Engineer Sr., Application Security

The Sr. Application Security Engineer at is responsible for implementing, operating, and maintaining software security capabilities for Carnival’s global brands in a digital, cloud-based environment. This role involves the implementation of software security controls, development of scripts and APIs to automate security governance, and the development of cloud infrastructure to support Application Security services. The Sr. Application Security Engineer will work virtually with development and operations teams across our global brands to advance a security culture that empowers Carnival to produce features and digital experiences that delight our guests while safeguarding the interests of both Carnival Corporation and our customers. The ideal candidate will have experience with software security best practices, cloud infrastructure, and security tools like SAST and DAST scanners.

Essential Functions:

• Program, engineer, implement, and administer IT Security technical controls and tools to assess vulnerabilities, misconfigurations and incidents.

• Consult with development teams to test and assess software vulnerabilities from sources like security scanners and bug bounty programs.

• Implement and automate new governance processes and controls to ensure that application security activities are being carried out and are done so easily by software development teams.

• Develop and maintain cloud infrastructure and Kubernetes clusters using modern techniques like infrastructure as code (IaC) to host Application Security capabilities for consumption by brand teams

• Perform security reviews of applications and releases to ensure they meet relevant policies, standards, and guidelines.

Knowledge, Skills & Abilities:

• Scope: The responsibilities of this role impact the enterprise globally, both on shore and across the fleet.

• Problem solving: This role involves the assessment of complex software security issues, the operation of infrastructure that serves global production workloads, and the development of software to automate reporting and governance tasks. The role is expected to be able to work independently and within the team to solve these problems.

• Impact:  This role will directly contribute to policy and standards for software development across the enterprise, along with the development of automated software security controls and the operation of infrastructure for global security services.

• Leadership: This role is responsible for guiding development teams in the use of security best practices and collaborating with a wide range of roles across the enterprise.

Qualifications:

• Bachelor's Degree in Computer Science, Software Engineering, Mathematics, or similar; 5+ years of professional experience

• Hands-on experience writing software applications, including APIs, web applications, and scripts. Strong experience operating and administrating common security tools like SAST and DAST scanners. Strong experience communicating security findings to teams and following through on remediation efforts. Hand-on experience performing threat modeling and adversarial testing of software applications. Hands-on experience with cloud-native application development and operations, including the use of CI/CD pipelines, cloud compute resources, and containerization (e.g. Docker and Kubernetes).

Travel: No or very little travel likely

Work Conditions: Work primarily in a climate-controlled environment with minimal safety/health hazard potential..

Physical Demands: Must be able to remain in a stationary position at a desk and/or computer for extended periods of time.

This position is classified as “remote.”  As a remote role, it allows employees to work full-time from their home. It may also require regular travel to Carnival headquarters in Miami, FL for in-office collaboration.  Sourcing of candidates is primarily done in Carnival’s remote hubs of Orlando, Tampa, Atlanta, Houston, and Dallas.  If the search is extended past those areas, candidates must be located in one of the following U.S. states:  FL, GA, TX and NC 

Offers to selected candidates will be made on a fair and equitable basis, taking into account specific job-related skills and experience.   

At Carnival, your total rewards package is much more than your base salary. All non-sales roles participate in an annual cash bonus program, while sales roles have an incentive plan. Director and above roles may also be eligible to participate in Carnival’s discretionary equity incentive plan. Plus, Carnival provides comprehensive and innovative benefits to meet your needs, including: 

• Health Benefits: 

  • Cost-effective medical, dental and vision plans 
  • Employee Assistance Program and other mental health resources 
  • Additional programs include company paid term life insurance and disability coverage  
• Financial Benefits: 
  • 401(k) plan that includes a company match 
  • Employee Stock Purchase plan 
• Paid Time Off 
  • Holidays – All full-time and part-time with benefits employees receive days off for 8 company-wide holidays, plus 2 additional floating holidays to be taken at the employee’s discretion.  
  • Vacation Time – All full-time employees at the manager and below level start with 14 days/year; director and above level start with 19 days/year.  Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 84 hours/year.  All employees gain additional vacation time with further tenure. 
  • Sick Time – All full-time employees receive 80 hours of sick time each year.  Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 60 hours each year.   
• Other Benefits 
  • Complementary stand-by cruises, employee discounts on confirmed cruises, plus special rates for family and friends 
  • Personal and professional learning and development resources including tuition reimbursement  
  • On-site Fitness center at our Miami campus 

#Corp

#LI-RemoteRemote

#LI-SH1