Application Security Engineer

Full Time

Job Description

Why should you join WWT?

Fueled by creativity and ideation, World Wide Technology strives to accelerate our growth and nurture future innovation. From our world class culture, to our generous benefits, to developing cutting edge technology solutions, WWT constantly works towards its mission of creating a profitable growth company that is a great place to work. We encourage our employees to embrace collaboration, get creative and think outside the box when it comes to delivering some of the most advanced technology solutions for our customers.

Based in St. Louis, WWT works closely with industry leaders such as Cisco, HPE, Dell EMC, NetApp, VMware, Intel, AWS, Microsoft, and F5, focusing on three market segments: Fortune 500 companies, service providers and the public sector. WWT employs more than 7,800 people and operates in more than 4+ million square feet of state-of-the-art warehousing, distribution and integration space strategically located throughout the world. WWT is proud to announce that our CEO Jim Kavanaugh was named by glassdoor as a top CEO during COVID.

Want to work with highly motivated individuals that come together to form high preforming teams? Come join WWT today! We are looking for Application Security Engineers.

Job Summary

Application Services’ Application Security (AppSec) practice is dedicated to improving the consistency of practice and overall maturity of application security throughout our organization by educating and coaching teams and leaders to have a security-centric mindset. It is the AppSec practice’s primary responsibility to help custom software development teams understand a customer’s security posture and threat model and implement controls that are consistent with the threat model, assess security features for correctness, track security metrics, and support the team in following an incident response plan. In addition to supporting software delivery teams directly, AppSec engineers may also engage with other groups throughout World Wide Technology to perform vulnerability assessments and penetration testing, and collaborate with senior security consultants to deliver world-class solutions for customers.

Job Responsibilities/Essential Functions/Competencies

Primary Responsibilities
  • Audit and support Application Services project delivery teams to ensure they are leveraging best practices and building an appropriate level of security into customer software.
  • Assess and test software and systems for potential vulnerabilities and communicate findings to teams and customers.
  • Build threat models and control catalogs for software teams; stay current on emerging threats.
  • Develop test plans, automation, and processes to validate that application security controls and features are correct and complete; audit controls and identify areas for improvement.
  • Select, deploy, and configure tools for security testing of applications and systems.
  • Capture and communicate security metrics for environments, systems, and applications.

The following knowledge, skills, and attributes are required:
  • Bachelor’s degree in Computer Science, Cybersecurity or a related field, or minimum of 5 years' experience in a related role or field.
  • Strong technical background and understanding of systems architecture and infrastructure, information security, and automation tools e.g., Terraform, Chef, Puppet, Ansible, Maven.
  • Strong understanding of Agile SDLC and DevSecOps concepts and practices.
  • Familiarity with web application frameworks, API technologies, and micro services.
  • Experience in one or more Object-Oriented programming language.
  • Experience in one or more scripting languages (bash, python, power shell, etc.).
  • Experience applying security standards/guidelines (such as OWASP, CIS, etc.)
  • Understanding of Linux and Windows administration.
  • Understanding of fundamental TCP/IP and related network services (e.g. DNS, NTP, SNMP, SMTP, etc.) and network security design concepts.
  • Experience in 2 or more application security domains (e.g., Secure Coding, Cryptography, Penetration Testing, Vulnerability Assessment, Static and Dynamic Application Security Testing et.)
  • Ability to solve complex problems and communicate risks and technical concepts to both technical and non-technical audiences.
  • Excellent verbal and written communication skills.
  • Ability to context-switch between multiple projects, codebases, and concepts with ease.
  • Must be able to obtain and maintain a U.S. Security Clearance.

The following knowledge skills and attributes are preferred:

  • Integration level knowledge of API Security Architecture, and technologies such as, OAuth2, Spring Security, HMAC, WS-Security, WS-Trust, or XACML.
  • Experience developing secure RESTful APIs.
  • Experience using Node.js, Ruby, or JavaScript.
  • Experience with application logging integration and products (Log4J, Logstash, Splunk etc.).
  • Experience with cloud security architecture design patterns (AWS, Cloud Foundry, Azure etc.).
  • Knowledge of OWASP Web/API vulnerabilities and compensating controls (CSRF, XSS, SQLI, etc.).
  • Familiarity with encryption fundamentals: PKI, Encryption, Digital Signatures, & Key Management.
  • Knowledge of Risk Controls framework, and Audit procedures (27000/1/2, NIST 800-53/171, DFARS etc.).
  • Experience with Security Operational Management, including Change Management, Release Management, Incident Management, and Problem Management.

Working Conditions

  • Work-life balance and employee well-being are extremely important to us. Employees are expected to work 40 hours per week; however, working conditions are typically flexible.
  • Teams normally establish core business hours. There may be rare circumstances when employees are asked to work over 40 hours in a week, but not required.
  • Some minimal travel (up to 20%) may be required if travel is safe. Typically, this is reserved for team kickoff events, limited consulting engagements at a customer’s site, or critical meetings.
  • This is a highly distributed and empowered team, and the successful candidate will be expected to manage much of their own time and workload, delivering high-quality service to our delivery teams, clients, and partners, with minimal supervision.


The well-being of WWT employees is essential. So, when it comes to our benefits package, WWT has one of the best. We offer the following benefits to all full-time employees:
  • Health and Wellbeing: Heath, Dental, and Vision Care, Onsite Health Centers, Employee Assistance Program, Wellness program
  • Financial Benefits: Competitive pay, Profit Sharing, 401k Plan with Company Matching, Life and Disability Insurance, Tuition Reimbursement
  • Paid Time Off: PTO & Holidays, Parental Leave, Sick Leave, Military Leave, Bereavement
  • Additional Perks: Nursing Mothers Benefits, Voluntary Legal, Pet Insurance, Employee Discount Program
  • Visit our company web page at for more information.

WWT has a vaccine requirement for all of its U.S. workforce. All new hires must be fully vaccinated before starting at WWT. Appropriate religious and medical accommodations will be made and can be discussed in the pre-hire process.

WWT D&I Statement:

Diversity, Equity, and Inclusion is more than a commitment at WWT -- it is the foundation of what we do. Through diverse networks and pipelines, we have a clear vision: to create a Great Place to Work for All. We believe inclusion includes U. Be who U are at WWT!

Equal Opportunity Employer Minorities/Women/Veterans/Individuals with Disabilities
Dice Id : 10106058
Position Id : 21-0860
Originally Posted : 1 year ago
Have a Job? Post it

Similar Positions

Application Security Architect/Engineer
  • Kani Solutions
  • Jersey City, NJ, USA
Application Security Engineer
  • Pinnacle Group
  • Plano, TX, USA
Application Security Engineer
  • Charles Schwab & Co., Inc.
  • Westlake, TX, USA
Lead Engineer, Application Security
  • AccruePartners
  • Charlotte, NC, USA
Application Security Engineer
  • Jobot
  • Toronto, ON, Canada
Application Security Engineer
  • Jobot
  • Montreal, WI, USA
Application Security Engineer
  • ConnectedX, Inc.
  • Plano, TX, USA
Senior Security (Application) Engineer
  • SilverSearch, Inc.
  • New York, NY, USA
Security Engineer (Application Security)
  • Tiro Security
  • Los Angeles, CA, USA