Senior Application Security Engineer

Apply Now

C.H. Robinson is seeking a skilled Senior Application Security Engineer to join our Information Security team. In this critical role, you'll act as a key Application Security Consultant throughout the software development lifecycle. Working closely with geographically dispersed software engineering teams and security champions, you'll provide invaluable security expertise and lead efforts in vulnerability remediation. Your responsibilities will extend to engaging in threat modeling, conducting security testing, producing security metrics and reports for the Technology leadership team, and driving the implementation of security enhancements for C.H. Robinson’s digital products and applications. As the Senior Application Security Engineer, you'll serve as an expert in various aspects of information security services, technology, and application, including information asset (data) security, internal and external network security, application system security design and development, security administration, and risk management. Apply now to be a key player in our commitment to robust cybersecurity practices as we connect the world!

C.H. Robinson solves logistics problems for companies across the globe and across industries, from the simple to the most complex. With $28 billion in freight under management and 2.5X larger than the next largest North American freight broker, we are one of the world’s largest logistics platforms with our 100,00 customers and 85,000 contract carriers. Our global suite of services accelerates trade to seamlessly deliver the products and goods that drive the world’s economy. Our technology is built by and for supply chain experts to bring faster, more meaningful improvements to our customers’ businesses.

Responsibilities:

• Serve as a security subject matter expert consultative with the development teams through the software engineering process – including security reviews/remediation at various stages of the Software Development Lifecycle (SDLC)
• Build strong partnerships with engineering teams, offering expertise in security best practices and playing a pivotal role in vulnerability remediation
• Conduct threat modeling, architecture reviews, and application testing to identify critical vulnerabilities, communicate findings to team members, and lead the implementation of mitigations
• Research and recommend procedural and system changes for enhanced application and data security, staying updated on emerging technologies and current security risks to support ongoing security enhancement and development efforts
• Maintain situational awareness of trends in cybersecurity threats and specific C.H. Robinson organizational threats
• Implement tools to test and enforce application security policy as part of the DevSecOps pipeline
• Automate security processes to minimize manual work and coordinate, participate in, and manage application security projects
• Leverage your interpersonal skills and subject matter expertise to build trust, influence, and provide exceptional customer service to internal stakeholders
• Engage in a 24x7 on-call support rotation to ensure seamless and responsive assistance

Required Qualifications:

• 5+ years of experience in a combination of web application security, secure software development, and cloud security (Azure)
• A solid grounding in information security principles, web application security and API security
• Experience in SAST ( Sonarqube, CodeQL, Semgrep), DAST tools(Burp, etc..), SCA tools (Software Composition Analysis), Secret Scanners’ and cloud security posture management tools ( Prisma cloud, Wiz ), and Container security scanners
• Ability to perform technical analysis of complex software, systems, and underlying infrastructure environments
• Good understanding of Application Security Posture Management tools, categorizing and prioritizing vulnerabilities based on the business context and validation
• Exception tracking, reporting, and drive to closure
• The ability to deliver to aggressive deadlines while working on complex projects across multiple groups and geographies
• Excellent collaboration and communication skills – the ability to learn swiftly, be a self-starter, and partner with cross-functional teams to gain trust and influence
• Proactive, accountable, autonomous, and solutions-oriented
• Bachelor’s degree or equivalent work experience and a high school diploma/GED

Preferred Qualifications:

• Experience with DevSecops, including secure CI/CD pipeline design and architecture, automation, and secure code gating
• Experience integrating security tools into CI/CD pipelines (i.e., Jenkins/Azure DevOps)
• Experience securing Linux server and container orchestration environments (Kubernetes)
• Good understanding of Windows server security
• Experience securing cloud IAAS and PAAS environments (Azure, Google Cloud, AWS)
• Experience with HashiCorp Vault, Consul, and Terraform
• Experience with Okta, Azure AD, OAuth 2.0, OIDC
• Knowledge of SonarQube, CodeQL, GitHub Actions, GitHub Advanced Security
• Experience establishing and utilizing measurements, processes, and metrics to manage support activities
• Experience with encryption technologies and methods
• Knowledge of mobile applications and device security (iOS/Android)
• Experience with C#, JavaScript, and Node.js development.
• Strong scripting skills (Python, PowerShell, Shell script)
• Values a diverse and inclusive work environment

Compensation Range

$92,000.00 - $203,900.00

The base pay range displayed on each job posting reflects the minimum and maximum base pay for the position across all U.S. locations. Your individual base pay within this range is determined by work location, which takes into account geographic cost of labor, and additional factors, including job-related skills, experience, and relevant education or training. During the hiring process, your recruiter will provide more details about the specific base pay for your location. Compensation details listed in this posting reflect the base pay only and do not include additional variable compensation.

Questioning if you meet the mark? Studies have shown that women and people of color may be less likely to apply unless they match the job description exactly. Here at C.H. Robinson, we’re building a diverse and inclusive workplace where all employees feel they belong. If this position excites you, we welcome you to apply whether you check all the preferred qualifications or just a few. You may just be our next great fit!

Equal Opportunity and Affirmative Action Employer

C.H. Robinson is proud to be an Equal Opportunity and Affirmative Action employer. We believe in equality for all and celebrate the diversity of our employees, customers and communities. We believe this increases creativity and innovation, drives business growth and enables engaged and thriving teams. We’re committed to providing an inclusive environment, free from harassment and discrimination, where all employees feel welcomed, valued and respected.

Why Do You Belong at C.H. Robinson?

Standing out among the world’s largest logistics platforms, C.H. Robinson solves logistics problems for companies across the globe and across industries, from the simple to the most complex. For 100+ years, our global suite of services has innovated trade to seamlessly deliver the products and goods that drive the world’s economy. With 20 million shipments annually for 100,000 customers, and millions of dollars contributed to support causes that matter to us, our people and technology literally move the world.

As a FORTUNE 200 company, FORTUNE has also named C.H. Robinson one of the World’s Most Admired Companies 2022. Headquartered in Eden Prairie, Minnesota, we are proud to be recognized as one of LinkedIn’s Top Companies in Minneapolis-St. Paul 2021. And we’re not stopping there… Join us as we collaborate, innovate, and work as one global team to make life better and more sustainable for our customers, communities, and world.