage secure software development lifecycle (SSDLC) best practices. 

• Coaches and mentors other engineers 

 

What is your background? 

• A related degree or comparable formal training, certification, or work experience 

• 5+ years of experience developing / supporting system and security solutions in medium to large size enterprises. 

• 3+ years of experience building / integrating systems in cloud and on-premises environments using enterprise source code management tools and automation tooling. 

• Proficiency in multiple technology stacks such as (SQL, JavaScript, Java, Golang, Python, and Haskell). 

• Proficiency in multiple platforms such as Docker, Kubernetes, Tomcat, AWS, and GCP. 

• Expert knowledge in computer science fundamentals such as data structures, algorithms, and design patterns. 

• Advanced knowledge in system architecture and design and capable of architecting and designing at the application or service level. 

• One or more professional security certifications (e.g., OSCP, OSWE; cloud certifications from AWS, Azure, or GCP) 

 

Do you have what it takes to be an H-E-B Senior Application Security Engineer? 

• Strong working understanding of web applications, web servers, application firewalls, frameworks, and protocols related to web application development, deployment, and operation in the cloud. 

• Familiarity with log analysis, application performance monitoring, API security, container security, AWS cloud security, Agile and other project management methodologies, PCI DSS, HIPAA, and related regulations 

• Strong skills in AWS, Azure, or Google Cloud Platform; Terraform, CloudFormation, Pullum, or Ansible; Python, Golang, PowerShell, Perl, or Shell script. 

• Strong skills in Linux-based and Windows Server operating systems management, secrets management, and vaulting technologies 

• Strong skills using APIs to optimize tasks / achieve automation. 

• Strong skills in cloud resources: virtual networking, access controls (security groups and ACLs), service endpoints, application / network load balancing, API gateways, service principals, functions / serverless, storage buckets, containers, block storage, file shares 

• Strong interpersonal skills 

• Strong organization skills 

• Ability to work well under pressure 

 

Can you... 

• Function in a fast-paced, retail, office environment 

• Work extended hours / sit for extended periods.