Share this Job
Apply now »

IT RISK Technologist Lead

Location: Sheetz Corporate - CLAYSBURG, PA

 

Sheetz’ Cyber Security team is looking for a leader in cybersecurity with expertise in the Application Security domain.  In this role, you will work with software development partners to identify and mitigate the security vulnerabilities in our applications. You will also act as an application security SME for the development and security communities within Sheetz.

 

The primary responsibilities of this position include but are not limited to:

  1. Owns and develops the Secure SDLC Strategic Plan and execution of the Secure SDLC process.
  2. Performs dynamic and static application security testing against web applications, thick-client applications, APIs and mobile applications.
  3. Performs assessment of cloud architecture and configuration.
  4. Performs application threat modeling.
  5. Performs findings/vulnerabilities analysis, document results, engage with high level personnel, discuss findings, provide recommendations, explain testing techniques, and stay current on weaknesses and vulnerabilities.
  6. Engages customers on the implementation and improvement of secure software development lifecycle.
  7. Assists in the execution of appropriate information security policies, standards, procedures, checklists, and guidelines

 

POSITION REQUIREMENTS: (Equivalent combinations of education, licenses, certifications and/or experience may be considered. Two years of experience is equivalent to one year of college/trade school)

 

EDUCATION

  • Four-year degree in Computer Science, Management Information Systems, Computer Engineering preferred

 

EXPERIENCE

  • 3-5 years of cyber security and risk assessment experience in a technology environment required.
  • Experienced at identifying security bugs in several languages, including Java, required.
  • Experience in application penetration testing required.
  • Experience with static analysis, dynamic analysis, and runtime analysis toolsets required.
  • Experience applying pragmatic approaches to security issue prioritization & remediation required.
  • Expert knowledge of web services architecture and protecting APIs.
  • Expert knowledge of OWASP Top 10, including detection and prevention mechanisms.

 

LICENSE/CERTIFICATIONS

  • CISSP certification
  • Commitment to pursue additional training or certifications in risk, security, governance, compliance 

           (e.g., CISSP-ISSEP, CISSP-ISSAP, CISSP-ISSMP, GICSP, GMOB, GCIH, CRCMP, CISA, CGEIT, CRISC, CRMA, CORP, advanced degree)

  • PCIP/ISA (PCI Council) preferred

 

ABOUT SHEETZ
Sheetz, Inc. is a fast-growing, family-owned, food/convenience company that has been in business since 1952. Sheetz has over 600 locations in Pennsylvania, Ohio, Virginia, West Virginia, Maryland and North Carolina.


Our mission at Sheetz has been to meet the needs of customers on the go. Of course, things have changed over those nearly 70 years. Life is faster and busier, and customers expect us to be there when they need us most. One thing that hasn't changed is our commitment to our customers, our employees and the communities in which we operate. Sheetz donates millions of dollars every year to the charities it holds dear.


Nearest Major Market: Altoona
Nearest Secondary Market: Johnstown

Apply now »