Application Security Engineer (Digital) Job

BJ's Wholesale Club was the first retailer to introduce the warehouse club concept in the northeastern United States. Today, we’re a multibillion dollar operation with more than 200 clubs in 16 states from Maine to Florida.

While our Members know us for helping them save up to 25% off grocery prices every day, our Team Members  love us for providing a supportive and engaging workplace that’s committed to developing great talent.

If you’re a motivated and enthusiastic person who enjoys working collaboratively and is committed to providing great service for our Members, we want to hear from you. BJ’s offers a fast-paced, team environment with great training opportunities and competitive salary and benefits packages to help you  succeed.

As an Application Security Engineer at BJ’s, you will join our talented, collaborative and inclusive Security team to help keep our digital platform secure, shift security to the left and add security features into our digital products. Additionally, this role is responsible for collaborating with the cloud operations & software development teams to identify, evaluate existing security controls to ensure a proper DevSecOps model is followed in a fast-paced environment. In this role, you would be the primary person responsible for making sure that security is applied to all aspects of the digital platform architecture in accordance with best practices, established standards and policies. This is very much a hands-on development job with a heavy security focus that will report directly to the CISO (because we really care about security).

 Responsibilities include, but are not limited to:

·        Perform application security assessments and remediation activities as part of the application security program and ensures application teams adhere to the Secure-SDLC Framework

·        Guide and perform security activities including code reviews, static and dynamic code testing, ethical hacking and business logic exploit testing

• Make recommendations on toolset modifications and improvements, improvements on development processes and production application security support        

• Evangelize application security program fundamentals, tools, processes and acts as a consultative partner with Global IT and Business teams
• Conduct regular internal pen-testing against the app and manage the external pen-test process
• Make code and infrastructure changes to remediate issues identified from testing tools and pen-tests
• Act a security subject matter expert for your given skill set, utilizing current information security technology disciplines and industry standards to ensure confidentiality, integrity and availability of BJ’s information assets
• Provide strong expertise in Information Security support including compliance (PCI, PII, etc..) driven initiatives 

Requirements

• Bachelors (or foreign equivalent) degree in Computer Science or related field is required. 
• Hands-on application security assessment experience using standard DAST / SAST and WAF toolset   

• Minimum of 3-5 years of experience in Information Technology, with a concentration on Information Security
• In-depth knowledge of information security practices, threat modelling, developing governance frameworks and strategies
• Experience with automated security scanning and CI / CD pipeline integration is a huge plus
• Strong communication, collaborative attitude and consensus building is a must
• Bug bounty experience is a nice to have

• Ability to explain complicated vulnerability concepts to all levels of audience is needed

• Solid knowledge of security related industry standards and frameworks, such as PCI DSS, ISO 27001/2, NIST, OWASP, SANS, CoBit, ITIL, COSO, FISMA
• Desired certifications include: Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Secure Software Lifecycle Professional (CSSLP), Computer Hacking Forensic Investigator (CHFI), Encase Certification

BJ's Wholesale Club is committed to a policy of equal employment opportunity for all qualified team members and applicants for employment without regard to race, religion, color, sex, sexual orientation, age, ancestry, national origin, physical and/or mental disability, genetic information, atypical cellular or blood trait, marital and/or familial status, pregnancy, gender identity and expression, military or veteran status, or any other characteristics protected by applicable law.