Responsibilities H-E-B is a leading innovator in technology, and recently we've been investing in our customers' digital experience. Our Digital Technology Partners collaborate to design, construct, implement, and support technology solutions, using the best available technologies to deliver modern engagement, reliability, and scalability to meet customer needs. The Manager of Application Security Engineering manages professional individual contributors and / or supervisors who exercise latitude and independence. Often leads one or more departments / teams. As a Manager Application Security Engineering, you will lead efforts to protect software by overseeing secure coding, vulnerability management, threat modeling, incident response, setting policies, performing audits, training developers, and ensuring regulatory compliance to build secure applications and strengthen overall cyber posture. You will interface with various teams throughout all of H-E-B Digital and guide them in their use of application security tools, systems and processes. You will mentor and lead your team of Partners to develop and educate on the optimal use of application security tools, systems and processes as well as support application teams when responding to cyber incidents. Once you're eligible, you'll become an Owner in the company, so we're looking for commitment, hard work, and focus on quality and Customer service. 'Partner-owned' means our most important resources--People--drive the innovation, growth, and success that make H-E-B The Greatest Omnichannel Retailing Company. Do you have a: HEART FOR PEOPLE... ability to lead a team? HEAD FOR BUSINESS... skills to combine people management and technical know-how? PASSION FOR RESULTS... drive to oversee application security engineering at H-E-B? We are looking for: You have a Bachelor’s in Computer Science or a related field You have 5+ years of experience working in Application Security roles You have 2+ years of experience leading Application Security teams You have an expert understanding of application security principles and best practices You are highly proficient with security assessment tools and techniques You have an in-depth knowledge of common web application vulnerabilities such as OWASP Top 10 Security certifications such as CISSP, CISM, or CEH are a plus Constantly staying abreast of latest security threats, tools and innovations on the field What is the work? Manages activities of two or more sections or departments. Exercises supervision in terms of costs, methods, and staffing. Leads team / department and undertakes coaching and mentoring responsibilities. A portion of time may be spent performing individual tasks related to the department / team or function. Strategy and Policy: Develop and implement application security strategies, protocols and standards Vulnerability Management: Oversee scanning, testing(penetration testing), risk assessment, and remediation of vulnerabilities Secure Development: Champion secure coding practices and integrate security into the Software Development Life Cycle Threat and risk: Conduct threat modeling, identify potential threats, and assess risks to applications Leadership and training: Manage application security teams, educate developers and staff on security best practices, and manage security vendors. Recruit, hire, and directly supervise a high-performing team of application security engineers Leads / coaches / provides effective feedback; provides day-to-day technical leadership; communicates connection between Partners and impact to operational objectives Recommends changes in alignment with business strategy Provides leadership and expertise; participates in cross-functional initiatives; ensures Partners maintain sufficient technical knowledge; identifies training requirements Ensures area budget, schedule, and performance objectives are met Assists in developing budgets and goals Ensures all technology decisions align with H-E-B direction and focus on total cost of ownership Ensures automation, infrastructure deployment, maintenance, monitoring, security, and compliance using industry and enterprise best practices Compliance: Collaborate with GRC(Governance, Risk, Compliance) team to ensure applications meet regulatory requirements(PCI, HIPAA,SOX) Security tools: Manage and maintain security tools and technologies Work with development teams to address and resolve security vulnerabilities Do you have what it takes to be an H-E-B Manager Application Security Engineering? Senior management defines / reviews manager objectives to determine success of operation. Has latitude to make decisions in achievement of defined goals. Erroneous decisions will result in critical delay(s) in schedules and / or Department / team operations which may jeopardize overall business activities. - Broad knowledge of the field with proven leadership skills - Familiarity with log analysis, application performance monitoring, API security, container security, AWS cloud security, Agile and other project management methodologies, PCI DSS, HIPAA, and related regulations - Strong skills in AWS, Azure, or Google Cloud Platform; Terraform, CloudFormation, Pulumi, or Ansible; Python, Golang, PowerShell, Perl, or Shell script - Strong skills in Linux-based and Windows Server operating systems management, secrets management, and vaulting technologies - Strong skills using APIs to optimize tasks / achieve automation - Strong skills in cloud resources: virtual networking, access controls (security groups and ACLs), service endpoints, application / network load balancing, API gateways, service principals, functions / serverless, storage buckets, containers, block storage, file shares - Strong leadership / management skills - Strong interpersonal skills JDSECURITY SEC3232