TJX Manager of Application Security in Marlborough, Massachusetts
Manager of Application Security
Brand: TJX Corporate
Marlborough, MA, US
Employment Type: Full-Time
Employment Status: Regular
Functional Area: IT
Discovery is at the heart of everything we do. Wherever you find us around the world, if you can think of a product, you can probably find it in our stores, which include TJ Maxx, Marshalls, HomeGoods, Sierra, Winners, Homesense, and TK Maxx. With variety comes plenty of happy surprises—our environment is ever-changing, and that’s just how we like it. Every day is an opportunity to discover something new about our business, our partnerships and even something exciting about yourself. Ready to Discover Different?
Posting Notes: Marlborough || MA
TJX Companies, Inc. is seeking a highly skilled Manager of Application Security to help build in Security into TJX Applications. A successful candidate will be a security evangelist who can translate security concepts into language that is meaningful to many audiences, including business and technical leaders and individual contributors. Candidates must be able to approach application security from the perspective of risk management and avoid purely academic thinking about software security. In this role, you are responsible for the security governance and ensure adherence application security control and risk analysis of the Organization’s applications in System Development Process/SDLC. This includes internally developed applications, 3rd party developed application, COTS, and Open Source Software (FOSS). Demonstrable ability to influence decision‐making processes at all levels of a large organization will be critical to success. Candidates must have strong leadership skills and be effective managers of highly technical individuals. Candidates must have excellent verbal and written communication skills, including experience speaking in public forums and writing/contributing to technical publications.
Integrating security tools, standards, and processes into the TJX Solution Delivery Process (SDP)/SDLC .
Collaboratively work to ensure developers and product teams are trained with the appropriate level of security knowledge to perform their daily activities.
Improving and supporting application security tool deployments, including SAST, DAST, SCA/OSS, and other runtime testing tools.
Improving and maintaining secure development standards.
Supporting the incident response and architecture review processes whenever application security expertise is needed.
Managing application framework guidance and implementation into DevSecOps toolchains and security improvement projects.
Supporting Vendor Security activities to ensure 3rd‐party software and development meets TJX security standards.
Providing security requirements for test‐driven design.
Manage and update Key Performance Indicators (KPI’s) for the Application Security Assurance Program
Familiar with agile development processes and have experience integrating secure development practices into Agile and DevSecOps models.
Must have familiarity with a variety of development and testing tools, including: Eclipse, GIT, JIRA, Subversion, Maven, FindBugs, Veracode, Jfrog Xray, Azure DevOps, and OpenSource Testing tools.
Must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, SANS Top 25, and CWE 25 to any audience, and discuss effective defensive techniques.
Must have experience managing $1M+ budgets and planning multi‐year roadmaps. Familiarity with industry standards and regulations including PCI, FTC, SOX, NIST and ISO27001 is desired.
Minimum of 10+ years of related experience
Bachelor's degree preferred with Masters or equivalent experience
Must have strong interpersonal skills to work with different teams within and outside of the organization
Good understanding the Software Development Life Cycle Methodologies such as Agile
Exposure to the Application Security Vulnerabilities (as listed in OWASP Top 10), Security Testing methodologies and related tools such as Fortify, WebInspect, BurpSuite.
Project Management Certification such as PMI a plus. Technical certifications such as CISSP, CISM a positive.
Come Discover Different at TJX. From opportunity and teamwork to growth, we think you’ll find that it’s so much more than a job. When you’re a part of our global TJX family, you have the full support of a diverse, close-knit group of people dedicated to finding great deals and fantastic style. Best of all? They have a lot of fun doing it.
We care about our culture, but we also prioritize the tangible stuff (Competitive salaries: check. Solid benefits: check. Plenty of room for advancement: of course). It’s our way of empowering you to make your career here. We consider all applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, gender identity and expression, marital or military status. We also provide reasonable accommodations to qualified individuals with disabilities in accordance with the Americans with Disabilities Act and applicable state and local law.
Posting Notes: Marlborough || MA