Engineer 3, Software Security - York County, United States - RITE AID HDQTRS. CORP.

Description

Excited to grow your career?

We value our talented employees, and whenever possible strive to help one of our associates grow professionally before recruiting new talent to our open positions. If you think the open position you see is right for you, we encourage you to apply

If you want to make a difference, Rite Aid is the right place.

While Rite Aid is big, it still feels small — you and your work are never lost in the crowd. You know the leaders, and they recognize your impact. Teams are tightly knit and agile. Small groups, courageous enough to meet our goals in new ways. You can take your work, your team, or your business to the next level without being slowed down by a ton of process or layers of approval. For anyone with intent to grow, you can reinvent yourself in a new role or take on a new challenge while helping us reinvent Rite Aid and innovate our industry.

Wherever you work in the Rite Aid family, your diverse perspectives and fierce commitment enable us to deliver on the promise of 'whole health for life' for communities around our country.

And that makes the biggest difference of all.

Job Summary

Responsibilities

Qualifications

EDUCATION REQUIREMENTS

Education Level

Bachelor Degree

Area of Specialization (Marketing, Finance, Pharmacy, Engineering/IT, etc)

Information Security or Software Development. Additional years of relevant experience, training, and/or professional certifications will qualify in lieu of a degree.

KNOWLEDGE, SKILLS AND ABILITIES

Knowledge, Skills and Abilities

· Detailed technical knowledge of techniques and state-of-the art capabilities for software authentication, access control, session management, input validation and output encoding, applied cryptography, application security vulnerabilities, and remediation.

· Providing technical designs for software solutions to address security risks.

· Providing risk assessment and remediation guidance for developers and business owners.

· Staying informed about new attacks, software security tools, and industry best practices.

· Ability to write and verbally communicate effectively to both technical and non-technical audiences.

· Experience with software security engineering practices, tooling, and risk assessments.

· Strong technical skills in web related technologies (web applications, web services and Service Oriented Architectures), mobile (Android & IOS) and thick-client applications, APIs, and microservices.

· Experience with creating threat models and conducting manual security code reviews.

· Experience with manual and automated software testing, static/dynamic code analysis, software composition analysis, and fuzzing.

· Experience with the OWASP Top 10 and the CWE Top 25.

· Significant software development experience in one of the following core programming languages: Java, C++, JavaScript, HTML, CSS, .NET, Python, Terraform

· Cloud application security knowledge and experience with GCP, AWS, and Azure.

· Familiarity with Azure DevOps, Kubernetes, Docker, Jenkins, Git, etc.

WORK EXPERIENCE

Experience

Areas of Experience (Pharmacy, Compliance, E-commerce, Retail, etc)

7 years of experience in Cyber Security, Computer Science, Information Technology, or Information Systems

2 years of experience in developing web and API applications

1 year of experience in developing iOS and Android applications

3 years of experience in coding and scripting: (PowerShell, Python, Java, or JavaScript)

Linux administration (basic commands and shell scripting)

Conducting application security testing with security tools (e.g., Burp Suite, ZAP, Postman, Insomnia, sqlmap, SonarQube, Fortify, Webinspect, Invicti, Appscan, Sonatype, Checkmarx, Black Duck, Qualys, Contrast Assess, Imperva RASP, nmap, Kali Linux, Metasploit, etc.)

Fair Chance Act

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Pursuant to the Los Angeles Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Pursuant to the California Fair Chance Act, we will consider qualified applicants with a criminal history. You do not need to disclose your criminal history or participate in a background check until a conditional job offer is made to you. After making a conditional offer and running a background check, if we identify a conviction that is directly related to the job, you will be given the chance to explain the circumstances surrounding the conviction, provide mitigating evidence, or challenge the accuracy of the background report. Find out more about the by visiting the Civil Right's Department Fair Chance Act webpage.

For more detailed information around city/state required notices, click to access a list of disclosures.

New Jersey Law Against Discrimination (LAD)

The New Jersey Law Against Discrimination (LAD) prohibits unlawful employment discrimination based on an individual's race, creed, color, national origin, nationality, ancestry, age, sex (including pregnancy), familial status, marital/civil union status, religion, domestic partnership status, affectional or sexual orientation, gender identity and expression, atypical hereditary cellular or blood trait, genetic information, liability for military service, and mental or physical disability (including perceived disability, and AIDS and HIV status).

Indiana Applicants:

It is unlawful for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

Maryland Applicants :

Under Maryland law, an employer may not require or demand, as a condition of employment, prospective employment, or continued employment, that an individual submit to or take a polygraph examination or similar test. An employer who violates this law is guilty of a misdemeanor and subject to a fine not exceeding $100.

Massachusetts Applicants :

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Drug-Free Workplace Policy

Note to All Applicants Regarding Rite Aid's Drug-Free Workplace Policy: Rite Aid maintains a strict policy prohibiting illegal drug activity and using, being under the influence of, or possessing illegal drugs and/or alcohol during the Work Day as well as on Company Property as defined in Rite Aid's Drug-Free Workplace Policy. Rite Aid conducts post-offer pre-employment drug testing of all job candidates. Additionally, the Company conducts drug and/or alcohol testing in certain pre-promotion, reasonable suspicion, and post-accident scenarios along with drug loss investigations unless expressly prohibited by law. You have the right to refuse to submit to testing; however, a refusal to submit to a test when asked will result in the withdrawal of a conditional offer of employment or termination of employment. All records relating to drug tests shall be kept confidential. A copy of the policy is available from hiring management upon request.

Applicant Statement

I certify that the above statements are true and complete. I further understand that unless specifically altered by a written employment contract, executed by an officer of the Company, my employment will be terminable at will, either by myself or Rite Aid, at any time, with or without cause and with or without prior notice. I authorize Rite Aid to verify all education, training and professional licensure/certifications claimed by me and to secure from my former employers and references information concerning my professional accomplishments, salary, work characteristics, ability and reasons for leaving. Every conditional offer of employment with Rite Aid is subject to a criminal background check to determine his or her suitability for the position. Applicants will be required to sign an authorization to perform a criminal background check only if the applicant receives a conditional offer of employment and I understand that I will be required to submit to a drug test in accordance with Rite Aid policy. In compliance with the federal Immigration Reform and Control Act, I certify that, if hired, I will provide, within three (3) business days from the date my employment begins, proof of my identity and eligibility for employment in the United States.

EEO Statement

Rite Aid is an equal opportunity employer and is committed to cultivating a diverse work environment where individual differences are appreciated and respected. It is our policy, through responsible management, to recruit, hire, train, and promote associates regardless of their race, color, national origin, religion, sex, sexual orientation, disability, age, or any other basis protected by state or federal law. The objective of this policy is to ensure conformity with the principles of equal opportunity employment when making employment decisions and administering compensation, benefits, transfer, and social and recreational programs. Rite Aid prohibits unlawful retaliation against any person who reports harassment or discrimination.