H-E-B is one of the largest, independently owned food retailers in the nation operating over 400 stores throughout Texas and Mexico, with annual sales generating over $25 billion. Described by industry experts as a daring innovator and smart competitor, H-E-B has led the way with creative new concepts, outstanding service and a commitment to diversity in our workforce, workplace and marketplace. H-E-B offers a wealth of career opportunities to our 109,000+ Partners (employees), competitive compensation and benefits program and comprehensive training that lead to successful careers.  

H-E-B is one of the largest, independently owned food retailers in the nation operating over 400 stores throughout Texas and Mexico, with annual sales generating over $25 billion. Described by industry experts as a daring innovator and smart competitor, H-E-B has led the way with creative new concepts, outstanding service and a commitment to diversity in our workforce, workplace and marketplace. H-E-B offers a wealth of career opportunities to our 109,000+ Partners (employees), competitive compensation and benefits program and comprehensive training that lead to successful careers. 

This is an exciting time to join H-E-B Digital - we’re using the best available technologies to deliver modern, engaging, reliable, and scalable experiences to meet the needs of our growing audience. 

Our Partners thrive The H-E-B Way. As a Staff Engineer, you would have a…

HEART FOR PEOPLE… you have a passion for mentorship and guidance, and love for the direct person-to-person interactions that create strong bonds between teams

HEAD FOR BUSINESS… you have an ownership mentality and a consistent track record of timely delivery of high-quality software

PASSION FOR RESULTS… the ability to guide the discussion, remove roadblocks, and provide guardrails for your team as they identify challenges and propose solutions

What you’ll do at HEB: 

As an Application Security Engineer, you will work closely with Product Design, Software Engineering, Production Operations, and other members of the Security group to maintain and enhance the security of our mobile, web, and server software applications. This work involves several technology stacks and multiple hardware platforms.

• Innovate and create processes, software and tooling that continuously improve the availability, scalability, latency, and efficiency
• Work with team to create and change processes and tools to ensure the software release pipeline flows smoothly and safely
• Develop secure enterprise-grade solutions for cloud architecture that communicates to third-party apps as well as on-prem apps
• Instill and foster DevSecOps and SRE culture to entire engineering team
• Cultivates a “security first” and “test first” approach to development
• Reviews and recommends changes to improve performance, usability, and security of applications, tools, or infrastructure
• Implement disaster recovery solution for production environment
• Implement robust backup/retention strategy as well as logging and tracking
• Identify security vulnerabilities in applications written Java, Python, and NodeJS for modern versions of Linux and Windows via code reviews and reverse engineering.
• Maintain current knowledge of relevant vulnerabilities and mitigation techniques.
• Measure and monitor compliance against standards while working with team on fixing issues or vulnerabilities   

Who You Are

• Bachelor's degree with 7+ years relevant work experience.
• 3-5 years of experience (preferred) of Agile and DevSecOps methodologies
• Strong knowledge of build systems, the microservices model, and continuous integration/deployment practices.P services preferred
• Strong understanding of Cloud IAM best practices and RBAC within a containerized ecosystem
• Strong experience in several modern languages (JavaScript, Java, Python, etc.) with expertise to design, develop, troubleshoot, debug, and implement high quality code
• Knowledge of public cloud platforms, Google Cloud preferred
• Knowledge of SDLC practices.
• Ability to perform comprehensive code reviews.
• Experience with modern development tools such as Visual Studio, GCC, Git, Gitlab, or Jenkins.
• Experience with automation and dev-ops technologies (such as puppet, terraform, ansible, etc.)
• Awareness of security standards and frameworks with an emphasis on HIPPA

 
DEVS3232