Staff, Application Security Engineer - Product Security

Walmart•Bentonville, AR

1d•Onsite

About The Position

The Information Security team has the herculean task of assuring that customers can safely shop with peace of mind knowing their data and information will be safe and secure. Solving some of the most unique cybersecurity problems in the industry, our team members share an elevated level of creativity and ingenuity to secure data for the largest retail operation in the world. As part of Product Security, this role plays a critical part in advancing security automation and governance capabilities embedded directly into developer workflows. You will help define, validate, and govern secure architecture, configuration standards, and enterprise control logic across Walmart’s application ecosystem—ensuring automated validation decisions are defensible, risk-aligned, scalable, and audit-ready.

Requirements

Bachelor's degree in computer science, information technology, engineering, information systems, cybersecurity, or related area and 4 years’ experience in application security, or related area at a technology, retail, or data-driven company.
6 years’ experience in application security, or related area at a technology, retail, or data-driven company.
Proven experience partnering with technology and business stakeholders to integrate security early in the product lifecycle.
Deep expertise in OWASP risks, secure coding patterns, and threat modeling, with the ability to define secure-by-default standards and clearly distinguish acceptable risk tradeoffs.
Strong experience governing secure architecture and defining configuration baselines across enterprise environments (e.g., authorization models, database hardening, input validation frameworks).
Demonstrated proficiency designing and validating security controls, mapping them to compliance frameworks, and producing defensible audit evidence.
Experience operationalizing SAST and SCA tooling outputs, assessing misconfiguration risk, and minimizing false positive and false negative validation outcomes.
Experience aligning technical security decisions with enterprise risk modeling and risk acceptance frameworks.
Enjoy solving complex technical challenges while collaboratively partnering to accelerate priority business initiatives on scale.

Nice To Haves

Certification in Security+, GISF, CISSP, CSSP, CASE, or GWEB
Master’s degree in Computer Science, Information Technology, Engineering, Information Systems, Cybersecurity, or related area and 2 years’ experience leading information security or cybersecurity projects
Background in creating inclusive digital experiences, demonstrating knowledge in implementing Web Content Accessibility Guidelines (WCAG) 2.2 AA standards, assistive technologies, and integrating digital accessibility seamlessly.
Knowledge of accessibility best practices and join us as we continue to create accessible products and services following Walmart’s accessibility standards and guidelines for supporting an inclusive culture.

Responsibilities

Leverage your proven experience, passion, and enthusiasm partnering with technology and business stakeholders to integrate security early in the product lifecycle.
Define and govern secure architecture patterns, configuration standards, and enterprise control logic to ensure consistent and scalable security validation across applications.
Develop deep knowledge of products and platforms to define secure-by-default implementation guidance.
Design and validate automated control logic that produces defensible, risk-aligned validation outcomes.
Display strong expertise in threat modeling, penetration/security testing, and code reviews, and collaboratively partner to accelerate priority business initiatives.
Evaluate and operationalize SAST, SCA, and related security tooling outputs to ensure accurate risk detection and reduce misconfiguration exposure.
Serve as a trusted partner for technology and business stakeholders by securely enabling business initiatives through architecture and configuration reviews.
Map security controls to applicable compliance frameworks and ensure validation outcomes generate reliable audit evidence.
Build strong collaborative partnerships with stakeholders that securely accelerate speed to market for the business.
Provide secure design, development, implementation, sustainment, and governance expertise across the application lifecycle.
Effectively document product security standards, validation logic, and governance decisions.
Develop and evolve metrics to measure the efficacy, accuracy, and coverage of automated product security controls.
Mentor and share knowledge with stakeholders and peers to advance secure engineering maturity.
Continually exercise effective communication, writing, and presentation skills.

Benefits

Competitive pay
Performance-based bonus awards
Medical coverage
Vision coverage
Dental coverage
401(k)
Stock purchase
Company-paid life insurance
PTO (including sick leave)
Parental leave
Family care leave
Bereavement
Jury duty
Voting
Short-term disability
Long-term disability
Company discounts
Military Leave Pay
Adoption and surrogacy expense reimbursement
PTO and/or PPTO that can be used for vacation, sick leave, holidays, or other purposes
Live Better U (Walmart-paid education benefit program for full-time and part-time associates)