Learn more about this opportunity.


Web Development Security Architect

Function: Technology
Location: Staples Corporate Center, Framingham, MA US
Date posted: 4/30/2018 2:33:36 PM
Type: Full-time
Permanent / Contract: Regular
Job number: 1038838


This is not your typical Security Engineer role. Application Security Engineers at Staples have a deep knowledge of application software development, including automated build and delivery techniques. They focus on the highest-profile mission-critical applications and engage across multiple product teams to guide requirements, design and development of IT applications to improve their essential security. The role is a focal point of expertise in web application defense.


  • Work side-by-side with product teams to understand and mitigate application security threats in critical software components.
  • Work with security industry experts designing application security assessments involving test automation and penetration testing
  • Assist in defining the set of required application security controls for IT Applications and associated standards for their use.
  • Develop application security controls and control frameworks for IT Applications using their native technology sets.
  • Lead the implementation of application security controls by product teams.
  • Provide training and mentoring to product teams on the threat landscape, application security controls, and secure coding practices.

  • Specify application security testing requirements to be included within the applicable testing frameworks.



  • Bachelor’s Degree or related equivalent work experience
  • 10-15 years related work experience in development
  • Experience developing web/mobile applications using common web technologies (Java, Javascript).
  • Familiarity with application security concerns and secure coding practices.
  • Familiarity with PCI, SOX, Privacy and other compliance concerns.
  • Experience working with Agile development methodologies.
  • Experience working with Automated Dev Ops techniques and technologies.
  • Ability to execute analytical problem decomposition and solution design.
  • Strong written and oral skills.
  • Ability to influence and educate application development and product management personnel.  
  • Industry training in web application defense, enterprise defense, and/or penetration testing.
  • Industry certification in the above a plus.
  • Experience with industry standard security scanning tools: SAST/DAST such as IBM AppScan, Checkmarx, Veracode, Fortify, Rapid 7, and development technologies such as: Angular, node.js, C#, .net, Azure, Android and iOS development
  • Demonstrated experience in assessing solution risk via design and code review.
  • Experience in deploying web application components in public cloud environments.
  • Familiarity with cloud-based micro services architectures.  
  • Familiarity with Secure Dev Ops/DevSecOps.
  • OWASP membership and participation a plus


Staples is an Equal Opportunity Employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, disability, or any other basis protected by federal, state, or local law.


There's more to explore