Homeoffice Lead Cyber Security Engineer bei Tyson Foods

Internal Management & Management Support Applicants:

Automatic notification to your current manager will be initiated upon selection for interview. This applies to all current P or M level candidates.

Relocation Assistance Eligible:

Referral Payout Eligible:

Continue growing with our family. 

Our team members make it happen. If you want to continue to grow in a new role internally and see a position that looks right for you, we encourage you to apply!

Thanks for your commitment to Tyson Foods. 

Management Level:

Lead the evaluation, design, and implementation of application security technologies, ensuring integration with CI/CD pipelines for automated security testing. Promote secure coding practices, develop and enforce secure coding guidelines (e.g. OWASP or SANS), and create comprehensive training materials for developers. Deliver training sessions on secure coding practices, threat modeling, and vulnerability management. Perform internal application security assessments, conduct penetration testing using tools like Burp Suite, OWASP ZAP, and Metasploit, and identify, report, and mitigate security vulnerabilities. Define and implement organization-wide security policies, standards, and procedures to incorporate security into all phases of the Software Development Life Cycle (SDLC). Collaborate with development teams to integrate security requirements into project plans using project management tools (e.g. JIRA or Confluence) to track progress and ensure timely delivery of security initiatives. Perform risk assessments using methodologies such as STRIDE or DREAD to prioritize security efforts based on business impact and likelihood of exploitation. Lead and participate in secure code reviews for critical applications, providing actionable feedback to developers and ensuring adherence to secure coding practices. Conduct detailed manual and automated code reviews, identifying security flaws and recommending remediation measures. Develop and enhance internal security tools, automating security testing, vulnerability scanning, and reporting. Create custom scripts and tools to streamline security processes and improve vulnerability management and reporting efficiency. Define and maintain base image hardening guidelines for containerized applications, collaborating with DevOps teams and using tools like Aqua Security and Twistlock to define security baselines and ensure containerized applications are secure. Participate in incident response activities related to application security incidents, leading forensic analysis and root cause investigations, and coordinating with response teams to ensure timely remediation and prevention of future incidents. Provide training to development and DevOps teams on secure coding practices, threat awareness, and secure design principles, fostering a security-conscious culture within the organization. Organize regular workshops, training sessions, and security awareness programs to educate teams on the latest security practices and threats. Define and track key performance indicators (KPIs) for application security, monitor progress, report to management, and use metrics to drive continuous improvement. Develop and maintain dashboards and reports to measure security performance, identify trends, and drive improvements. Continuously assess and improve the organization's application security maturity, implementing industry best practices and frameworks (e.g. OWASP or SAMM). Regularly review and update security frameworks, conduct maturity assessments, and implement best practices to enhance the overall security posture. Position reports to Tyson headquarters in Springdale, AR; 100% telecommuting permitted from anywhere in the U.S. 10% Domestic and International travel required.

REQUIREMENTS:

Bachelor’s in Computer Science, Information Technology, Information Systems, Cyber or Technical Engineering, or a related field, and 7 years of experience in application security. Alternatively, will accept a Master’s degree in Computer Science, Information Technology, Information Systems, Cyber or Technical Engineering, or a related field, and 5 years of experience in application security.

Must have work experience in:

• Conducting regular security assessments using automated tools including SonarQube, Checkmarx, and Fortify and manual code reviews to identify security vulnerabilities;
• DevOps methodologies;
• Implementing and managing security tools including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and Interactive Application Security Testing (IAST);
• Using Security Information and Event Management (SIEM) tools including Splunk, QRadar, or LogRhythm to monitor security incidents, respond to security alerts, and perform incident response activities;
• Web application vulnerabilities and business logic flaws;
• Standard Software Development Life Cycle practices; and
• Vulnerability tests, risk analysis, and remediation techniques.

Work Shift:

Tyson is an Equal Opportunity Employer. All qualified applicants will be considered without regard to race, national origin, color, religion, age, genetics, sex, sexual orientation, gender identity, disability or veteran status.

We provide our team members and their families with paid time off; 401(k) plans; affordable health, life, dental, vision and prescription drug benefits; and more.