Staples Senior Application Security Engineer in Westminster, Colorado



An Application Security Engineer has responsibility for (1) helping development teams adopt security-focused steps and standards into their Software Development Lifecycle (SDLC) and (2) supporting deployed security testing tools and aiding development teams in examining the relevance of their results. In this role you will partner with IT Product Teams to encourage their focus on security and guide their remediation of identified scan vulnerabilities.


  • Assistwith the evaluation, on-boarding, and management of applications anddevelopment teams to the security program

  • Managevulnerability discovery and remediation efforts from sources like static,dynamic, and open-source web application testing technologies and report ontheir success

  • Collaboratewith internal partners to addresssecurity issues and roll-out secure development practices

  • Work closely withdevelopment teams to assist with the remediation and risk identification processes

  • Support productteams to meet regular scanning requirements for application security and forassessing PCI compliance

  • Assist and enablethe Application Security team in the creation of analytical outputs on thegeneral and specific risk profiles of Staples’ applications

  • Deploy andmaintain application security tools and services

  • Assist to enableautomated security testing at scale to measure vulnerability density across theorganization



  • Bachelor’s degree

  • 5+ years of webor mobile software development experience (Java, C#, JS, Node, etc.)

  • Familiarity withapplication security concerns and secure coding practices

  • Experienceworking with Agile development methodologies

  • Superb analyticand problem-solving skills

  • Strong writtenand oral communication skills

  • A willingness tolearn and grow knowledge in the field of application/information security


  • Hands-onapplication security assessment experience using industry standard DAST/SASTtools (IBM AppScan, Checkmarx, etc.)

  • Industry trainingin web application defense or similar

  • Certification inthe above a plus

  • Knowledge ofOWASP, SANS or other security-related standards

  • Experience withautomated security scanning and CICD pipeline integration a plus

Staples is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or any other basis protected by federal, state, or local law.