UPS Lead Application Security in Mahwah, New Jersey
Lead Applications Developer
We’re the obstacle overcomers, the problem get-arounders. From figuring it out to getting it done… our innovative culture demands “yes and how!” We are UPS. We are the United Problem Solvers.
About Applications Development at UPS Technology:
Our Application Development teams use their expertise in programming languages and software design to develop next-generation technology. They are responsible for developing the applications which track and move up to 38 million packages in a single day (4.7 billion annually). This team works closely with all of our customers to build innovative technologies that are customized to drive our business and provide the ultimate customer experience. As a member of the applications development family, you will help UPS grow and provide valuable services across the globe.
About this role:
Will consider candidates from the following I.T. Campus locations: NJ, MD, GA & KY
This position leads the design and assessment of secure application implementations. It establishes operational excellence efforts for connected services to deliver an "always-on" operation year-round at the right cost. This position will be leading security risk assessment and compliance efforts for Enterprise Technologies and coordinate the center of excellence initiative. The selected candidate will be conducting Application Security Assessments and evaluation of implemented security solutions against UPS standards, policies and regulations for secure application development requirements. Researching emerging technologies and industry standard application security practices are essential skills for this position and will require guidance for security designs for moderately complex to complex systems to solve problems of scale. This position provides technical leadership and guidance to others and works cross-functionally to develop best practices for building and maintaining secure applications, Continuous Integration of systems security, and service-oriented tools. This position ensures the deliverables (e.g., the design, source code, and unit test cases) of supported teams comply with established operational standards for release management, system maintenance, and configuration automation and meet applications' needs and SLAs.
Selected candidate will:
Have a working knowledge of secure application development standards
Enable and drive security compliance for at UPS, including consultation for application security assessments, and guiding application development teams to provide appropriate information and reviewing security controls and assessment responses before submitting for final reviews (using OneTrust)
Lead the coordination of post penetration test remediation efforts to reduce impact on Application Development teams and meet defined SLA’s for remediation
Partnership with software delivery teams to help assess and influence security posture within Agile environments with security and reliability
Have knowledge of security tools (Kali Linux, Sonarqube, OWASP ZAP, Burp Suite, Netsparker) - CI/CD pipelines is a plus
Work with other Software Development Groups to design, deploy and identify continuous security improvements within application development
Candidate must have the ability to manage Agile teams and backlog and lead a team to guide others to follow appropriate secure application development standards. Must be able to multitask on various priorities.
Experience with Cyber Threat Analysis, Databases and Cloud Security
Knowledge of Standards and Governance Policies and Procedures, Risk Management and Technical Analysis
Familiarity with Internet Development Architecture & Design and Network Security Engineering
Ability to champion the use of security tools and solutions as appropriate to ensure security is addressed throughout the lifecycle of delivered software
Experience working with architecture teams to develop solution designs in the Public Cloud or on-prem Cloud environments
Working knowledge of application security industry standards [OWASP top10, NIST SP800, ISO27001] and regulatory standards [SOX,PCI] along with the practical knowledge of meeting the objectives for the UPS InfoSec security control domains [as listed in the SRA process]
Familiar with modern or high-level programming languages, e.g.Node.js, GO, Rust, Groovy, or Python
Knowledge of DevSecOps environments and Agile practices utilized by development teams, or experience as a developer using DevSecOps tools and frameworks within a large-scale technology organization
Good leadership skills, with the ability to communicate a vision that inspires and motivates IT staff and aligns with the overall IT and business strategy
Google Cloud Certification [or equivalent public cloud security certificate] is preferred
Strong written and verbal communications and ability to mentor team members and development team members on Cloud security and Application Security best practices and principles
Bachelor's degree in Computer Science or related discipline, or the equivalent in education and work experience
If required and where permitted by applicable law, employees must be fully vaccinated for COVID-19 by their date of hire/placement to be considered for employment. Fully vaccinated means two weeks after receiving the second shot for Pfizer and Moderna, or two weeks after Johnson & Johnson.
This position offers an exceptional opportunity to work for a Fortune 50 industry leader. If you are selected, you will join our dynamic technology team in making a difference to our business and customers. Do you think you have what it takes? Prove it! At UPS, ambition knows no time zone.
UPS is an equal opportunity employer. UPS does not discriminate on the basis of race/color/religion/sex/national origin/veteran/disability/age/sexual orientation/gender identity or any other characteristic protected by law
Company: UNITED PARCEL SERVICE
Category: Information Systems
Requisition Number: 329108
Location: Mahwah,New Jersey