What you'll do...
Walmart continues to grow an elite Information Security team and is looking for a talented and experienced Application Security Engineer to join our Application Security practice! Walmart Technology is on the cutting edge of many security issues for a wide variety of platforms and technologies including cloud services, Internet of things (IoT), identity and access management, mobile devices, virtualization, AI and Robotics and custom hardware, all operating at massive scale and if you want to be a part of the Information Security team that develops innovative solutions that balance security and business priorities, this is the job for you! As an Application Security Engineer, you will be expected to be strong in multiple domains and provide significant contributions to the Walmart Information Security team and to multiple groups throughout Walmart. Security engineers are expected to develop elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices. You are also expected to mentor more junior engineers and be a security thought leader for the organization.
You’ll sweep us off our feet if….
- Strong, proven experience providing secure design guidance for diverse application portfolios
- Strong, proven experience integrating application security into SDLC and CI/CD processes including automated workflows
You’ll make an impact by…
- Collaborating with our development constituents – Partner closely with product and software development teams to securely design applications and services.
- Identifying application risks on a global scale - Create threat models for enterprise applications to identify attack vectors and threats.
- Creating and advocating the use of sound security patterns - Develop and promote repeatable secure development practices for the global development ecosystem.
- Building enterprise frameworks and secure components - Develop secure application frameworks and libraries for enterprise consumption.
- Integrating security early in the development lifecycle - Guide product and software development teams with integrating security controls in the software development lifecycle.
- Influencing secure design - Serve as an application security subject matter expert in enterprise design reviews.
- Evolving and improving capabilities - Continuously evaluate application security practices and implement improvements that foster speed and agility.
- Maturing our global application security posture - Build data analytics and metrics to track the effectiveness of the App Sec program.
What you’ll do…
- Directs coordination between large projects and the technical execution plan by converting requirements into viable technical solutions; assisting in the development and evaluation of detailed technical specifications, performance criteria, and test criteria; assisting project management with timeline creation; evaluating and recommending vendor products; ensuring regulatory compliance; developing implementation procedures and standards; and integrating third-party solutions into the enterprise environment.
- Maintains and advances security expertise by reviewing new technologies; maintaining knowledge of current security standards (for example, NIST 800-53, ISO27001, Cloud Security Alliance); participating in continuing education and training (for example, relevant industry certifications, forums); maintaining expert level knowledge of enterprise technologies; teaching techniques and methodologies to Security Technical staff; attending industry technology events with key suppliers (for example, conferences, collaboration meetings); reviewing peer submissions prior to publication; and building commitment for perspectives and rationales (for example, white papers, security recommendations).
- Leads technical direction and coordination between large projects and the technical execution plan by converting requirements into viable technical solutions per security standards; providing security consulting services for all stakeholders; leading in the development and evaluation of detailed technical specifications, performance criteria, and test criteria; assisting with timeline development; evaluating and recommending vendor products; ensuring regulatory compliance; creating security product roadmaps; developing implementation procedures and standards; integrating security third party solutions into the enterprise environment; collaborating with other stakeholders to ensure the security of solutions; and challenging suppliers to improve technology.
- Leads implementation of diverse advanced technology solutions to increase security posture by leading feasibility studies, proof of concept, product comparison, and/or optimization analyses; participating in project artifact and technical reviews; challenging suppliers to improve technology; researching technology and software development for secure information technology solutions; assessing risk and compliance of solutions and technologies; delivering technology strategy presentations to diverse audiences; leading teams in the resolution of complex technical issues; and collaborating with others (for example, engineers, architects, Legal) to conduct research and to set or adopt industry standards.
What you’ll bring…
- You have 10+ years Information Security experience
- You have 7+ years proven experience in Application Security
- You have a strong, proven experience providing secure design guidance for diverse application portfolios
- You have a strong, proven experience integrating application security into SDLC and CI/CD processes including automated workflows
- You have a passion for developing relevant security solutions that are agile and perform at scale
- You have Strong communication skills with the ability to articulate and translate security and risk management terminology in business terms
- You have high standards and can hold project contributors accountable
- You’re stimulated by challenges and are ready to engage at Fortune 1 scale
About Global Tech
Imagine working in an environment where one line of code can make life easier for hundreds of millions of people and put a smile on their face. That’s what we do at Walmart Global Tech. We’re a team of 15,000+ software engineers, data scientists and service professionals within Walmart, the world’s largest retailer, delivering innovations that improve how our customers shop and empower our 2.2 million associates. To others, innovation looks like an app, service or some code, but Walmart has always been about people. People are why we innovate, and people power our innovations. Being human-led is our true disruption.
Working virtually this year has helped us make quicker decisions, remove location barriers across our global team, be more flexible in our personal lives and spend less time commuting. Today, we are reimagining the tech workplace of the future by making a permanent transition to virtual work for most of our team. Of course, being together in person is an important part of our culture and shared success. We’ll collaborate in person at a regular cadence and with purpose.
Walmart, Inc. is an Equal Opportunity Employer – By Choice. We believe we are best equipped to help our associates, customers and the communities we serve live better when we really know them. That means understanding, respecting and valuing diversity- unique styles, experiences, identities, ideas and opinions – while being inclusive of all people.
Outlined below are the required minimum qualifications for this position. If none are listed, there are no minimum qualifications.
Bachelor’s degree in Information Technology, Computer Science, or related field and 6 years' experience in information technology or related field within the last 10 years OR 8 years' experience in information technology or related field within the last 10 years.
Outlined below are the optional preferred qualifications for this position. If none are listed, there are no preferred qualifications.
Analyzing malware, Analyzing network packet captures (for example, WireShark, Snort, Bro, Suricata, Netwitness, At least three of the following technologies: security incident and event management (SIEM), intrusion defense system (IDS), intrusion prevention system (IPS), Firewall, Antivirus, Web Proxies, Authentication, Cryptography, Unix/Windows server administration, and/or network administration, Certified Intrusion analyst (GCIAs), GIAC Reverse Engineering Malware (GREM), GIAC Penetration Testing Certification (GPEN), GIAC Certified Enterprise Defender (GCED), Certified Geographic Information Systems Professional (GISP), GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), Cisco Certified Network Associate (CCNA), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), GIAC Security Essentials Certification (GSEC), Offensive Security Certified Professional (OSCP), and/or Security Cisco Certified Networking Professional – Security (CCNP-Security), Creating and presenting technical strategies and technical solution recommendations, Designing and implementing technical solutions, Integrating new technologies into existing technology portfolio, Leading a cross-functional team, One of the following scripting/programming languages: Python, Perl, Powershell, VB Script, Ruby, PHP, Bash, C, C++, C#, or .Net, Securing applications, operating systems, or networks
805 SE MOBERLY LN, BENTONVILLE, AR 72712, United States of America