×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity

Engineer, Application Security

Job in South Naperville Area, Will County, Illinois, 60564, USA
Listing for: KeHE Distributors, LLC
Full Time position
Listed on 2026-06-20
Job specializations:
  • IT/Tech
    Cybersecurity
Salary/Wage Range or Industry Benchmark: 78210 USD Yearly USD 78210.00 YEAR
Job Description & How to Apply Below

Why Work for KeHE?

  • Full-time
  • Pay Range: $78,210.00/Yr.

    - $/Yr.
  • Shift Days: , Shift Time:
  • Benefits on Day 1
    • Health/Rx
    • Dental
    • Vision
    • Flexible and health spending accounts (FSA/HSA)
    • Supplemental life insurance
    • 401(k)
    • Paid time off
    • Paid sick time
    • Short term & long term disability coverage (STD/LTD)
    • Employee stock ownership (ESOP)
    • Holiday pay for company designated holidays
Overview

At KeHE, we’re obsessed with creating solutions, unboxing potential, and serving others – and it all starts with you. As an employee-owned distributor of natural and organic, specialty, and fresh products, we’re committed to making a positive impact and scaling our success together. With a culture that fosters development and opportunity, you’ll be embarking on a career that’s moving forward. When you join KeHE, you’re becoming part of a team that is a force for good

Primary Responsibilities

The Application Security Engineer (App Sec) reduces application and software risk by embedding security into the secure software development lifecycle (SSDLC). This role partners closely with engineering, infrastructure, and product teams to design secure architectures, perform threat modeling, implement security testing and CI/CD controls, and drive remediation of vulnerabilities. As the organization's AI adoption expands across business and engineering teams, the incumbent will help evaluate and shape security practices for emerging AI and agentic tools, including GenAI assessments and guardrail development as these programs mature.

The role develops practical security standards, builds and operates a vulnerability operations function, improves developer enablement through reusable patterns and automation, and supports investigations related to application vulnerabilities, insecure configurations, or software supply chain risk. As with all positions at KeHE Distributors, all actions and responsibilities are expected to align with KeHE's Mission, Vision, and Values.

Essential Functions

DUTIES, TASKS AND RESPONSIBILITIES:

  • Secure SDLC Integration:
    Partner with software engineering teams to embed security activities (design, build, test, deploy, operate) into the SDLC, including performing threat modeling and security design reviews.
  • Standards & Patterns:
    Define, maintain, and promote "secure-by-default" coding standards, reusable security control patterns, and templates to scale consistent security practices.
  • App Sec Tooling & Automation:
    Implement, operate, and continuously tune application security testing tools (SAST, DAST, SCA, secrets, containers, IaC) within CI/CD pipelines to ensure high-signal, actionable feedback.
  • Risk-Based Vulnerability Management:
    Triage, validate, and prioritize application security findings based on business impact and exposure; track remediation SLAs, verify fixes, and document risk acceptances or compensating controls.
  • Modern Architecture & Platform Security:
    Provide security guidance on modern architectures (APIs, microservices, cloud, serverless), focusing on identity/access management (RBAC, least privilege, token handling), rate limiting, and secure configurations.
  • Supply Chain & Secrets Reduction:
    Mitigate software supply chain risks through strict dependency governance and secure artifact management, while driving improvements in secrets management to eliminate hard-coded credentials.
  • Incident Response Support:
    Assist Security Operations and engineering teams with investigating App Sec incidents (e.g., exposed secrets, exploits), and lead post-incident reviews to implement preventative guardrails.
  • Governance, Risk, & Compliance:
    Provide control evidence to support compliance audits and evaluate the security posture of third-party/vendor-integrated applications.
  • Developer Enablement & Culture:
    Foster a strong security culture by delivering security training, hosting office hours, publishing developer-friendly documentation, and demonstrating company core values.
  • AI & Agentic Tool Security:
    Oversee security for GenAI, RAG, and agentic tools by conducting OWASP LLM/Agentic Top 10 assessments, enforcing per-tool security checklists (blast-radius and data boundaries), and owning the security sign-off for POC-to-production…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search