Job Description

Company Overview

Dollar General Corporation has been delivering value to shoppers for more than 80 years. Dollar General helps shoppers Save time. Save money. Every day! by offering products that are frequently used and replenished, such as food, snacks, health and beauty aids, cleaning supplies, basic apparel, housewares and seasonal items at everyday low prices in convenient neighborhood locations. Dollar General operated 16,979 stores in 46 states as of October 30, 2020. In addition to high-quality private brands, Dollar General sells products from America's most-trusted manufacturers such as Clorox, Energizer, Procter & Gamble, Hanes, Coca-Cola, Mars, Unilever, Nestle, Kimberly-Clark, Kellogg's, General Mills, and PepsiCo. Learn more about Dollar General at www.dollargeneral.com.

Job Details

GENERAL SUMMARY:

Dollar General is seeking a hands-on application security professional to join our application security team. The ideal candidate must have extensive experience in application security testing.

DUTIES & RESPONSIBIILTIES:

* Conduct security testing of web/mobile applications and web services/APIs, including source code security analysis (SAST) and dynamic (DAST) testing using a combination of commercial, open-source tools, and manual testing methods
* Perform security reviews of network infrastructure and endpoints hosted within the internal network as well as SaaS environments
* Adhere to best practice frameworks (e.g. OWASP)
* Use threat modeling tools to explore potential application, network, and infrastructure security-related threats
* Deliver timely and accurate security testing results to both technical and non-technical audiences
* Track and follow-up on remediation of identified security risks
* Act as liaison between application security teams, development teams, business units and vendors
* Provide subject matter expertise in security best practices and standards to ensure compliance with company security standards.
* Work closely with business units to determine work estimates and scope
* Propose and implement ideas to enhance and automate security-related processes
* Stay current on emerging technologies, products, and trends related to security solutions and testing techniques

Qualifications

KNOWLEDGE, SKILLS, & ABILITIES:

5+ Years Combined Experience in 2 or More of the Following:

* Web Application Security Testing
* Mobile Application Security Testing
* API Security Testing
* Network Penetration Testing
* Source Code Security Analysis

Strong, Hands-on Experience with Security Testing Tools such as:

* DAST (e.g. Fortify WebInspect, Fortify WebInspect Enterprise, IBM AppScan)
* SAST (e.g. Fortify SCA, Checkmarx CxSAST)
* Development Collaboration Platforms (e.g. Fortify SSC, Gitlab, Jira)
* Web Proxy Tools (e.g. BurpSuite Professional / BurpSuite Enterprise, OWASP ZAP)
* Open-Source Testing Tools (e.g. Nmap, OpenSSL, Metasploit, SQLMap)

Understanding of Network/Server Technologies such as:

* Firewalls (Network, Host, and Web Application)
* Cloud Hosting
* Containerization
* DNS, Routing, and other Common Networking Principles
* Directory Services / Active Directory
* Web Server Platforms (IIS / Tomcat)
* API / Web Services
* PKI / Web Certificates

Familiarity with Compiled/Scripting Languages (e.g. C, JavaScript, Python, Java, Swift, Kotlin)

WORK EXPERIENCE AND/OR EDUCATION:

Required:

* Strong, effective written and oral communications skills
* Ability to clearly communicate pragmatic security risk and remediation recommendations to technical (e.g. developers) and non-technical audiences
* Ability to work independently with minimal supervision

Preferred:

* College degree in relevant fields or equivalent professional experience
* Software development background
* Active certification preferred (e.g. OSCP, OSWE, CSSLP, CISSP)

CC