Massachusetts Information Technology Jobs

Search for Jobs in Information Technology
MassHire JobQuest Logo

Job Information

TJX Manager of Application Security in Marlborough, Massachusetts

Manager of Application Security

Brand: TJX Corporate

Location:

Marlborough, MA, US

Employment Type: Full-Time

Employment Status: Regular

Functional Area: IT

Discovery is at the heart of everything we do. Wherever you find us around the world, if you can think of a product, you can probably find it in our stores, which include TJ Maxx, Marshalls, HomeGoods, Sierra, Winners, Homesense, and TK Maxx. With variety comes plenty of happy surprises—our environment is ever-changing, and that’s just how we like it. Every day is an opportunity to discover something new about our business, our partnerships and even something exciting about yourself. Ready to Discover Different?

Posting Notes: Marlborough || MA

TJX Companies, Inc. is seeking a highly skilled Manager of Application Security to help build in Security into TJX Applications. A successful 
 candidate 
 will 
 be 
 a security 
 evangelist 
 who 
 can translate 
 security 
 concepts 
 into 
 language 
 that 
 is 
 meaningful 
 to 
 many 
 audiences, including 
 business 
 and 
 technical 
 leaders 
 and 
 individual 
 contributors. 
 Candidates 
 must 
 be able 
 to 
 approach 
 application 
 security 
 from 
 the 
 perspective 
 of 
 risk 
 management 
 and 
 avoid 
 purely 
 academic 
 thinking 
 about 
 software 
 security. 
 In this role, you are responsible for the security governance and ensure adherence application security control and risk analysis of the Organization’s applications in System Development Process/SDLC. This includes internally developed applications, 3rd party developed application, COTS, and Open Source Software (FOSS). Demonstrable 
 ability 
 to 
 influence 
 decision‐making 
 processes 
 at 
 all 
 levels 
 of 
 a 
 large 
 organization 
 will 
 be 
 critical 
 to 
 success. Candidates 
 must 
 have 
 strong 
 leadership 
 skills 
 and 
 be 
 effective 
 managers 
 of 
 highly 
 technical 
 individuals. Candidates 
 must 
 have 
 excellent 
 verbal 
 and 
 written 
 communication 
 skills, 
 including 
 experience 
 speaking 
 in 
 public 
 forums 
 and 
 writing/contributing 
 to 
 technical 
 publications. 


Key Responsibilities:

  • Integrating 
 security 
 tools, 
 standards, 
 and 
 processes 
 into 
 the 
 TJX Solution Delivery Process (SDP)/SDLC .

  • Collaboratively work to ensure developers 
 and 
 product teams 
 are 
 trained 
 with 
 the 
 appropriate 
 level 
 of 
 security 
 knowledge 
 to 
 perform 
 their 
 daily 
 activities.

  • Improving 
 and 
 supporting 
 application 
 security 
 tool 
 deployments, 
 including 
 SAST, DAST, SCA/OSS, and other runtime 
 testing 
 tools.

  • Improving 
 and 
 maintaining 
 secure 
 development 
 standards.

  • Supporting 
 the 
 incident 
 response 
 and 
 architecture 
 review 
 processes 
 whenever 
 application 
 security 
 expertise 
 is 
 needed.

  • Managing 
 application 
 framework guidance and implementation into DevSecOps toolchains and 
 security 
 improvement 
 projects.

  • Supporting 
 Vendor 
 Security 
 activities 
 to 
 ensure 
 3rd‐party 
 software 
 and 
 development 
 meets 
 TJX 
 security 
 standards.

  • Providing 
 security 
 requirements 
 for 
 test‐driven 
 design.

  • Manage and update Key Performance Indicators (KPI’s) for the Application Security Assurance Program

  • Familiar 
 with 
 agile 
 development 
 processes 
 and 
 have 
 experience 
 integrating 
 secure 
 development 
 practices 
 into 
 Agile and DevSecOps 
 models.

  • The 
 ideal 
 candidate 
 has 
 experience 
 writing 
 and 
 testing 
 web 
 applications 
 and 
 web 
 services 
 in 
 the 
 following 
 programming 
 languages: 
 C/C++, 
 Java, 
 and 
 JavaScript. 


  • Must 
 have 
 familiarity 
 with 
 a 
 variety 
 of 
 development 
 and 
 testing 
 tools, 
 including: Eclipse, 
 GIT, 
 JIRA, 
 Subversion, 
 Maven, FindBugs, 
 Veracode, Jfrog Xray, Azure DevOps, and OpenSource Testing tools. 


  • Must 
 be 
 able 
 to 
 explain 
 all 
 vulnerabilities 
 and 
 weaknesses 
 in 
 the 
 OWASP 
 Top 
 10, 
 SANS Top 25, 
 and 
 CWE 
 25 
 to 
 any 
 audience, 
 and 
 discuss 
 effective 
 defensive 
 techniques.

  • Must have 
 experience 
 managing 
 $1M+ 
 budgets 
 and 
 planning 
 multi‐year 
 roadmaps. Familiarity 
 with 
 industry 
 standards 
 and 
 regulations 
 including 
 PCI, FTC, 
 SOX, 
 NIST and 
 ISO27001 
 is 
 desired.

    Qualifications:

  • Minimum of 10+ years of related experience

  • Bachelor's degree preferred with Masters or equivalent experience

  • Must have strong interpersonal skills to work with different teams within and outside of the organization

  • Good understanding the Software Development Life Cycle Methodologies such as Agile

  • Exposure to the Application Security Vulnerabilities (as listed in OWASP Top 10), Security Testing methodologies and related tools such as Fortify, WebInspect, BurpSuite.

  • Programming experience (C/C++, Java/J2EE, JavaScript, AJAX, PHP, Visual Studio etc.,) will be an added advantage.

  • Project Management Certification such as PMI a plus. Technical certifications such as CISSP, CISM a positive.

Come Discover Different at TJX. From opportunity and teamwork to growth, we think you’ll find that it’s so much more than a job. When you’re a part of our global TJX family, you have the full support of a diverse, close-knit group of people dedicated to finding great deals and fantastic style. Best of all? They have a lot of fun doing it.

We care about our culture, but we also prioritize the tangible stuff (Competitive salaries: check. Solid benefits: check. Plenty of room for advancement: of course). It’s our way of empowering you to make your career here. We consider all applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, gender identity and expression, marital or military status. We also provide reasonable accommodations to qualified individuals with disabilities in accordance with the Americans with Disabilities Act and applicable state and local law.

Posting Notes: Marlborough || MA

DirectEmployers