Senior Cyber Security Application Engineer

Staples   •  

Westminster, CO

Industry: Retail & Consumer Goods


5 - 7 years

Posted 59 days ago

This job is no longer available.

 Job number: 1058627


An Application Security Engineer has responsibility for (1) helping development teams adopt security-focused steps and standards into their Software Development Lifecycle (SDLC) and (2) supporting deployed security testing tools and aiding development teams in examining the relevance of their results.  In this role you will partner with IT Product Teams to encourage their focus on security and guide their remediation of identified scan vulnerabilities.


  • Assist with the evaluation, on-boarding, and management of applications and development teams to the security program
  • Manage vulnerability discovery and remediation efforts from sources like static, dynamic, and open-source web application testing technologies and report on their success
  • Collaborate with internal partners to address security issues and roll-out secure development practices
  • Work closely with development teams to assist with the remediation and risk identification processes
  • Support product teams to meet regular scanning requirements for application security and for assessing PCI compliance
  • Assist and enable the Application Security team in the creation of analytical outputs on the general and specific risk profiles of Staples’ applications
  • Deploy and maintain application security tools and services
  • Assist to enable automated security testing at scale to measure vulnerability density across the organization


  • Bachelor’s degree
  • 5+ years of web or mobile software development experience (Java, C#, JS, Node, etc.)
  • Familiarity with application security concerns and secure coding practices
  • Experience working with Agile development methodologies
  • Superb analytic and problem-solving skills
  • Strong written and oral communication skills
  • A willingness to learn and grow knowledge in the field of application/information security


  • Hands-on application security assessment experience using industry standard DAST/SAST tools (IBM AppScan, Checkmarx, etc.)
  • Industry training in web application defense or similar
  • Certification in the above a plus
  • Knowledge of OWASP, SANS or other security-related standards
  • Experience with automated security scanning and CICD pipeline integration a plus