Principal Application Security Engineer

In this role, you won’t just support change, you’ll help build programs from the ground up, defining new standards and leading initiatives that modernize how we design, develop, and deploy technology across the business. Your technical expertise, paired with industry best practices, will directly influence how technology aligns with and advances our broader business strategy.

If you're driven to lead, innovate, and leave a lasting impact, you’ll find the opportunity to do your most meaningful work here.

The Principal Application Security Engineer is responsible for defining and driving the application security strategy across the organization. This role ensures secure design and development practices are embedded within the software development lifecycle (SDLC) and DevSecOps pipelines. The architect will lead efforts to implement security tooling, establish reporting frameworks, and collaborate with developers, infrastructure teams, vendors, and security stakeholders to maintain a robust application security posture.

To perform this job successfully, an individual must be able to perform each duty satisfactorily. Other ancillary duties may be assigned.

• Lead the design and implementation of application security architecture and engineering across enterprise applications, partnering with software development, infrastructure, and platform teams to secure cloud-native and on-prem environments.
• Embed security controls and best practices into CI/CD pipelines and DevSecOps workflows, driving adoption of secure coding standards and threat modeling across engineering teams.
• Evaluate, implement, and operate application security tooling (e.g., SAST, DAST, IAST, container security and related capabilities), ensuring solutions are effective, scalable, and well-integrated.
• Define, develop, and maintain application security metrics, reporting, and dashboards to provide visibility to leadership and key stakeholders.
• Engage and collaborate with third-party vendors to assess and validate the security capabilities of applications and services.
• Provide guidance and mentorship on application security standards, risk management, and compliance requirements to elevate security maturity across teams.
• Participate in occasional off-hours support as needed to support troubleshooting or emerging threats.

• Provides day-to-day management for the Information Protection function, responsible for security technologies utilized to protect WM's data and networks.

• Participates in WM's Information Security Office leadership team to drive innovative security solutions, and collaboration with other IT and global functions.

• Responsible for managing the work environment, identifying workforce needs and ensuring performance against expectations, values and vision.

• Manages security audit and intrusion detection system logs for system and network anomalies and provides highest level analysis.

• Responds to unique, highly complicated, suspicious or malicious events detected through collection or reported by Help Desk or users.

• Provides technically advanced remediation and application event support to IT operations and engineering teams

• Performs initial computer system forensic investigations and supports fraud investigations.

• Provides top level analysis, design and support for log collection of firewalls, routers, networks and operating systems.

• Communicates technical and event assessment results, evaluates engineering and integration initiatives and provides technical expertise to assess security policies, standards and guidelines.

• Develops, collects and analyzes logs from firewalls, intrusion detection systems, enterprise anti-virus systems and software deployment tools.

• Reviews and recommends the installation, modification or replacement of hardware or software components

• Identifies and addresses any configuration change(s) that impact event collection.

Will coach and mentor less experienced analysts and act as team leader on more complicated systems projects.

A. Education and Experience

• Education: Bachelor's Degree (accredited) in Computer Science, MIS, Business Administration or similar area of study or in lieu of degree, High School Diploma or GED (accredited) and four years of relevant work experience.

• Experience: Seven years of prior work experience (in addition to education requirement).

B. Certificates, Licenses, Registrations or Other Requirements

One or more of the following is required:

• Certified Information Systems Security Professional (CISSP).

• Certified Information Systems Auditor (CISA).

• Certified Information Security Manager (CISM).

C. Other Knowledge, Skills or Abilities Required

Technically advanced or in-depth knowledge or skills in one or more of the following is required:

• Fortune 500 experience.

• Deep understanding of application security principles and secure coding practices
• Ability to design and implement security controls in CI/CD pipelines
  Strong analytical and problem-solving skills with attention to detail
• Excellent communication and collaboration skills to work with cross-functional teams
• Ability to produce clear and actionable security reports and dashboards for stakeholders
• Ability to create and deliver presentations targeted to either end users or senior management
• Experience in several or more of the following application security technologies: SAST (Static Application Security Testing), DAST (Dynamic
• Application Security Testing), IAST (Interactive Application Security Testing), SCA (Software Composition Analysis / open-source dependency scanning), API security (API discovery, auth testing, schema validation, runtime protection), RASP (Runtime Application Self-Protection), Pen-test automation / BAS for apps (continuous validation of controls) and SBOM (software bill of materials) & supply chain security provenance/attestation
• Experience in the areas of change control, problem management, incident management troubleshooting security solutions
• Ability to handle successfully multiple projects at one time
  

Listed below are key points regarding environmental demands and work environment of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.

• Normal setting for this job is: office setting

• This position is required to be onsite Monday through Thursday at our downtown Houston HQ with a flexible work from home day on Fridays.

Benefits
At Waste Management, each eligible employee receives a competitive total compensation package including Medical, Dental, Vision, Life Insurance and Short Term Disability. As well as a Stock Purchase Plan, Company match on 401K, and more! Our employees also receive Paid Vacation, Holidays, and Personal Days. Please note that benefits may vary by site.

If this sounds like the opportunity that you have been looking for, please click "Apply".