Senior Security Engineer, DevSecOps

At Bath & Body Works, everyone belongs. We are committed to creating a culture of belonging focused on delivering exceptional fragrances and experiences to our customers. We focus on recruiting, retaining, and advancing top talent. In addition, we work to improve our communities and our planet to help the world live more fully.

As aSenior Application Security Engineer, you will play a pivotal role in shaping the growth of Information Security's (InfoSec) Application Security team, collaborating with engineering teams across all of IT. You will interact with teams early in their processes to define & provide secure technical solutions and establish security standards and pattens. You will be reporting to a Senior Manager on the Governance Risk and Compliance team.

Your responsibilities will include penetration testing, threat modeling, and code reviews. You will also participate in evaluation and integration of DevSecOps tools.

As a key member of the team, you will drive company-wide projects across diverse tech stacks, working with engineering leaders to remediate security challenges. You will define and evolve the technical vision for scaling application security practices across the organization.

This is a remote role.

Responsibilities:

• Lead company-wide security initiatives to address critical security challenges.
• Design and integrate security frameworks into CI/CD pipelines, especially with GitLab.
• Manage the Advanced Container Security (ACS) module within Red Hat OpenShift running on Azure.
• Build and nurture cross-company relationships to achieve security objectives.
• Provide guidance on product security processes and standards.
• Define and expand partnerships with key engineering teams across Bath and Body Works.
• Research and evaluate new technologies to enhance the company's security posture.
• Identify potential threats and vulnerabilities in our systems and data, as well as help develop and implement solutions to safeguard them.
• Enable cross-functional teams to implement security solutions aligned with Trust-by- Design principles.
• Contribute to security education and awareness programs by preparing and delivering training materials across the company.
• Shape strategies to automate and scale application and product security efforts.

Qualifications

Experience:

• 5 years of professional experience in cybersecurity, with a deep background in application development and application security, data encryption, and compliance with security standards, as well as knowledge of network and cloud security.
• Experience in software and infrastructure architecture with a focus on security.
• Extensive experience with common code and network vulnerabilities, their impacts, and remediation strategies.
• Background in writing code in at least one programming language, such as Java, Golang, or C#, and a scripting language like Bash or Python.
• Applied knowledge of cryptography, PKI, TLS, and practical implementations.
• Experience with threat modeling and Secure Software Development Life Cycles.
• Experience operationalizing the discovery of code-level vulnerabilities and improving secure coding practices.
• Experience scanning containers and integrating CI/CD platforms with security tools such as Burpsuite, Checkmarx, Veracode, Webinspect.

*Note: The candidate must pass a coding test.

Education:

• Bachelor’s degree or equivalent experience

Core Competencies:

• Lead with Curiosity & Humility
• Build High Performing Teams for Today & Tomorrow
• Influence & Inspire with Vision & Purpose
• Observe, Engage & Connect
• Strive to Achieve Operational Excellence
• Deliver Business Results

Benefits:

Bath & Body Works associates are the heart of our business. That’s why we’re proud to offer benefits that empower you to Dream Bigger & Live Brighter. Benefits for eligible associates include:

• Robust medical, pharmacy, dental and vision coverage. Plus, access to our onsite wellness center and pharmacy located at the Columbus, OH home office.
• 401k with company match and Associate Stock Purchase program with discount
• No-cost mental health and wellbeing support through our Employee Assistance Program (EAP)
• Opportunity for paid time off and paid parental leave. Plus, access to family and lifestyle programs including an inclusive family building benefit, childcare discounts, and home, auto and pet insurance.
• Tuition reimbursement and scholarship opportunities for post-secondary education programs
• 40% merchandise discount and gratis that encourages you to come back to your senses!

Visit bbwbenefits.com for more details.

The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties and skills required.

We will consider for employment all qualified applicants, including those with arrest records, conviction records, or other criminal histories, in a manner consistent with the requirements of any applicable state and local laws. Please see links: Los Angeles Fair Chance In Hiring Ordinance, Philadelphia Fair Chance Law, San Francisco Fair Chance Ordinance.

We are an equal opportunity employer. We do not make employment decisions based on an individual’s race, color, religion, gender, gender identity, national origin, citizenship, age, disability, sexual orientation, marital status, pregnancy, genetic information, protected veteran status or any other legally protected status, and we comply with all laws concerning nondiscriminatory employment practices. We are committed to providing reasonable accommodations for associates and job applicants with disabilities. Our management team is dedicated to ensuring fulfillment of this policy with respect to recruitment, hiring, placement, promotion, transfer, training, compensation, benefits, associate activities and general treatment during employment.We only hire individuals authorized for employment in the United States.

Application window will close when all role(s) are filled.