WM India · 5 hours ago
Principal Application Security Engineer
Houston, TX, United States
Full-time
Hybrid
Senior Level, Lead/Staff
7+ years expWM is North America’s largest comprehensive waste management environmental solutions provider, and they are seeking a Principal Application Security Engineer to define and drive the application security strategy across the organization. This role involves ensuring secure design and development practices within the software development lifecycle and collaborating with various teams to maintain a robust application security posture.
Information Technology & Services
Responsibilities
Lead the design and implementation of application security architecture and engineering across enterprise applications, partnering with software development, infrastructure, and platform teams to secure cloud-native and on-prem environments
Embed security controls and best practices into CI/CD pipelines and DevSecOps workflows, driving adoption of secure coding standards and threat modeling across engineering teams
Evaluate, implement, and operate application security tooling (e.g., SAST, DAST, IAST, container security and related capabilities), ensuring solutions are effective, scalable, and well-integrated
Define, develop, and maintain application security metrics, reporting, and dashboards to provide visibility to leadership and key stakeholders
Engage and collaborate with third-party vendors to assess and validate the security capabilities of applications and services
Provide guidance and mentorship on application security standards, risk management, and compliance requirements to elevate security maturity across teams
Participate in occasional off-hours support as needed to support troubleshooting or emerging threats
Provides day-to-day management for the Information Protection function, responsible for security technologies utilized to protect WM's data and networks
Participates in WM's Information Security Office leadership team to drive innovative security solutions, and collaboration with other IT and global functions
Responsible for managing the work environment, identifying workforce needs and ensuring performance against expectations, values and vision
Manages security audit and intrusion detection system logs for system and network anomalies and provides highest level analysis
Responds to unique, highly complicated, suspicious or malicious events detected through collection or reported by Help Desk or users
Provides technically advanced remediation and application event support to IT operations and engineering teams
Performs initial computer system forensic investigations and supports fraud investigations
Provides top level analysis, design and support for log collection of firewalls, routers, networks and operating systems
Communicates technical and event assessment results, evaluates engineering and integration initiatives and provides technical expertise to assess security policies, standards and guidelines
Develops, collects and analyzes logs from firewalls, intrusion detection systems, enterprise anti-virus systems and software deployment tools
Reviews and recommends the installation, modification or replacement of hardware or software components
Identifies and addresses any configuration change(s) that impact event collection
Qualification
Required
Education: Bachelor's Degree (accredited) in Computer Science, MIS, Business Administration or similar area of study or in lieu of degree, High School Diploma or GED (accredited) and four years of relevant work experience
Experience: Seven years of prior work experience (in addition to education requirement)
One or more of the following is required: Certified Information Systems Security Professional (CISSP)
One or more of the following is required: Certified Information Systems Auditor (CISA)
One or more of the following is required: Certified Information Security Manager (CISM)
Technically advanced or in-depth knowledge or skills in one or more of the following is required: Fortune 500 experience
Deep understanding of application security principles and secure coding practices
Ability to design and implement security controls in CI/CD pipelines
Strong analytical and problem-solving skills with attention to detail
Excellent communication and collaboration skills to work with cross-functional teams
Ability to produce clear and actionable security reports and dashboards for stakeholders
Ability to create and deliver presentations targeted to either end users or senior management
Experience in several or more of the following application security technologies: SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), IAST (Interactive Application Security Testing), SCA (Software Composition Analysis / open-source dependency scanning), API security (API discovery, auth testing, schema validation, runtime protection), RASP (Runtime Application Self-Protection), Pen-test automation / BAS for apps (continuous validation of controls) and SBOM (software bill of materials) & supply chain security provenance/attestation
Experience in the areas of change control, problem management, incident management troubleshooting security solutions
Ability to handle successfully multiple projects at one time
Benefits
Medical
Dental
Vision
Life Insurance
Short Term Disability
Stock Purchase Plan
Company match on 401K
Paid Vacation
Holidays
Personal Days
Company
WM India
WM India, established in 2013, is the Global Capability Center of WM—North America’s leading environmental services company.
1001-5000 employees
H1B Sponsorship
WM India has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (1)
2023 (3)
2022 (3)
2020 (4)
Funding
Current Stage
Late StageCompany data provided by crunchbase