Application & Web Security Specialist

APPLICATION AND WEB SECURITY SPECIALIST

THE OPPORTUNITY

The Application and Web Security Specialist will serve as a security consultant to Web and Application Developers. You will work with developers on identifying security risks within their applications and validating remediation. This role offers the opportunity to build solid relationships throughout the enterprise, with developers and vendors, while learning about the various technologies employed within our organization. There are other opportunities to serve included with this role that relate to other Security disciplines such as Threat Security, Vulnerability Management, and Event Correlation. 

THE TEAM

The Information Security Team is responsible for the confidentiality of customer and employee information, ensuring the data stored and shared maintains integrity, all while making sure that all of this does not impact the availability of the entire Dillard’s enterprise.

This team is expected to be high-performing. To meet this expectation, the team members are communicative and collaborative, always sharing knowledge and research. Members of this team should be able to understand what is expected of them and adjust on the fly, as priorities may change depending on the company's needs. If you are someone who sets a standard of excellence for yourself and you enjoy working alongside others who set the same standard and who genuinely want each of their peers to succeed, you may be the perfect addition to this team. 

WHAT YOU WILL DO

• Inspect and assess current solutions for Web and Application Security risks
• Architect and implement security controls within the Software Development Lifecycle (SDLC)
• Hold recurring cadences with development and security leadership to discuss findings and future paths for the company regarding application security posture
• Participate in vulnerability verification and assist development teams in remediation based on reports from scanners, along with manual application security testing
• Conduct application security testing  on code and web environments after every significant modification
• Ensure security controls comply with applicable laws, regulations, and policies to minimize risk and audit findings
• Train others in IT on application security concepts and educate developers on risk-based coding, including the OWASP best practices
• Participate in on-call rotation across the Information Security Team
• Ensure applications maintain a  Software Bill of Materials (SBOM) for each application
• Secure and monitor web applications using the web application firewall
• Secure and monitor all in-house APIs for exploitation
• Implement security solution(s) for securing AI systems across the environment
• Collaborate with AI/ML teams to ensure AI security
• Secure and monitor all in-house AI applications for risk and exploitation

THE SKILLSET

• Knowledge of web architectures (Apache, WebSphere, CDN, OCP/Docker, Next.JS, React) and ability to read, review, and analyze OOP languages when used in production-ready web applications
• Understanding of security threats and solutions for applications
• Experience analyzing risk following regulations, including PCI, HIPAA, Sarbanes-Oxley, and state privacy laws
• Experience creating processes, procedures, and solutions that reduce technical risk and increase operational efficiency
• Experience using DAST and SAST tools
• Experience navigating and monitoring web application traffic through the web application firewall
• Experience using AI tools for creating and implementing agentic solutions
• Experience with LLMs, generative AI systems, or LLM-based applications
• Experience implementing guardrail solutions
• Hands-on experience with assessing risk and security testing AI systems for OWASP Top 10 for LLMs
• Ability to work independently and with teams while meeting multiple deadlines
• Strong interpersonal and communication skills with proven decision-making skills
• Desire to troubleshoot and lead investigations
• History of and commitment to ethical behavior and full ethical disclosure

Location & Hours:  This is a full-time, on-site position located at our Little Rock, Arkansas headquarters. A high level of attendance is required as an essential function of this position.

No immigration sponsorship (ex. H-1B, TN, STEM OPT) is available for this position