This job has expired, please see additional jobs below
Staff Security Threat Engineer - AppDev
Kohls
Menomonee Falls, WI, United States
Job Details - this job has expired, please see similar jobs below
Position Objective:
This position is responsible for the coordination of company-wide application security controls, participating in system design reviews, and maintaining information security policies and standards. Translate Kohl's business requirements into system, application or process designs to support overall security requirements. Assess applications for compliance to coding standards and identifying security weaknesses.
Responsibilities:
Responsible for application integrity, testing, hardening, and intrusion prevention for various applications. Drive security and process improvements to software development lifecycle (SDLC).
• Partner with internal product development teams
• Advocate application security and best practices
• Participate in business logic and solution architecture
• Challenge assumptions affecting integrity and confidentiality
• Scrutinize data collection, validation, handling, and retention
• Reduce or eliminate unneeded functionality, complexity, attack surface area
• Ensure appropriate application log detail is generated to identify and investigate abuse
• Oversee conduct of code reviews, refine the code review process
• Provide guidance, and assist as needed, with secure source code reviews
• Identify opportunities for developer training
• Review, recommend, and research new technology, process, or policy to support mission
• Recommend solutions that scale, drive consistency, and reduce human effort
• Maintain applicable programing language and threat detection proficiency
• Participate in training and education to maintain skill relevancy
• Conduct architecture reviews of new initiatives
• Assistance in building reference architecture patterns
Required Qualifications:
• Direct experience with secure application development and application security risk mitigation techniques--knowledge of the common application layer vulnerabilities and the ability to explain these risks to developers
• Experience working in devops, continuous integration and Agile, including design of security solutions, including creating artifacts, models, and strategy presentations
• Exposure to cloud-agile applications is a plus
• Experience bringing security designs and secure development practices into Agile development environments, QA teams, and Product, through implementation (use cases, technical specifications, verification and testing methods, etc.)
• Solid technology background with the ability to challenge or validate technology decisions from a position of knowledge and experience
• Ability to rapidly assimilate business strategies and apply creative problem solving solution
• Developing secure coding practices
• Validating and remediating application vulnerabilities
• A combination of: Code review, static testing, dynamic testing, and/or application penetration testing
• Effectively communicating security issues with developers and business leaders
• Exploration and validation of business logic
• Identifying or defining needed internal standards & frameworks
• Bachelor's Degree in MIS, Computer Science (or related field)
• Candidate has 5-7 years of experience in application security, security assessment, or related field