Application & Web Security Specialist
On-site
Full Time
#Information Security
#Web
#OOP
#Security
#PCI
#HIPAA
#DAST
#SAST
#Vulnerability Management
#Penetration Testing
We are currently looking for a Senior Application and Web Security Specialist to join our Information Security team on a full-time, on-site basis in the United States. Our team is dedicated to protecting the integrity, confidentiality, and availability of data across the entire Dillard’s enterprise. We pride ourselves on being a high-performing group that values collaboration, open communication, and a shared commitment to excellence. As a member of this team, you will act as a security consultant to our developers, helping to identify risks and validate remediation efforts while gaining deep exposure to our diverse technology stack.
Key outcomes
- Evaluate current web and application solutions to identify potential security risks.
- Integrate robust security controls directly into our Software Development Lifecycle.
- Facilitate regular meetings with development and security leadership to align on our security posture and future strategy.
- Support development teams by verifying vulnerabilities and assisting with remediation efforts derived from automated scanners and manual penetration testing.
- Perform penetration tests on web environments and code following significant updates.
- Ensure all security measures remain compliant with relevant laws, regulations, and internal policies to mitigate audit risks.
- Educate IT staff and developers on security concepts, including risk-based coding and OWASP best practices.
- Manage the Software Bill of Materials and oversee the security and monitoring of in-house APIs.
- Participate in the Information Security team's on-call rotation.
Requirements
- Strong understanding of web architectures, including Apache, WebSphere, CDN, OCP, Docker, Next.JS, and React.
- Proficiency in reading, reviewing, and analyzing Object-Oriented Programming languages within production environments.
- Proven experience with DAST and SAST security tools.
- Familiarity with regulatory frameworks such as PCI, HIPAA, Sarbanes-Oxley, and state privacy laws.
- Demonstrated ability to design processes and solutions that reduce technical risk while improving operational efficiency.
- Excellent communication and interpersonal skills, combined with a history of sound decision-making.
- A strong commitment to ethical behavior and full disclosure.
- Fluency in English.
- Please note that we are unable to provide immigration sponsorship for this role.
How to apply
If you are a proactive professional who enjoys solving complex security challenges and collaborating with a dedicated team, we invite you to submit your application. We look forward to reviewing your qualifications and discussing how your expertise can contribute to our security initiatives.
Dillards
4 views





