Principal Application Security Engineer

In this role, you won’t just support change, you’ll help build programs from the ground up, defining new standards and leading initiatives that modernize how we design, develop, and deploy technology across the business. Your technical expertise, paired with industry best practices, will directly influence how technology aligns with and advances our broader business strategy.

If you're driven to lead, innovate, and leave a lasting impact, you’ll find the opportunity to do your most meaningful work here. 

The Principal Application Security Engineer is responsible for defining and driving the application security strategy across the organization. This role ensures secure design and development practices are embedded within the software development lifecycle (SDLC) and DevSecOps pipelines. The architect will lead efforts to implement security tooling, establish reporting frameworks, and collaborate with developers, infrastructure teams, vendors, and security stakeholders to maintain a robust application security posture.

To perform this job successfully, an individual must be able to perform each duty satisfactorily.  Other ancillary duties may be assigned. 

• Lead the design and implementation of application security architecture and engineering across enterprise applications, partnering with software development, infrastructure, and platform teams to secure cloud-native and on-prem environments.
• Embed security controls and best practices into CI/CD pipelines and DevSecOps workflows, driving adoption of secure coding standards and threat modeling across engineering teams.
• Evaluate, implement, and operate application security tooling (e.g., SAST, DAST, IAST, container security and related capabilities), ensuring solutions are effective, scalable, and well-integrated.
• Define, develop, and maintain application security metrics, reporting, and dashboards to provide visibility to leadership and key stakeholders.
• Engage and collaborate with third-party vendors to assess and validate the security capabilities of applications and services.
• Provide guidance and mentorship on application security standards, risk management, and compliance requirements to elevate security maturity across teams.
• Participate in occasional off-hours support as needed to support troubleshooting or emerging threats.

• Provides day-to-day management for the Information Protection function, responsible for security technologies utilized to protect WM's data and networks. 

• Participates in WM's Information Security Office leadership team to drive innovative security solutions, and collaboration with other IT and global functions.

• Responsible for managing the work environment, identifying workforce needs and ensuring performance against expectations, values and vision.

• Manages security audit and intrusion detection system logs for system and network anomalies and provides highest level analysis.

• Responds to unique, highly complicated, suspicious or malicious events detected through collection or reported by Help Desk or users.

• Provides technically advanced remediation and application event support to IT operations and engineering teams

• Performs initial computer system forensic investigations and supports fraud investigations.

• Provides top level analysis, design and support for log collection of firewalls, routers, networks and operating systems.

• Communicates technical and event assessment results, evaluates engineering and integration initiatives and provides technical expertise to assess security policies, standards and guidelines.

• Develops, collects and analyzes logs from firewalls, intrusion detection systems, enterprise anti-virus systems and software deployment tools.

• Reviews and recommends the installation, modification or replacement of hardware or software components

• Identifies and addresses any configuration change(s) that impact event collection.

Will coach and mentor less experienced analysts and act as team leader on more complicated systems projects.

A. Education and Experience

• Education: Bachelor's Degree (accredited) in Computer Science, MIS, Business Administration or similar area of study or in lieu of degree, High School Diploma or GED (accredited) and four years of relevant work experience.  

• Experience: Seven years of prior work experience (in addition to education requirement).

B.  Certificates, Licenses, Registrations or Other Requirements

One or more of the following is required:

• Certified Information Systems Security Professional (CISSP).

• Certified Information Systems Auditor (CISA).

• Certified Information Security Manager (CISM).

C. Other Knowledge, Skills or Abilities Required

Technically advanced or in-depth knowledge or skills in one or more of the following is required:

• Fortune 500 experience.

• Deep understanding of application security principles and secure coding practices
• Ability to design and implement security controls in CI/CD pipelines
  Strong analytical and problem-solving skills with attention to detail
• Excellent communication and collaboration skills to work with cross-functional teams
• Ability to produce clear and actionable security reports and dashboards for stakeholders
• Ability to create and deliver presentations targeted to either end users or senior management
• Experience in several or more of the following application security technologies: SAST (Static Application Security Testing), DAST (Dynamic
• Application Security Testing), IAST (Interactive Application Security Testing), SCA (Software Composition Analysis / open-source dependency scanning), API security (API discovery, auth testing, schema validation, runtime protection), RASP (Runtime Application Self-Protection), Pen-test automation / BAS for apps (continuous validation of controls) and SBOM (software bill of materials) & supply chain security provenance/attestation
• Experience in the areas of change control, problem management, incident management troubleshooting security solutions
• Ability to handle successfully multiple projects at one time
   

Listed below are key points regarding environmental demands and work environment of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job. 

• Normal setting for this job is: office setting

• This position is required to be onsite Monday through Thursday at our downtown Houston HQ with a flexible work from home day on Fridays. 

Benefits
At Waste Management, each eligible employee receives a competitive total compensation package including Medical, Dental, Vision, Life Insurance and Short Term Disability.  As well as a Stock Purchase Plan, Company match on 401K, and more!  Our employees also receive Paid Vacation, Holidays, and Personal Days.  Please note that benefits may vary by site.

If this sounds like the opportunity that you have been looking for, please click "Apply".

WM (WM.com) is North America's leading provider of comprehensive environmental solutions. Previously known as Waste Management and based in Houston, Texas, WM is driven by commitments to put people first and achieve success with integrity. The company, through its subsidiaries, provides collection, recycling and disposal services to millions of residential, commercial, industrial, medical and municipal customers throughout the U.S. and Canada. With innovative infrastructure and capabilities in recycling, organics and renewable energy, WM provides environmental solutions to and collaborates with its customers in helping them pursue their sustainability goals. WM has the largest disposal network and collection fleet in North America, is the largest recycler of post‑consumer materials and is a leader in beneficial use of landfill gas, with a growing network of renewable natural gas plants and the most landfill gas‑to‑electricity plants in North America. WM’s fleet includes more than 12,000 natural gas trucks – the largest heavy‑duty natural gas truck fleet in the industry in North America. Healthcare Solutions provides collection and disposal services of regulated medical waste, as well as secure information destruction services, in the U.S., Canada and Western Europe. To learn more about WM and the company’s sustainability progress and solutions, visit Sustainability.WM.com.

Equal Employment Opportunity

For United States:  WM is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, gender identity, national origin, age, disability, status as a protected veteran or any other characteristic protected under applicable federal, state, or local law.

For Canada:  WM is committed to the principle of equal employment for all applicants and employees, without discrimination on the basis of all grounds protected by applicable human rights legislation. Accommodations are available on request for candidates taking part in all aspects of the selection process. Please notify us if you require accommodation.

Real ID

In order to travel by air or access federal property, federal law requires individuals have a REAL ID or an acceptable alternative. This position may require the successful candidate to travel by air for business reasons or service federal property. Accordingly, successful candidates must have, or be willing to obtain, a REAL ID or TSA‑approved alternative.