Staff cyber technical specialist - appsec [t500-21186]

About Albertsons Companies Inc. : As a leading food and drug retailer in the United States, Albertsons Companies, Inc. operates over 2,200 stores across 35 states and the District of Columbia. Our well-known banners across the United States, including Albertsons, Safeway, Vons, Jewel-Osco and others, serve more than 36 million U. S customers each week.

We build and shape technology solutions that solve customers’ problems every day, making things easier for them when they shop with us online or in a store. We have made bold, strategic moves to migrate and modernize our core foundational capabilities, positioning ourselves as the first fully cloud-based grocery tech company in the industry.

Our success is built on a one-team approach, driven by the desire to understand and enhance customer experience. By constantly pushing the boundaries of retail, we are transforming shopping into an experience that is easy, efficient, fun and engaging.

About Albertsons Companies India : At Albertsons Companies India, we're not just pushing the boundaries of technology and retail innovation, we're cultivating a space where ideas flourish and careers thrive. Our workplace in India is a vital extension of the Albertsons Companies Inc. workforce and important to the next phase in the company’s technology journey to support millions of customers’ lives every day.

At the Albertsons Companies India, we are raising the bar to grow across Technology & Engineering, AI, Digital and other company functions, and transform a 165-year-old American retailer. At Albertsons Companies India associates collaborate directly with international teams, enhancing decision-making processes and organizational agility through exciting and pivotal projects. Your work will make history and help millions of lives each day come together around the joys of food and inspire their well-being.

Position Title : Staff Cyber Technical Specialist - App Sec Job Description : Roles & responsibilities :

Monitor, identify, and analyze technical security events to determine severity and appropriate response activities to remediate malicious activity in our environment.

Conduct hands-on work in a range of security tooling related to Application Security and related functions.

Works on problems of diverse scope where analysis of data requires evaluating specific factors.

Communicate emerging application security weaknesses, exploit patterns, and risk scenarios in clear, business-relevant terms.

Assist teams in mitigation and remediation efforts while operating within agile delivery environments.

Apply insight and initiative to raise the standard of secure development and streamline the path from policy to implementation.

Communicate risk and impact associated with cyber events to Information Security leadership and business stakeholders.

Develop and / or consume detailed threat assessments inclusive of threat actor tactics, techniques, and procedures and threat actor technical infrastructure.

Independently complete work tasks with minimal oversight

Experience :

Ability to demonstrate knowledge of OWASP Top 10 and CWE Top 25

Knowledge of application-layer security controls, including authentication and authorization methods, input / output validation and sanitization, and defenses against injection attacks such as SQL or command injection

Understanding of secure cryptographic practices, including appropriate use of encryption algorithms, hashing functions, and protection of data at rest and in motion

Secure coding in Java or. NET web and service development, backed by hands-on programming and IT experience

Experience participating as a member of a team in an agile environment

Experience with the Secure Development Lifecycle

Experience with security tools including SAST, DAST, IDE plugins, decompilers, and threat modeling platforms

Experience with source code repository tools such as Git Hub

Web application penetration testing, ethical hacking, red / blue teaming, or capture-the-flag experience a plus

In-depth advanced knowledge in the MITRE Attack framework and it’s applicability to proactive cyber defense planning as well as response activities

In-depth advanced knowledge of cloud computing and Dev Sec Ops practices.

Ability to analyze event and system logs, perform analysis, and draw conclusions about activity within our environment.

Competencies :

Compassionate and kind, showing courtesy, dignity, and respect. They show sincere interest and empathy for all others.

Foster innovation through creativity to get to a workable solution. Use analytical thinking through issues using logic and reason

Show integrity in what is done and how it is done - without sacrificing personal / business ethics.

Embrace an inclusion-focused mindset, seeking input from others on their work and encouraging the open expression of diverse ideas and opinions

Team-oriented, positively contributing to team morale and willing to help.

Learning-Focused, finding ways to improvise in their field and use positive constructive feedback to grow personally and professionally

Think strategically and proactively anticipate future problems, needs or changes in the work

Must Have Skills : Application Security