Sr. Security Engineer in Roanoke, VA at Advance Auto Parts

Date Posted: 2/5/2020

Career Snapshot

  • Employee Type:
  • Location:
    Roanoke, VA
  • Career Type:
  • Experience:
    Not Specified
  • Date Posted:

Career Description

Job Description

The Office of Information Security is looking for people who deeply understand information security and are dissatisfied with the state of the art. We are building a team of people who are pragmatic and visionary at the same time: who can take strong executive support and a strategic commitment to transformation, and run with that to build something better and smarter. We are looking for those agents of change, people willing and able to leave a mark not just on a Fortune500 company, but on an entire industry. 


The Sr. Software Security Engineer is responsible for ensuring that codes and other services are free from vulnerabilities.  The Engineer works closely with other Security Operations staff, as well as Risk Management and Application Owners in IT, to scan for, identify, assess, prioritize, and assist with the remediation of, vulnerabilities within lines of codes or other services. 


You bring your expertise of application security to work together with our internal team members and platform teams to apply industry best practices to AAP applications and architecture. You’ll be analyzing applications from a security perspective. You will also be analyzing threats and externally reported bugs to help our engineering teams address them. 


A successful candidate will have experience working through ambiguity, helping to define security requirements with managers and developers and incorporating feedback, as well as identifying potential problems before they become real problems. 


Responsibilities include… 

  • Performing application security assessment 

  • Working closely with developers to prioritize remediation of vulnerabilities identified 

  • Teaching industry best practices for secured software development life cycle – both traditional SDLC and CI/CD 

  • Projects and research work as needed 

  • Security training and outreach to internal development teams 

  • Security guidance documentation 

  • Security tool development/enhancement 

  • Security metrics and delivery 


We are seeking the following qualifications: 

  • Bachelor's degree in Computer Science or equivalent experience 

  • 4+ years’ experience in software development or similar related position 

  • Ability to maintain efficiency and positive attitude in the face of challenging and competing deadlines 

  • Ability to operate in a Scrum based environment where Daily Standups, Sprint Planning, Sprint Review, backlog grooming and Sprint Retrospective are held 

  • Experience with enterprise commercial software implementations 

  • Strong communication and collaboration skills and experience interacting at all levels throughout IT/business teams and working within large, matrixed organizations 

  • Highly organized, great attention to detail and ‘hands on’ work style 

  • Experience in design, development, testing and support of critical enterprise-level systems in a cross platform environment 

  • Independent with strong critical thinking, decision making, troubleshooting and problem-solving skills 

  • Strong work ethic and internal drive for results.  Strong planning, execution and multitasking skills and demonstrated ability to nimbly reprioritize and meet deadlines reliably. 

  • Experience implementing security solutions at the product/service level 

  • An understanding of web services 

  • Familiarity with common mitigating controls and their implementation 

  • Working knowledge of application security assessment and applicable review methodologies 

  • Solid familiarity of prevalent security threats and how they apply to the business 

  • Experience with frameworks that assist the delivery of security solutions