IT Security Application Engineer
Chipotle

IT Security Application Engineer (21007138)
Description

THE OPPORTUNITY
The Application Engineer, IT Security drives Software Assurance Security initiatives at Chipotle including Application Development, Business Intelligence, and Corporate Support applications. Applies technologies and processes to achieve a required level of confidence that software systems and services function in a secure manner including analyzing the security of new or existing software. Assures that applications are free from accidental or intentional vulnerabilities. Assess applications to determine security controls and security tools that are appropriate to the threat environment. Leads incident response to recover from intrusions and failures in Chipotle software including any incidents related to AppSec. Advocates for Information Security with the software development organizations to drive secure innovation, developer education, and a secure by design mindset.

Proficient in understanding of tools, codebases, libraries, and frameworks related to but not limited to authentication, encryption, network security, security scanning, and reporting tools, web and mobile security, secure coding and SDLC, application architecture, cloud security, risk management, privacy principles, and PII, application cyber threats including OWASP Top 10, and CICD/Azure DevOps/API security.

WHAT YOU'LL DO

• Provide security guidance through software development project participation acting as a security SME resource
• Develop secure software testing and validation procedures.
• Perform testing results review and assessment to identify potential flaws and remediate vulnerabilities.
• Identify common coding flaws at a high level
• Evaluate open source and third-party software components for potential security flaws and vulnerabilities
• Perform risk analysis to determine the risk profile of internal applications and in turn determine required security posture for internal applications
• Perform threat modeling.
• Review risk posture for major internal application changes
• Evaluate and recommend current and future security software assurance technology solutions
• Deploy, configure, and maintain security software assurance tools
• Handle incident response including all software-related security incidents - Extremely Complex
• Track and report progress on software assurance security initiatives to management.
• Other duties as assigned

WHAT YOU'LL BRING TO THE TABLE

• BS in a related field, or equivalent experience and training.

• 3-5 years of experience in a related role.
• Minimum of 2 years in a security role such as IT Security Analyst, Application Security Analyst, Software Assurance Analyst, Application Security Tester, Pen Tester.
  Minimum 2 years in a software development role such as Application Developer, Software Engineer, Technical Project Manager, DevOps Engineer, Technical Scrum Master.
• CSSLP or open to obtaining CSSLP
• Comprehensive understanding of security products, concepts, and secure SDLC fundamentals. Understanding of data privacy concepts. Understanding of risk management concepts. Functional knowledge of security scanning tools and application security tools. Ability to perform code review and testing. Ability to provide secure coding recommendations. Ability to configure and manage application security technologies. Ability to work with development teams providing mentorship and training. Ability to perform threat modeling.
• Deep understanding of security skills and concepts in addition to an application development background. Understanding of application security and secure SDLC principles. Innate ability to understand applications and application development. Experience in technical writing. Experience with mentoring and training in a development team setting. Ability to measure metrics and communicate performance to management.
• Planning and implementation of software assurance security solutions and strategies. SME level participation with the application development organization. Oversight for progression of software assurance security initiatives.

WHO WE ARE
Chipotle Mexican Grill, Inc. (NYSE: CMG) is cultivating a better world by serving responsibly sourced, classically cooked, real food with wholesome ingredients without artificial colors, flavors, or preservatives. Chipotle had over 2,650 restaurants as of June 30, 2020, in the United States, Canada, the United Kingdom, France, and Germany and is the only restaurant company of its size that owns and operates all its restaurants. With more than 91,000 employees passionate about providing a great guest experience, Chipotle is a longtime leader and innovator in the food industry. Chipotle is committed to making its food more accessible to everyone while continuing to be a brand with a demonstrated purpose as it leads the way in digital, technology and sustainable business practices. Steve Ells, founder, and former executive chairman, first opened Chipotle with a single restaurant in Denver, Colorado in 1993. For more information or to place an order online, visitWWW.CHIPOTLE.COM.
CULTIVATING A BETTER WORLD
Food served fast does not have to be a typical fast-food experience. Chipotle has always done things differently, both in and out of our restaurants. We are changing the face of fast food, starting conversations, and directly supporting efforts to shift the future of farming and food. We hope you'll join us as we continue to learn, evolve, and shape what comes next on our mission to make better food accessible to everyone.

Primary Location: Ohio - Columbus - 8889 - 333 W Nationwide-(08889)

Work Location:
8889 - 333 W Nationwide-(08889)
333 W Nationwide Blvd
Columbus 43215