Principal Application Security Engineer

About the Role

The Principal Application Security Engineer will define and drive the organization’s application security strategy, embedding secure design and development practices into the software development lifecycle and DevSecOps pipelines while collaborating with developers, infrastructure teams, vendors, and security stakeholders. Key duties include designing security architecture for cloud‑native and on‑prem applications, integrating security tools such as SAST, DAST, and IAST into CI/CD pipelines, establishing metrics and dashboards for leadership visibility, and providing mentorship and incident‑response support. The role also manages information‑protection technologies, participates in the Information Security Office leadership team, oversees audit and intrusion‑detection logs, conducts forensic investigations, and guides configuration changes to maintain a robust security posture. • Lead design and implementation of application security architecture across enterprise applications. • Embed security controls and secure coding standards into CI/CD pipelines and DevSecOps workflows. • Evaluate, implement, and operate application security tools (SAST, DAST, IAST, container security, etc.). • Develop and maintain security metrics, reporting dashboards, and visibility for leadership. • Collaborate with third‑party vendors to assess and validate application security capabilities. • Mentor teams on security standards, risk management, and compliance requirements. • Provide off‑hours support for troubleshooting and emerging security threats. • Manage information protection technologies, audit logs, and forensic investigations. • Participate in the Information Security Office leadership to drive innovative security solutions. • Coach and mentor less‑experienced analysts and lead complex systems projects.

Key Responsibilities

• ▸security architecture
• ▸ci/cd security
• ▸security tools
• ▸metrics dashboard
• ▸incident response
• ▸audit logs

What You Bring

Waste Management is undergoing an enterprise‑wide technology transformation to maintain its leadership in a rapidly evolving industry. The company is seeking exceptional IT professionals who want to shape the future of technology at scale. Candidates must have a bachelor’s degree (or equivalent experience) and at least seven years of relevant work, with certifications such as CISSP, CISA, or CISM, and deep expertise in application security principles, secure coding practices, and a range of security testing tools. • Bachelor’s degree in Computer Science, MIS, Business Administration, or equivalent experience. • Minimum seven years of relevant work experience. • Hold a CISSP, CISA, or CISM certification (or one of these). • Deep knowledge of application security principles and secure coding practices. • Experience with SAST, DAST, IAST, SCA, API security, RASP, SBOM, and supply‑chain security tools. • Ability to design security controls in CI/CD pipelines and produce clear, actionable reports and dashboards. • Strong analytical, problem‑solving, communication, and collaboration skills. • Proven ability to manage multiple concurrent projects.

Requirements

• ▸bachelor's
• ▸cissp
• ▸appsec
• ▸sast
• ▸ci/cd
• ▸problem solving

Benefits

Based onsite in Houston Monday‑through‑Thursday with a flexible Friday, the position offers a competitive total compensation package that includes medical, dental, vision, life insurance, short‑term disability, a 401(k) match, stock purchase plan, paid vacation, holidays, and personal days, all within a people‑first, sustainable culture. • Medical, dental, vision, life insurance, and short‑term disability coverage. • 401(k) match and employee stock purchase plan. • Paid vacation, holidays, and personal days. • Flexible work‑from‑home day on Fridays. • Onsite work Monday‑Thursday at Houston headquarters.

Work Environment

Office Full-Time