UNFI · 4 hours ago
Cybersecurity Engineer Sr- Application Security
United States
Full-time
Remote
Senior Level
6+ years expUNFI is seeking a Senior Cybersecurity Engineer specializing in Application Security to protect their software applications from threats. The role involves embedding security practices into the software development lifecycle and collaborating with various teams to identify vulnerabilities and promote a culture of security.
Food and BeverageHealth CareHospitalityOrganic Food
Responsibilities
Conduct security-focused code reviews, static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and interactive application security testing (IAST)
Triage and prioritize findings from automated security scans and penetration testing results; provide actionable remediation guidance to developers
Collaborate with software development teams to integrate security tools and best practices into CI-CD pipelines (e.g., secret scanning, dependency checking, secure coding standards)
Develop and maintain security tools, scripts, frameworks, and automation to scale application security efforts
Support vulnerability assessments, penetration testing, and red team exercises on applications
Provide security consulting and training to development teams on secure coding practices, common vulnerabilities (e.g., OWASP top 10), and emerging threats
Monitor emerging application security trends, vulnerabilities (e.g., CVEs), and attack techniques; contribute to incident response when application exploits occur
Ensure applications align with relevant standards and regulations (e.g., NIST, OWASP, PCI-DSS, SOC 2)
Create and update security documentation, policies and threat models as needed
Compiles and analyzes data for management reporting and metrics as directed
Demonstrates expert-level knowledge and skills in the technical, process, organizational, and philosophical aspects of application security
Performs other duties as assigned
Qualification
Required
BA/BS in Computer or Cybersecurity domain
Relevant certifications such as OSCP, GWAPT, CSSLP, CEH, CISSP, or cloud security certs (e.g., AWS Security Specialty)
6+ years of experience in application security, secure software development, penetration testing, or related cybersecurity roles, in a large, highly diverse, and distributed environment
Strong understanding of web application vulnerabilities, OWASP top 10, and secure coding principles
Proficiency in at least one or more programming languages (e.g., Python, Java, JavaScript, C#)
Hands-on experience with AppSec tools such as: SAST: SNYK, Veracode, SonarQube, Checkmarx, CodeQL; DAST: SNYK, OWASP ZAP, Burp Suite, Veracode; SCA: Snyk, Dependabot, Black Duck, OWASP Dependency-Check; Other: Wiz, GitHub Advanced Security, or similar
Familiarity with cloud platforms (AWS, Azure, GCP) and container/orchestration technologies (Docker, Kubernetes)
Experience with DevSecOps practices and integrating security into CI-CD pipelines
Knowledge of secure SDLC methodologies, threat modeling (e.g., STRIDE, PASTA), and secure design patterns
Excellent written, verbal, and interpersonal communication skills – able to explain technical security issues to non-technical stakeholders and collaborate effectively with developers
Analytical mindset with strong problem-solving abilities
Proactive, detail-oriented, and able to manage multiple priorities
Ability to translate technical findings into actionable insights
Ability to mentor junior staff and transfer technical knowledge as well as contribute to the team's knowledge sharing
Strong independent direction and ability to multi-task
Flexible and adaptable to learning and understanding new technologies
Ability to work extremely well under pressure while maintaining a professional image and approach
Team player with proven ability to work effectively with other business units, IT management and staff, vendors, and consultants
Exceptional information analysis abilities: ability to perform independent analysis and distill relevant findings and root cause
Comfortable discussing complex findings and issues with variety of audiences, including C‑suite level
Self-driven and able to reach deadlines on-time with minimal direction
Passion for cybersecurity and staying current with evolving threats
Benefits
Paid Time Off
Sick Time
Paid holidays and parental leave
401K Program
Medical, dental, vision, life, and accidental death/dismemberment insurance
Short-term and long-term disability insurance program
Flexible Spending Account and/or Health Savings Account
Company
UNFI
UNFI is North America’s Premier Food Wholesaler.
10001+ employees
H1B Sponsorship
UNFI has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (6)
2024 (2)
2023 (4)
2022 (4)
Funding
Current Stage
Public CompanyTotal Funding
$507.1M2024-04-25Post Ipo Debt· $500M
2014-07-15Post Ipo Equity· $7.1M
1996-11-01IPO
Leadership Team
Sandy Douglas
Chief Executive Officer
Giorgio Matteo Tarditi
President and CFO
Recent News
Digital Commerce 360
2025-12-17
Company data provided by crunchbase