Job description
Overview
Here at Discount Tire, we celebrate the spirit of our people with extraordinary pride and enthusiasm. Our business has been growing for more than 60 years and now is the best time in our history to join us. We are opening more locations every year and we are always looking for qualified individuals to join us in our growth. We are a company that promotes from within, both in our retail and corporate operations.
Under minimal supervision, the Senior Application Security Engineer plays a critical role in establishing and maturing Discount Tire’s enterprise application security program. Partners closely with our Enterprise Cybersecurity, Cloud Security, and Software Engineering teams to ensure that applications, APIs, and underlying infrastructure are securely designed, built, and operated. Drives security enablement across the software development lifecycle while also managing and improving our application security toolchain and automation pipelines.
Essential Duties and Responsibilities:
• Lead the establishment, implementation, and continuous improvement of the enterprise Application Security program.
• Manage and administer application security platforms including Fortify, Trivy, and Wiz.
• Develop and maintain processes for application vulnerability scanning, triage, and remediation tracking.
• Partner with DevOps and Engineering teams to integrate application security controls and tooling into CI/CD pipelines.
• Define standards and best practices for secure development, container hardening, and software composition analysis (SCA).
• Collaborate with Cloud Security and Infrastructure teams to ensure consistent coverage across workloads and environments.
• Prioritize and manage application vulnerability findings, working with product owners and development teams to validate and resolve issues.
• Build and maintain key performance indicators (KPIs) and metrics to measure program effectiveness and risk reduction.
• Coordinate and participate in security incident investigations involving application vulnerabilities or exploits.
• Serve as a subject matter expert and advocate for secure development practices across the enterprise.
• Contribute to enterprise risk assessments, audits, and compliance initiatives related to application security.
• Other duties as assigned.
Qualifications:
• This position requires a minimum of 5 years’ experience in Information Security with at focus on Application Security or DevSecOps.
• Hands-on experience administering and integrating security tools such as Fortify, Trivy, and Wiz.
• Strong understanding of application security principles, common vulnerabilities (OWASP Top 10, SANS CWE), and secure configuration practices.
• Experience automating security scans and controls within CI/CD pipelines (e.g., Bitbucket Pipelines, GitHub Actions, Jenkins, GitLab CI).
• Working knowledge of cloud platforms (AWS, Azure) and containerized environments (Docker, Kubernetes).
• Experience with vulnerability management, prioritization, and risk-based remediation workflows.
• Excellent communication and collaboration skills with the ability to influence technical and non-technical stakeholders.
• Demonstrated ability to operate independently in a greenfield or rapidly maturing environment.
• Strong analytical and problem-solving skills, with a focus on measurable risk reduction and program maturity.
Educational Requirements:
• Bachelor's degree in Computer Science, Information Security, or a related field or equivalent experience is required.
• This position requires certification within the Information Security or IAM fields or within six (6) months of hire. Okta certification is preferred
Work Days:
Normal work days are Monday through Friday. Occasional Saturdays and Sundays may be necessary.
Work Hours:
Normal work hours are 8:00 a.m. to 5:00 p.m. Additional hours may be necessary.
Discount Tire provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local law.
Requirements
• This position requires a minimum of 5 years’ experience in Information Security with at focus on Application Security or DevSecOps
• Hands-on experience administering and integrating security tools such as Fortify, Trivy, and Wiz
• Strong understanding of application security principles, common vulnerabilities (OWASP Top 10, SANS CWE), and secure configuration practices
• Experience automating security scans and controls within CI/CD pipelines (e.g., Bitbucket Pipelines, GitHub Actions, Jenkins, GitLab CI)
• Working knowledge of cloud platforms (AWS, Azure) and containerized environments (Docker, Kubernetes)
• Experience with vulnerability management, prioritization, and risk-based remediation workflows
• Excellent communication and collaboration skills with the ability to influence technical and non-technical stakeholders
• Demonstrated ability to operate independently in a greenfield or rapidly maturing environment
• Strong analytical and problem-solving skills, with a focus on measurable risk reduction and program maturity
• Bachelor's degree in Computer Science, Information Security, or a related field or equivalent experience is required
• This position requires certification within the Information Security or IAM fields or within six (6) months of hire
• Normal work hours are 8:00 a.m. to 5:00 p.m. Additional hours may be necessary
