Principal App Security Engineer

Essential Functions

Application Development Lifecycle SecurityIndependently ensure that identified software defects are properly triaged for false positives, correctly prioritized based on criticality, and mitigated.

Automate the discovery, profiling, and continuous security monitoring of code.Responsible for integrating the security toolset into the CI / CD pipeline.

Responsible for managing the current application security toolset and advising management on improvements. Accountable for managing our software supply chain by defining, documenting, and updating the program to include discovery and reporting of software bill of materials (sbom).

Accountable for inventory, document, monitor, and secure production APIs.Accountable for conducting threat assessments, building threat models, and creating remediation plans based on the results of threat assessments.

Perform or facilitate the performance of security risk assessments.Perform RFI and engage web application penetration testers as needed and by policy.

Anticipate need, initiate, and guide discussions on security strategy and architecture changes.Work with the privacy function to implement data protection requirements.

Vulnerability Disclosure ProgramResponsible for managing vulnerabilities identified by independent researchers and vetting them for accuracy.

Independently assess the vulnerabilities against risk and criticality, then manage them alongside other security defects.

Additional responsibilitiesDefine and develop the Application Security strategy and roadmap across people, process, and technology.

Create and perform necessary testing, scanning, and remediation of our internet-facing web applications with respect to compliance with Americans and Disabilities Act (ADA)Configure, troubleshoot, and manage the development environment Identity and Access ManagementEnsure that development and production application assets in the cloud are configured to support security policies including those for data at rest and data in transit.

Where assigned, manage the relationship with the vendor, including contract review and negotiation, performing quarterly business reviews, and creating performance and other reporting metrics.

Design security compliance metrics that align with Application Security requirements and assist with driving enforcement.

Assist with triaging potential security incidents

Job Summary

Focus Brands is on a journey to build out an industry leading Digital Platform which will power its seven existing brands and enable smooth integration of future brands.

The Application Security Engineer, Principal performs a critical role in our roadmap to deliver the most secure, privacy-focused, and compliant customer-facing brand websites.

Although the role is a part of the Information Security organization, the experienced incumbent will be embedded with development teams and data scientists and collaborate effectively with various teams within technology and product, and will be responsible and accountable for creating programs and driving the performance of secure software development practices, including addressing vulnerabilities and software security defects, and documenting and managing software supply chain threats and risks.

This opportunity will reward the incumbent with a chance to originate security programs, tasks, and methodologies to enable Focus Brands to build products to allow more customers to enjoy our iconic brands.

Travel Requirements