Principal Application Security Engineer

Job Description Waste Management is embarking on an ambitious, enterprise-wide technology transformation designed to fuel our continued leadership in an industry rapidly evolving through innovation. We're looking for exceptional Information Technology professionals who are energized by the opportunity to shape what the future of technology looks like at scale. In this role, you won't just support change, you'll help build programs from the ground up, defining new standards and leading initiatives that modernize how we design, develop, and deploy technology across the business. Your technical expertise, paired with industry best practices, will directly influence how technology aligns with and advances our broader business strategy. If you're driven to lead, innovate, and leave a lasting impact, you'll find the opportunity to do your most meaningful work here. I. Job Summary The Principal Application Security Engineer is responsible for defining and driving the application security strategy across the organization. This role ensures secure design and development practices are embedded within the software development lifecycle (SDLC) and DevSecOps pipelines. The architect will lead efforts to implement security tooling, establish reporting frameworks, and collaborate with developers, infrastructure teams, vendors, and security stakeholders to maintain a robust application security posture. II. Duties and Responsibilities To perform this job successfully, an individual must be able to perform each duty satisfactorily. Other ancillary duties may be assigned. Lead the design and implementation of application security architecture and engineering across enterprise applications, partnering with software development, infrastructure, and platform teams to secure cloud-native and on-prem environments. Embed security controls and best practices into CI/CD pipelines and DevSecOps workflows, driving adoption of secure coding standards and threat modeling across engineering teams. Evaluate, implement, and operate application security tooling (e.g., SAST, DAST, IAST, container security and related capabilities), ensuring solutions are effective, scalable, and well-integrated. Define, develop, and maintain application security metrics, reporting, and dashboards to provide visibility to leadership and key stakeholders. Engage and collaborate with third-party vendors to assess and validate the security capabilities of applications and services. Provide guidance and mentorship on application security standards, risk management, and compliance requirements to elevate security maturity across teams. Participate in occasional off-hours support as needed to support troubleshooting or emerging threats. Provides day-to-day management for the Information Protection function, responsible for security technologies utilized to protect WM's data and networks. Participates in WM's Information Security Office leadership team to drive innovative security solutions, and collaboration with other IT and global functions. Responsible for managing the work environment, identifying workforce needs and ensuring performance against expectations, values and vision. Manages security audit and intrusion detection system logs for system and network anomalies and provides highest level analysis. Responds to unique, highly complicated, suspicious or malicious events detected through collection or reported by Help Desk or users. Provides technically advanced remediation and application event support to IT operations and engineering teams Performs initial computer system forensic investigations and supports fraud investigations. Provides top level analysis, design and support for log collection of firewalls, routers, networks and operating systems. Communicates technical and event assessment results, evaluates engineering and integration initiatives and provides technical expertise to assess security policies, standards and guidelines. Develops, collects and analyzes logs from firewalls, intrusion detection systems, enterprise anti-virus systems and software deployment tools. Reviews and recommends the installation, modification or replacement of hardware or software components Identifies and addresses any configuration change(s) that impact event collection. III. Supervisory Responsibilities Will coach and mentor less experienced analysts and act as team leader on more complicated systems projects. IV. Qualifications A. Education and Experience Education: Bachelor's Degree (accredited) in Computer Science, MIS, Business Administration or similar area of study or in lieu of degree, High School Diploma or GED (accredited) and four years of relevant work experience. Experience: Seven years of prior work experience (in addition to education requirement). B. Certificates, Licenses, Registrations or Other Requirements One or more of the following is required: Certified Information Systems Security Professional (CISSP). Certified Information Systems Auditor (CISA). Certified Information Security Manager (CISM). C. Other Knowledge, Skills or Abilities Required Technically advanced or in-depth knowledge or skills in one or more of the following is required: Fortune 500 experience. Deep understanding of application security principles and secure coding practices Ability to design and implement security controls in CI/CD pipelines Strong analytical and problem-solving skills with attention to detail Excellent communication and collaboration skills to work with cross-functional teams Ability to produce clear and actionable security reports and dashboards for stakeholders Ability to create and deliver presentations targeted to either end users or senior management Experience in several or more of the following application security technologies: SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), IAST (Interactive Application Security Testing), SCA (Software Composition Analysis / open-source dependency scanning), API security (API discovery, auth testing, schema validation, runtime protection), RASP (Runtime Application Self-Protection), Pen-test automation / BAS for apps (continuous validation of controls) and SBOM (software bill of materials) & supply chain security provenance/attestation Experience in the areas of change control, problem management, incident management troubleshooting security solutions Ability to handle successfully multiple projects at one time V. Work Environment Listed below are key points regarding environmental demands and work environment of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job. Normal setting for this job is: office setting This position is required to be onsite Monday through Thursday at our downtown Houston HQ with a flexible work from home day on Fridays. Benefits At Waste Management, each eligible employee receives a competitive total compensation package including Medical, Dental, Vision, Life Insurance and Short Term Disability. As well as a Stock Purchase Plan, Company match on 401K, and more! Our employees also receive Paid Vacation, Holidays, and Personal Days. Please note that benefits may vary by site. If this sounds like the opportunity that you have been looking for, please click "Apply". About Us ABOUT WM WM (WM.com) is North America's largest comprehensive waste management environmental solutions provider. Previously known as Waste Management and based in Houston, Texas, WM is driven by commitments to put people first and achieve success with integrity. The company, through its subsidiaries, provides collection, recycling and disposal services to millions of residential, commercial, industrial and municipal customers throughout the U.S. and Canada. With innovative infrastructure and capabilities in recycling, organics and renewable energy, WM provides environmental solutions to and collaborates with its customers in helping them achieve their sustainability goals. WM has the largest disposal network and collection fleet in North America, is the largest recycler of post-consumer materials and is the leader in beneficial reuse of landfill gas, with a growing network of renewable natural gas plants and the most gas-to-electricity plants in North America. WM's fleet includes nearly 11,000 natural gas trucks - the largest heavy-duty natural gas truck fleet of its kind in North America - where more than half are fueled by renewable natural gas. To learn more about WM and the company's sustainability progress and solutions, visit Sustainability.WM.com. Equal Employment Opportunity For United States: WM is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, gender identity, national origin, age, disability, status as a protected veteran or any other characteristic protected under applicable federal, state, or local law. For Canada: WM is committed to the principle of equal employment for all applicants and employees, without discrimination on the basis of all grounds protected by applicable human rights legislation. Accommodations are available on request for candidates taking part in all aspects of the selection process. Please notify us if you require accommodation. Real ID In order to travel by air or access federal property, federal law requires individuals have a REAL ID or an acceptable alternative. This position may require the successful candidate to travel by air for business reasons, or service federal property. Accordingly, successful candidates must have, or be willing to obtain, a REAL ID, or TSA approved alternative. About the Team What is the value of a WM job? At WM we know that the value of a WM job is more than a paycheck. It's a way to create opportunities for you and your family. This is why we are constantly working to make WM a great place to work and grow a career. We Are WM is what defines the perks of being in the WM family - from benefits, to resources and engagement activities. We are People First. We are Committed to Your Growth. We Are Investing in You. We are a Family. We are Stable. We are Always Working for a Sustainable Tomorrow.

Created: 2026-03-04