application security engineer senior

About The Position

Requirements

• Bachelor's degree in a relevant field or 5+ years of equivalent experience in cybersecurity engineering related roles.
• 6+ years of experience working in an information technology discipline.
• 6+ years of infrastructure / information security experience.
• 4+ years of experience working with infrastructure as code technologies.
• Experience deploying, configuring, and troubleshooting cybersecurity tools in enterprise environments.
• Certifications such as CISSP, CISSM or others focused on cybersecurity, data privacy or information risk management.
• Advanced knowledge of cybersecurity principles and practices
• Experience with technologies such as firewalls, antivirus software, and intrusion detection systems
• Experience with security frameworks and compliance requirements
• Proficiency in implementing and managing security controls and technologies
• Knowledge of network security protocols and concepts
• Familiarity with operating systems and network architectures
• In-depth understanding of enterprise-level cybersecurity strategies, frameworks, and technologies
• Proficiency in conducting security assessments and audits
• Ability to develop and implement security policies and procedures
• Experience in managing and responding security incidents
• Exceptional problem-solving and troubleshooting skills.
• Excellent communication and collaboration skills, with the ability to work effectively with cross-functional teams and stakeholders.
• Advanced experience with at least one modern programming language such as Java, Go, Python, Ruby, C++, or C#.
• Advanced Proficiency interacting with API's and automating tasks using common scripting languages.

Nice To Haves

• Experience performing offensive application security testing across web, mobile, and APIs, including manual testing techniques and secure design review.
• Experience building, operating, or scaling DAST scanning capabilities in an enterprise environment.
• Experience providing AppSec oversight for vendor penetration testing, including scoping, quality review of evidence and reporting, and retest validation.
• Familiarity with vulnerability disclosure workflows, including triage, validation, and partner communications.
• Familiarity working in PCI or other compliance-driven environments where pentesting and evidence requirements are time-bound and auditable.
• Certifications such as OSCP, OSWE, GWAPT, GPEN (or equivalent) are a plus.

Responsibilities

• Own and deliver core AppSec offensive security testing services by executing in-house penetration testing, operating and continuously improving DAST scanning, and providing AppSec oversight for vendor-delivered penetration testing, including compliance-driven testing, to ensure quality, consistency, and risk-based reporting and prioritization.
• Drive application security outcomes by translating findings into clear, actionable remediation guidance across web, mobile, and API services, and partnering with engineering teams to reduce repeat issues and measurably improve risk posture over time.
• Partner and influence across the enterprise by mentoring peers, advising engineering leaders, and contributing as an application security SME during security incidents and for vulnerability disclosure reports, ensuring threats are contained and lessons learned translate into stronger controls.

Benefits

• As a Starbucks partner, you (and your family) will have access to medical, dental, vision, basic and supplemental life insurance, and other voluntary insurance benefits.
• Partners have access to short-term and long-term disability, paid parental leave, family expansion reimbursement, paid vacation from date of hire, sick time (accrued at 1 hour for every 25 hours worked), eight paid holidays, and two personal days per year.
• Starbucks also offers eligible partners participation in a 401(k) retirement plan with employer match, a discounted company stock program (S.I.P.), Starbucks equity program (Bean Stock), incentivized emergency savings, and financial well-being tools.
• Additionally, Starbucks offers 100%25 upfront tuition coverage for a first-time bachelor’s degree through Arizona State University’s online program via the Starbucks College Achievement Plan, student loan management resources, and access to other educational opportunities.
• You will also have access to backup care and DACA reimbursement.
• Starbucks will comply with any applicable state and local laws regarding employee leave benefits, including, but not limited to providing time off pursuant to the Colorado Healthy Families and Workplaces Act, and in accordance with its plans and policies.
• This list is subject to change depending on collective bargaining in locations where partners have a certified bargaining representative.
• For additional information regarding partner perks and more detailed information about benefits, go to starbucksbenefits.com.
• If you are working in CA, CO, IL, LA, ME, MA, NE, ND or RI, you will accrue vacation up to a maximum of 120 hours (190 in CA) for roles below director and 200 hours (316 in CA) for roles at director or above.
• For roles in other states, you will be granted vacation time starting at 120 hours annually for roles below director and 200 hours annually for roles director and above.