Senior Information Technology Security Engr, Appl ...

Digi-Key is one of the fastest growing distributors of electronic components in the world. In addition to offering the broadest selection of in-stock electronic components and providing the best service possible to customers, employees have access to a highly competitive benefits package. The package includes a comprehensive health insurance plan featuring a low co-pay and no deductible plan as well as dental, vision, life, and long-term disability coverage; flexible spending accounts; competitive paid time off; relocation assistance; 401(k) and profit sharing; and education advancement. To learn more, visit our benefits and perks page.Position OverviewThe Sr. AppSec Security Engineer is responsible for driving maturity in SSDLC-based security policies, technologies, and processes including all aspects of the SAMM 2.0 framework (governance, construction, verification and deployment). This role will collaborate closely with Architecture, Platform Tooling, Site Reliability Engineering, Agile teams, Infrastructure, and the Security and Privacy team to set the strategy and execute on it. Further, this role will be responsible for validating, prioritizing and working with IT product teams to support them in remediation of vulnerabilities. We are looking for someone who can drive continuous inspection throughout DevOps and be a thought leader to deliver secure business outcomes.This role is expected to embrace change, be a change agent, and in a year from now have changed and automated so much of the role that this job description is no longer accurate. A second mid-level application security engineer role will be posted along with this role. The Sr. is expected to mentor and lead the mid-level. There is an opportunity to add offshore software development resources to the team as appropriate to further drive automation using an API driven approach.We are a security first shop and we leverage guidance from OWASP (The Open Web Application Security Project) to drive our team''s vision. Compliance will come as a biproduct of excellent security practices. This role will wear many hats and will have a material impact on security and privacy at Digi-Key, a 50 year old private Minnesotan company with strong ties to the community and exceptional growth opportunities in the market.This is a remote work opportunity with the need for occasional travel to the Bloomington, MN or Thief River Falls, MN offices.Responsibilities:Must be able to...Operations:Understand the current threat landscape and apply it to the environment using the resources we have or making recommendations to mature the programStrong understanding of the following and how to apply in practice:OWASP Top TenOWASP API Security Top 10OWASP Mobile Top 10OWASP Proactive ControlsOWASP SAMMPlanning:Contribute to roadmap planning efforts and ad hoc adjustments to identify new efforts to pursueCommunication:Use influence and be persuasive with new ideas to help the business meet its goalsPresent results to leaders, architects, product teams, and other internal customersWork with third parties (professional services, support, etc.)Work with scrum masters, IT managers, product owners, developers, testers, etc. to collaborate on securityDocumentation:Create, maintain, and socialize documentationDevelop and/or contribute to: security standards, requirements, and patterns (e.g., API Security Standard, Security Patterns and Reference Architectures, etc.)Nothing in this job description restricts management''s right to assign or reassign duties and responsibilities to this job at any time.Required Knowledge, Skills and Experience:Minimum/Essential Qualifications:Bachelor''s degree in Computer Science or a related field or equivalent work experienceCISSP, CISM, CISA, or equivalent certification4-8 years of experience in IT Security Engineering roles (2-4 years of experience specifically in application security role)Generally, spend the workday sitting at a workstation and operating computer devices, such as, but not limited to keyboard, mouse and screenGenerally, spend the workday performing repetitive motions that involve or affect the hands, head, and other parts of your bodyMust demonstrate the following behavioral competencies; analytical capacity, attention to detail, communication proficiency, continuous learning, customer/client focus, developing others, ethical conduct, information seeking, initiative, manages execution, personal effectiveness/credibility, positive attitude, problem solving, professionalism, project management, relationship building, thoroughness, and time managementPreferred Qualifications:Master''s degree in Computer Science or a related field or equivalent work experienceWorking knowledge of PCI-DSS and/or GDPR (General Data Protection Regulation)Digi-Key Electronics is an Equal Opportunity Employer. We encourage qualified minority, female, veteran and disabled, and other diverse candidates to apply and be considered for open positions.If you are an applicant with a disability and need a reasonable accommodation for any part of the employment process, please contact Human Resources at 1-800-338-4105 or [Click Here to Email Your Resumé].Equal Employment Opportunity is the LawEqual Employment Opportunity is the Law SupplementPay Transparency

Created: 2025-10-04