INFORMATION SECURITY MANAGER, APPLICATION SECURITY Job Listing at Dollar General in Goodlettsville, TN (Job ID 2025-340657)

Description

Work Where You Matter: At Dollar General, our mission is Serving Others! We value each and every one of our employees. Whether you are looking to launch a new career in one of our many convenient Store locations, Distribution Centers, Store Support Center or with our Private Fleet Team, we are proud to provide a wide range of career opportunities. We are not just a retail company; we are a company that values the unique strengths and perspectives that each individual brings. Your difference truly makes a difference at Dollar General. How would you like to Serve? Join the Dollar General Journey and see how your career can thrive. Company Overview:

Dollar General Corporation has been delivering value to shoppers for more than 80 years. Dollar General helps shoppers Save time. Save money. Every day.® by offering products that are frequently used and replenished, such as food, snacks, health and beauty aids, cleaning supplies, basic apparel, housewares and seasonal items at everyday low prices in convenient neighborhood locations. Learn more about Dollar General at www.dollargeneral.com/about-us.html.

Responsible for managing the application security testing team and its mission to protect enterprise software and services against the introduction of exploitable vulnerabilities into the environment.  This role is responsible for application security testing throughout the secure solution development lifecycle, collaborating with development and DevOps teams, and driving solution development practices.  The ideal candidate is a big picture thinker with technical expertise in application security testing and a strong ability to influence cross-functional teams while recommending, designing, implementing, and administering application security testing services and controls to meet strategic information security objectives.

Duties & Responsibilities: What major responsibilities does this position have and what percentage of time is spent on completing them? (Typically 5 – 7)

• Lead secure code reviews and manage static testing (SAST) and dynamic testing (DAST) for in-house and third-party applications – to include coordination of reporting and remediation efforts with development teams. Provide guidance and training to developers on secure coding techniques and tools. 40%
• Integrate security best practices into the secure solution development lifecycle (SSDLC) and CI/CD pipelines by collaborating with product and engineering teams to embed effective security control requirements early in project planning. 20%
• Develop, implement, and maintain an enterprise-wide application security testing program. 15%
• Maintain appropriate operational performance metrics which clearly demonstrate the effectiveness and efficiency of the application security testing program. 15%
• Define and enforce application security policies, standards, and controls. 5%
• Monitor emerging threats, vulnerabilities, and industry trends to ensure proactive security improvements. 5%

Knowledge, Skills and Abilities (KSAs): What KSAs are required to perform this job?

• Strong understanding of current and emerging application security and general information security best practices, technologies, techniques, trends, threats, and countermeasures, to include application security aspects related to cloud technologies.
• Very strong, effective written, oral and interpersonal communication skills. Able to communicate technical and non-technical issues across multiple levels. Able to build effective relationships and spheres of influence to negotiate effective and timely risk remediation actions, partner obligations, and internal commitments.
• Strong, hands-on experience performing static application security tests (SAST) and dynamic application security tests (DAST) using commercial and non-commercial tools, automated and manual testing methods, etc.
• Deep understanding of effective, pragmatic application security controls and related industry (e.g. OWASP Top 10, SANS CWE) best practices across web, mobile, and API solutions; risk management and compliance strategies and techniques; and applicable regulatory requirements.
• Deep understanding in application security testing methods (e.g., SAST, DAST, IAST, SCA).
• Strong familiarity with development frameworks and programming/scripting languages (e.g., Java, JavaScript, Python, .NET, etc.).
• Strong understanding of DevSecOps principles, CI/CD tools (e.g. Jenkins, GitLab), and cloud-native application security (Azure, GCP, OCI).
• Solid understanding of Agile and Waterfall development methodologies and the efficient and effective integration of application security design and testing processes.
• Ability to manage and mentor a team of security professionals.
• Able to maintain ongoing awareness of emerging threats, trends, and techniques used by threat actors in an evolving risk climate.Ability to learn and retain new skills to adapt to evolving business, technical, risk, and security needs.
• Ability to work occasionally during non-standard shifts, in an on-call capacity, and able to travel as needed (up to 5%).

• College degree in information security or related field or equivalent experience in information security with a minimum of 7 years current/recent application security experience required.
• Active CISSP, CSSLP, GWAPT, GWEB, GCPN, CASE, OSWE, GEVA certification(s) preferred.
• 5-7 years extensive hands-on experience in static and dynamic application security testing using a variety of manual testing methods, commercial and non-commercial tools, best-practice security frameworks (e.g., OWASP ASVS), etc.
• 3-5 years of experience with host operating systems, networking principles, web application firewalls and associated security controls; network/system vulnerability scanning tools.