Chewy is seeking a Principal Application Security Engineer to join an established technology team in Boston, MA, Minneapolis, MN, Dallas, TX or Plantation, FL. At Chewy, it is our mission to be the most trusted and convenient destination for pet parents (and partners) everywhere. We have evolved into an innovative Fortune 500 industry leader. The Information Security team’s core objective is to relentlessly protect the digital identities of Chewy’s pet parents and team members, ensuring confidentiality, availability and integrity of all data entrusted to us. This technical leader will work across multiple teams, influencing decisions and owning several services and/or products within the Information Security organization, while developing and executing highly complex and ambiguous implementations. They will partner with stakeholders across the enterprise on various initiatives and collaborate to deliver new features and enhancements. They will lead across large organizations and/or business units, spanning across several teams to influence new technologies companywide. We continue to grow and always Think Big about new innovative ideas, while consistently exploring opportunities to differentiate ourselves in the industry.

What You’ll Do:

• Analyze potential threats and vulnerabilities to our systems, applications, and processes through the lens of the secure software development lifecycle.
• Create best practices, develop metrics, and mechanisms to influence design, development, testing and implementation of software functionality, scalability, and security in software development.
• Comprehensively assess the security posture of modern and scalable distributed software systems on public and private clouds.
• Evaluate business drivers and align with stakeholders to define secure architectures and success criteria for new products; Will mentor software development teams on creating technical solutions for those products.
• Advise software development teams and stakeholders on how best to implement security features and enhancements in CI/CD pipelines.
• Collaborate to identify, isolate, and resolve the most complex security challenges in software and services across a highly distributed operating environment.
• Perform threat modeling of applications and services to identify potential risks and provide recommendations for mitigation.
• Create architectural paradigms, instruct the organization on their use, and design mechanisms to enable tracking and adherence to security standards in software development.
• Mentor and coach team members across organizations on secure software development practices.

What You’ll Need:

• Bachelor's degree or higher in Computer Science, Computer Information Systems, or similar; or equivalent experience
• 15+ years' combined experience in software engineering or application security architecture including the ability to perform independent analysis and owning components and services from design through implementation.
• Experience creating design patterns and technology spanning ecosystems and influencing across multiple teams.
• Experience developing and guiding secure, scalable, enterprise-level architecture and initiatives for software built on technologies including Java, Spring Boot, JSON, AngularJS, Tomcat, HTML5, CSS3, Spring MVC, SOAP/HTTP, REST, etc.
• Experience working with public cloud technologies such as AWS, Azure, or GCP
• Strong analytical and leadership abilities
• Experience transforming business visions to scalable solutions for the organization.
• Experience creating and designing architectural paradigms and guiding organization on best use and practices.
• Experience influencing stakeholders and business leaders in an org-wide capacity.
• Experience mentoring and coaching team members.
• Ability to balance multiple priorities at a given time.
• Must be team oriented and have a customer first mindset.
• Position may require travel, 10% or less.

Bonus (if applicable):

• Experience working in e-commerce.
• Experience in PCI and SOX environments, or the NIST CSF framework
• 5+ years acting in a technical lead capacity.
• Experience leading technical teams in the development and delivery of projects
• Experience with any of the following: Terraform, Agile/Scrum, open-source technologies, continuous integration using Jenkins, Kubernetes
• Experience with Service-Oriented Architecture
• Familiarity with web application security testing methodologies and tools such as Burp, Zap, StackHawk, AppSec Insight etc.