Principal Application Security Engineer

The Principal Application Security Engineer at Henry Schein is a pivotal role responsible for leading the application security program across various departments including research, development, quality assurance, support, and IT systems. This position requires a blend of high-level strategic thinking and hands-on technical expertise, making it essential for candidates to possess extensive experience in both general security and application development, particularly in secure coding practices. The role is designed for a seasoned professional who can navigate complex security challenges while mentoring junior engineers and influencing technical decisions within the organization. In this role, you will be tasked with advising on the design of secure products and architectures, performing architecture security reviews, and conducting security-focused code reviews. You will also be responsible for creating and approving documentation that outlines the application security program, which includes developing secure coding policies and modifying the Software Development Life Cycle (SDLC) to incorporate necessary security checkpoints. Your ability to evaluate potential security issues and recommend third-party tools will be crucial in maintaining the integrity of the application security framework. Collaboration is key in this position, as you will work closely with engineering and product teams to design and implement security-related systems and functionalities. This includes writing secure code and verifying threat models to assess risk and security posture. Continuous monitoring of software usage and performing forensics to ensure compliance with security standards will also be part of your responsibilities. Staying abreast of developments in systems, web application, and client application security will enable you to provide direction on security trends and anticipate emerging standards. As a leader, you will guide security resources and influence development, systems, support, and quality assurance teams. Participation in public security projects and volunteering your expertise to enhance the broader security community will be encouraged, aligning with the company's mission and goals. You will also attend necessary meetings to ensure seamless product delivery as part of the software development lifecycle.