Certain roles at Tyson require background checks. If you are offered a position that requires a background check you will be provided additional documentation to complete once an offer has been extended.

Job Details:

Lead the evaluation, design, and implementation of application security technologies, ensuring integration with CI/CD pipelines for automated security testing. Promote secure coding practices, develop and enforce secure coding guidelines (e.g. OWASP or SANS), and create comprehensive training materials for developers. Deliver training sessions on secure coding practices, threat modeling, and vulnerability management. Perform internal application security assessments, conduct penetration testing using tools like Burp Suite, OWASP ZAP, and Metasploit, and identify, report, and mitigate security vulnerabilities. Define and implement organization-wide security policies, standards, and procedures to incorporate security into all phases of the Software Development Life Cycle (SDLC). Collaborate with development teams to integrate security requirements into project plans using project management tools (e.g. JIRA or Confluence) to track progress and ensure timely delivery of security initiatives. Perform risk assessments using methodologies such as STRIDE or DREAD to prioritize security efforts based on business impact and likelihood of exploitation. Lead and participate in secure code reviews for critical applications, providing actionable feedback to developers and ensuring adherence to secure coding practices. Conduct detailed manual and automated code reviews, identifying security flaws and recommending remediation measures. Develop and enhance internal security tools, automating security testing, vulnerability scanning, and reporting. Create custom scripts and tools to streamline security processes and improve vulnerability management and reporting efficiency. Define and maintain base image hardening guidelines for containerized applications, collaborating with DevOps teams and using tools like Aqua Security and Twistlock to define security baselines and ensure containerized applications are secure. Participate in incident response activities related to application security incidents, leading forensic analysis and root cause investigations, and coordinating with response teams to ensure timely remediation and prevention of future incidents. Provide training to development and DevOps teams on secure coding practices, threat awareness, and secure design principles, fostering a security-conscious culture within the organization. Organize regular workshops, training sessions, and security awareness programs to educate teams on the latest security practices and threats. Define and track key performance indicators (KPIs) for application security, monitor progress, report to management, and use metrics to drive continuous improvement. Develop and maintain dashboards and reports to measure security performance, identify trends, and drive improvements. Continuously assess and improve the organization's application security maturity, implementing industry best practices and frameworks (e.g. OWASP or SAMM). Regularly review and update security frameworks, conduct maturity assessments, and implement best practices to enhance the overall security posture. Position reports to Tyson headquarters in Springdale, AR; 100% telecommuting permitted from anywhere in the U.S. 10% Domestic and International travel required.

REQUIREMENTS:

Bachelor’s in Computer Science, Information Technology, Information Systems, Cyber or Technical Engineering, or a related field, and 7 years of experience in application security. Alternatively, will accept a Master’s degree in Computer Science, Information Technology, Information Systems, Cyber or Technical Engineering, or a related field, and 5 years of experience in application security.

Must have work experience in:

• Conducting regular security assessments using automated tools including SonarQube, Checkmarx, and Fortify and manual code reviews to identify security vulnerabilities;
• DevOps methodologies;
• Implementing and managing security tools including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and Interactive Application Security Testing (IAST);
• Using Security Information and Event Management (SIEM) tools including Splunk, QRadar, or LogRhythm to monitor security incidents, respond to security alerts, and perform incident response activities;
• Web application vulnerabilities and business logic flaws;
• Standard Software Development Life Cycle practices; and
• Vulnerability tests, risk analysis, and remediation techniques.

Relocation Assistance Eligible:

Work Shift:

Hourly Applicants ONLY -You must complete the task after submitting your application to provide additional information to be considered for employment.

Tyson is an Equal Opportunity Employer. All qualified applicants will be considered without regard to race, national origin, color, religion, age, genetics, sex, sexual orientation, gender identity, disability or veteran status.

We provide our team members and their families with paid time off; 401(k) plans; affordable health, life, dental, vision and prescription drug benefits; and more.

If you would like to learn more about your data privacy rights and how you may use that information, please read our Job Applicant Privacy Notice here.

Unsolicited Assistance: Tyson Foods and its subsidiaries do not accept unsolicited support from external recruitment vendors for open positions within the United States. Any resumes or candidate profiles submitted by recruitment vendors or headhunters to any employee or applicant tracking system at Tyson Foods or its subsidiaries, without a valid written request and search agreement approved by HR, will be considered the property of Tyson Foods. No fees will be paid if the candidate is hired due to an unsolicited referral.