Share this Job
Apply now »

Lead IT RISK Technologist

Location: Sheetz Corporate - CLAYSBURG, PA

 

PRIMARY PURPOSE OF THIS POSITION:

 

Sheetz’ Cyber Security team is looking for a Cybersecurity engineer with expertise in the Application Security domain.  In this role, you will work with software development partners to identify and mitigate the security vulnerabilities in our applications. You will also act as an application security SME for the development and security communities within Sheetz.

 

ESSENTIAL FUNCTIONS: (other duties may be assigned)

  1. Own and develop the Secure SDLC Strategic Plan and execution of the Secure SDLC process.
  2. Perform dynamic and static application security testing against web applications, thick-client applications, APIs and mobile applications.
  3. Perform assessment of cloud architecture and configuration.
  4. Perform application threat modeling.
  5. Perform findings/vulnerabilities analysis, document results, engage with high level personnel, discuss findings, provide recommendations, explain testing techniques, and stay current on weaknesses and vulnerabilities.
  6. Engage customers on the implementation and improvement of secure software development lifecycle.
  7. Assist in the execution of appropriate information security policies, standards, procedures, checklists, and guidelines


REQUIREMENTS: (Equivalent combinations of education, licenses, certifications and/or experience may be considered. Two years of experience is equivalent to one year of college/trade school)

Education

  • A four-year degree in Computer Science, Management Information Systems, Computer Engineering; or a four year degree in another field of study which includes courses in computer programming, systems analysis, system development, or systems engineering is preferred.

Experience

  • 5 years of applicable experience in a technology environment required
  • Skilled finding security bugs in several languages, including Java
  • Experience in application penetration testing required
  • Understanding of web services architecture and protecting APIs
  • Intimately familiar with OWASP Top 10, including detection and prevention mechanisms
  • Experience with static analysis, dynamic analysis, and runtime analysis toolsets
  • Pragmatic approach to security issue prioritization & remediation

 

Licenses/Certifications

  • Maintain a continuous personal professional development program; this level requires CISSP certification and commitment to pursue additional training or certifications in risk, security, governance, compliance (e.g., CISSP-ISSEP, CISSP-ISSAP, CISSP-ISSMP, GICSP, GMOB, GCIH, CRCMP, CISA, CGEIT, CRISC, CRMA, CORP, advanced degree)
  • PCIP/ISA (PCI Council) preferred.

 

 

ABOUT SHEETZ
Sheetz, Inc. is a fast-growing, family-owned, food/convenience company that has been in business since 1952. Sheetz has over 600 locations in Pennsylvania, Ohio, Virginia, West Virginia, Maryland and North Carolina.


Our mission at Sheetz has been to meet the needs of customers on the go. Of course, things have changed over those nearly 70 years. Life is faster and busier, and customers expect us to be there when they need us most. One thing that hasn't changed is our commitment to our customers, our employees and the communities in which we operate. Sheetz donates millions of dollars every year to the charities it holds dear.


Sheetz Award


Nearest Major Market: Altoona
Nearest Secondary Market: Johnstown

Apply now »