What you'll do...

Position: Senior Security Engineer

Job Location: 10790 Parkridge Blvd, Reston, VA 20191

Duties: Application Security Acumen: Independently develop secure application frameworks and libraries for enterprise-wide use. Identifies security weaknesses and vulnerabilities in code and software throughout the SDLC. Recommends and promotes secure development techniques, tools, and frameworks. Assesses security controls based on cybersecurity principles. Requirement And Scoping Analysis: Explore relevant products/solutions from an existing repertoire, that can address business/technical needs. Assess gaps/ updates/ modifications between the customer/business expectations and the existing product/solutions (in case of agile methodology, for the iteration). Classify the requirements into applicable types (For example - Functional/Non-Functional, Derived/Imposed/Emergent etc.). Anticipate the solution risks / issues during requirements gathering phase, inform relevant stakeholders and recommend corrective steps. Contribute to the creation of user stories for component/application/complex (For agile methodology). Architecture Acumen: Decompose the product/platform architecture into multiple components and modules and define architectural specifications for each module; Design the plan for customizing the product/platform architectural layout and define technical priorities for the architecture; Define the architecture blueprint for the product/solution/platform; Prepare architecture documents and presentations defining the rationale and implications of architectural decisions; Evaluate system performance and scalability and provide tuning recommendations that could be both for the underlying technology stack or any other design changes to achieve better performance; Identify the tech stack for the product in line with the business needs and technology strategy. Code Development and Testing: Write code to develop the required solution and application features by determining the appropriate programming language and leveraging business, technical, and data requirements. Creates test cases to review and validate the proposed solution design. Creates proofs of concept. Tests the code using the appropriate testing approach. Deploys software to production servers. Contributes code documentation, maintains playbooks, and provides timely progress updates. Cyber Risk Management: Contribute towards development of cyber risk assessment and/or management techniques to identify security gaps and weaknesses in the business. Designs cyber risk assessments by consolidating insights from the business and various functions. Identifies cyber security risks, threats and vulnerabilities, and their impact on the organization. Identifies possible treatments for cyber risks, threats and vulnerabilities identified. Identifies and propose implementation of endorsed mitigation measures to address security gaps. Managing Functional Partnerships: Build, maintain and enhance effective internal and external partnerships; clearly draft valuable information and seek input. Influence technical outcomes and assist in communicating shared goals with diverse groups and parties by linking their interests to that of the business. Identify and address additional partner technical needs and educate them on value creation. Communicate with other individuals or teams to solve shared business problems cooperatively. Consults regularly with leaders of business unit(s), serve to advise on business strategy decisions. Bring ideas and technical solutions proactively to the business partners and stakeholders. Demonstrates up-to-date expertise and applies this to the development, execution, and improvement of action plans by providing expert advice and guidance to others in the application of information and best practices; supporting and aligning efforts to meet customer and business needs; and building commitment for perspectives and rationales.

Minimum education and experience required: Bachelor’s degree or the equivalent in Computer Science, Information Technology, Engineering, Information Systems, Cybersecurity, or related field plus 3 years of experience in application security or a related experience; OR 5 years of experience in application security or a related experience.

Skills required: Must have experience with: API automation for security tools management and workflow integration using scripting language; Different network and application layer protocols like TCP/IP, IPV4, IPV6, SSL, TLS, HTTP, HTTPs, DNS etc.; Multiple vendors (like Akamai, Cloudflare, Imperva, AWS) Web application Firewall (WAF) for security policy configuration, tuning, enforcement, and DDoS mitigation solutions' designing and implementation; Regular Expressions (RegEx) for writing custom Web Application Firewall (WAF) signatures and log queries to fetch logs; CDN (Content delivery Network) Traffic flow and Implementation and designing of CDN configuration for different applications; Designing and implementing different Bot Manager mitigation solutions (Akamai, Cloudflare); Log analysis using different log collection tools like Cloud monitor, Splunk, Sumologic; Mitigating Cyber attacks like Account Takeover attacks (ATO), Price scraping, Cross-site scripting, SQL injection etc. using custom solutions on Web Application Firewall (WAF); Using troubleshooting tools like Wireshark, tcpdump, Fiddler, Burp Proxy; and Root Cause analysis of complex network/security issues. Employer will accept any amount of experience with the required skills.

#LI-DNP #LI-DNI

Wal-Mart is an Equal Opportunity Employer.