Senior Application Security Engineer

The Senior Application Security Engineer is responsible for improving the security of our applications and supporting technology platforms. As a globally distributed Application Security Team member, solid communication skills and a strong sense of accountability are vital factors for this opening. This position will be expected to demonstrate performance in a manner consistent with C.H. Robinson Information Technology Core Values, including knowing our business, being entrepreneurial, working in a team environment, providing excellent customer service, being passionate and enthusiastic, knowing our technology, communicating, communicate, communicate, respect people, be accountable for your actions, have a strong work ethic and a balanced life.

C.H. Robinson recognizes the importance of workplace flexibility. We are committed to providing a remote-friendly work environment, both now and in the future. Our global technology teams will continue to have the flexibility that enables you to work where you are most effective, remotely or in the office.

Responsibilities:

• Serving as a security subject matter expert consultative with the development teams through the software engineering process - including security reviews/remediation at various stages of the SDLC
• Building partnerships with other engineering teams, providing expertise in security best practices
• Performing threat modeling, architecture reviews, and application testing, ensuring critical vulnerabilities are identified, communicated to team members, and driving delivery of mitigations
• Researching and recommending changes to procedures and systems to enhance application and data security
• Developing and delivering security training to software engineers
• Researching emerging technologies and maintaining awareness of current security risks in support of security enhancement and development efforts
• Coordinating around, participating in, and managing information security projects
• Implementing tools to test and enforce application security policy as part of the DevSecOps pipeline
• Automating security processes to reduce as much manual work as possible
• Maintaining current situational awareness of trends in cybersecurity threats and specific CH Robinson organizational threats
• Using appropriate interpersonal styles and subject matter knowledge to partner, gain trust and influence across the organization
• Delivering best-in-class customer service to internal customers
• Participating in 24x7 on-call support rotation

Required Qualifications:

• 5+ years of experience in some combination of web application security, cloud security, infrastructure security, penetration testing, secure software development, security tools development, and architecture review, with a total of 5 or more years of information technology experience
• A solid grounding in information security principles and web application security
• Experience integrating security into SDLC, including Static Analysis, Dependency Scanning, Dynamic Testing
• Demonstrated experience, a progressive track record of technical achievement, and a strong focus on customer service and satisfaction
• Ability to perform technical analysis of complex software, systems, hardware, and network environments
• Project management - ability to deliver to aggressive deadlines while working on complex projects across multiple groups and geographies
• Experience using web application vulnerability scanning tools (Burp Suite Pro/Enterprise) and manual web application testing
• Bachelor's degree or equivalent work experience and a high school diploma/GED

Preferred Qualifications:

• Experience with DevSecOps, including secure CI/CD pipeline design and architecture, automation, and secure code gating
• Experience integrating security tools into CI/CD pipelines (i.e., Jenkins/Azure DevOps)
• Experience securing Linux server and container orchestration environments (Kubernetes)
• Experience securing cloud IAAS and PAAS environments (Azure, Google Cloud, AWS)
• Experience with Cloud Security Posture Management tools
• Experience with HashiCorp Vault, Consul, and Terraform
• Experience with Okta, Azure AD, OAuth 2.0, OIDC
• Knowledge of SonarQube, CodeQL, GitHub Actions, GitHub Advanced Security
• Previous experience establishing and utilizing measurements, processes, and metrics to manage support activities
• Experience with encryption technologies and methods
• Previous experience with vendor management and coordinating vendor activities
• Knowledge of mobile applications and device security (iOS/Android)
• Experience with C#, JavaScript, and Node.js development
• Strong scripting skills (Python, PowerShell, Shell script)
• Proactive, accountable, autonomous, and solutions-oriented
• Excellent facilitation and communication skills - the ability to partner, gain trust, influence, coordinate, and motivate resources
• Values a diverse and inclusive work environment

Questioning if you meet the mark? Studies have shown that women and people of color may be less likely to apply unless they match the job description exactly. Here at C.H. Robinson, we're building a diverse and inclusive workplace where all employees feel they belong. If this position excites you, we welcome you to apply whether you check all the preferred qualifications or just a few. You may just be our next great fit!

Equal Opportunity and Affirmative Action Employer

C.H. Robinson is proud to be an Equal Opportunity and Affirmative Action employer. We believe in equality for all and celebrate the diversity of our employees, customers and communities. We believe this increases creativity and innovation, drives business growth and enables engaged and thriving teams. We're committed to providing an inclusive environment, free from harassment and discrimination, where all employees feel welcomed, valued and respected.

Affirmative Action Employer/EOE/M/F/Disabled/Veteran

Benefits

Your Health, Wealth and Self

Your total wellbeing is the foundation of our business, and our benefits support your financial, family and personal goals. We provide the top-tier benefits that matter to you most, including:

• Two medical plans (including a High Deductible Health Plan)
• Prescription drug coverage
• Enhanced Fertility benefits
• Flexible Spending Accounts
• Health Savings Account (including employer contribution)
• Dental and Vision
• Basic and Supplemental Life Insurance
• Short-Term and Long-Term Disability
• Paid and floating holidays
• Paid time off (PTO)
• Paid parental leave
• Paid time off to volunteer in your community
• Charitable Giving Match Program
• 401(k) with 6% company matching
• Employee Stock Purchase Plan
• Plus a broad range of career development, networking, and team-building opportunities

Dig in to our full list of benefits on OUR CULTURE page.