Our vision is to transform how the world uses information to enrich life for . Micron Technology is a world leader in innovating memory and storage solutions that accelerate the transformation of information into intelligence, inspiring the world to learn, communicate and advance faster than ever. JR44563 Application Security Engineer Application Security Engineer Job Description For more than 45 years, Micron's teams of innovators and scientists have redefined innovation-designing and building some of the world's most sophisticated memory and semiconductor technologies. Securing software development plays a meaningful role within Global Security in protecting our intellectual property. Micron's IT team is a distributed team who are passionate about enabling company success by delivering high business value solutions. Within IT, we build security capabilities as well as educates and guides global teams to secure development in all types of workloads and environments both on premise and in our public and private clouds in a scalable way for our worldwide enterprise. Key Responsibilities Technical Leadership We serve as a mentors and authorities in the application security domain by leading efforts to further define and improve our application security strategy and secure SDLC processes. We provide industry standard methodology for secure coding practices, threat modeling, and other aspects of application and platform security. Mentoring and guiding security champions embedded throughout the development teams is a core focus for the team, and we take that trust very seriously. We also act as a voice for the development community into Global Security to help ensure that the potential impact of changes is well understood. Engineering Solutions We are engineers and as such we build things. Some examples of this are bringing automation of security tools in CICD pipelines, building reference solutions that apply security tools correctly, and developing proof-of-concept exploit code to gauge our exposure of confirmed vulnerabilities. We provide measured and prescriptive guidance by prioritizing security issues relative to identified vulnerabilities, risk, and business objectives. Continued Education Application security is an ever-evolving field, so we need to maintain the team both technically and intellectually. We accomplish this through maintaining awareness of emerging domain appropriate application vulnerabilities, maintaining proficiency in emerging development practices and platforms, and maintaining expertise, certifications, and credentials through training, conferences, and professional organization membership. Skills and Proficiencies : Strong interpersonal skills and experience collaborating with developers and leadership to promote secure SDLC Proven foundations in software engineering in multiple languages and frameworks Experience with SAST, DAST, SCA, and related application security tools Comfortable switching contexts between red, blue, and development perspectives Strong sense of personal accountability and dedication to team success Deep understanding of OWASP Top 10 and CWE 25 with experience in implementing and integrating remediation strategies High-Level Knowledge of security concepts in the various security domains including, but not limited to, authentication, authorization, testing, and cryptography Strong problem solving and analytical skills with a proven record of resolving system-level issues Differentiators Cloud and containerized development and deployment Application architecture and software design principles with the ability to perform application security design reviews Experience with open-source software and licensing concerns Excellent ability to coordinate multiple efforts and see solutions to their conclusion Ability to be self-directed and a fast learner with flexibility to support new technologies and legacy applications Ability to react to fast paced and dynamic environments Education and Experience: Bachelor's Degree or equivalent experience in Computer Science or related course of study Must have 2+ years of experience in application security or related field
