At GXO, we know our greatest asset is people like you - energetic, innovative people of all experience levels and talents who make GXO a great place to work. Your career matters to us because your passion and excitement will help keep our company moving forward.
As the Lead Engineer, Information Security (Applications), you will operate a secure software development program that will enable us to monitor and detect defects and integrate application security into the CI/CD pipeline.
What you'll do on a typical day:
- Perform application security assessments and remediation activities as part of existing application security program
- Guide and perform security activities including vulnerability testing and analysis, code review, and static and dynamic codes testing
- Make recommendations on toolset modifications and improvements, development processes and production application security support
- Communicate application security program fundamentals and processes and act as a consultative partner with the business/developer teams
- Conduct risk assessments for internally developed applications when necessary
- Perform manual web application testing for false verifications as needed
- Provide responses and suggested remediation actions for static and dynamic code testing
- Participate in security projects, providing security reviews and remediation recommendations based on industry standards/best practices
At a minimum, you'll need:
- Bachelor's degree or equivalent related work or military experience
- 4 years of experience in Information Security
- Experience with security architecture, including a deep understanding of computer operating systems, VMware, Windows 7/10, Windows Server (2008 - current), Linux and Cloud technologies
- 3 years of enterprise level network security experience
- Experience as an application developer using one or more major development languages (.Net, C/C++, HTML/CSS, etc.)
- Experience with scripting or process automation (Bash, Python, Powershell, etc.)
- Proficiency in Microsoft Office Suite and Windows applications; the ability to create formulas in Excel and to quickly learn and achieve proficiency with new software applications and testing tools
- Attention to details with follow up skills including a penchant to identify issues and resolve problems
- Demonstrated ability to translate business and nonfunctional requirements to establish security controls that ensure a proper security design can be architected; ability to document the security solutions for communication and training
- Industry recognized information security, information technology or software development certifications
- Ability to perform complex analysis of data, processes, policies, procedures and/or systems; produce ambiguous, comprehensive and accurate interpretations
We are proud to be an Equal Opportunity/Affirmative Action employer. Qualified applicants will receive consideration for employment without regard to race, sex, disability, veteran or other protected status.
GXO adheres to CDC, OSHA and state and local requirements regarding COVID safety. All employees and visitors are expected to comply with GXO policies which are in place to safeguard our employees and customers.
All applicants who receive a conditional offer of employment may be required to take and pass a pre-employment drug test.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified. All employees may be required to perform duties outside of their normal responsibilities from time to time, as needed.