Principal Application Security Engineer

The Principal Application Security Engineer at Henry Schein is a pivotal role responsible for leading the application security program across various departments including research, development, quality assurance, support, and IT systems. This position requires a blend of high-level strategic thinking and hands-on technical expertise, necessitating a strong background in general security practices, application development, and secure coding methodologies. The engineer will be instrumental in shaping the security landscape of the organization by developing, implementing, and maintaining robust security protocols and practices. In this role, you will mentor junior engineers, guiding them through technical decisions and best practices while effectively communicating complex security concepts. You will also advise on the design of secure products and architectures, perform security reviews, and conduct security-focused code assessments. Your responsibilities will include creating and approving documentation that outlines the application security program, which encompasses secure coding policies, procedures, and standards, as well as modifying the Software Development Life Cycle (SDLC) to integrate necessary security checkpoints. You will work closely with engineering and product teams to design and implement security-related systems, ensuring that secure coding practices are adhered to and that threat models and risk assessments are verified. Continuous monitoring of software usage and conducting forensic analysis will be essential to ensure compliance with security standards. Additionally, you will stay abreast of developments in systems, web application, and client application security to guide the organization in adopting emerging standards and best practices. As a leader in the security domain, you will provide guidance and direction to various teams, influencing development, systems, support, and quality assurance efforts. Participation in public security projects and volunteering your expertise to enhance the broader security community will also be part of your responsibilities. You will attend necessary meetings to ensure the seamless delivery of products throughout the software development lifecycle.