Now Brewing - Senior Application Security Engineer! #tobeapartner
From the beginning, Starbucks set out to be a different kind of company. One that not only celebrated coffee and the rich tradition, but that also brought a feeling of connection.
As a Cybersecurity Engineer Sr on our Application Security Engineering team within Global Cybersecurity Services (GCS), you will help protect the experiences millions of customers and partners rely on every day, including mobile ordering, loyalty, and partner-facing platforms. You will provide hands-on security engineering and consultative guidance to product and engineering teams, helping ensure applications and APIs are designed, built, and operated in alignment with Starbucks security standards and resilient-by-design practices. In this role, you will serve as the primary owner for key application security testing services, including in-house penetration testing, DAST scanning, and vendor-delivered penetration testing, including compliance-driven testing (with AppSec oversight).
As a Cybersecurity Engineer Sr, you will...
Own and deliver core AppSec offensive security testing services by executing in-house penetration testing, operating and continuously improving DAST scanning, and providing AppSec oversight for vendor-delivered penetration testing, including compliance-driven testing, to ensure quality, consistency, and risk-based reporting and prioritization.
Drive application security outcomes by translating findings into clear, actionable remediation guidance across web, mobile, and API services, and partnering with engineering teams to reduce repeat issues and measurably improve risk posture over time.
Partner and influence across the enterprise by mentoring peers, advising engineering leaders, and contributing as an application security SME during security incidents and for vulnerability disclosure reports, ensuring threats are contained and lessons learned translate into stronger controls.
We'd love to hear from people with:
Bachelor's degree in a relevant field or 5+ years of equivalent experience in cybersecurity engineering related roles.
6+ years of experience working in an information technology discipline.
6+ years of infrastructure / information security experience.
4+ years of experience working with infrastructure as code technologies.
Experience deploying, configuring, and troubleshooting cybersecurity tools in enterprise environments.
Certifications such as CISSP, CISSM or others focused on cybersecurity, data privacy or information risk management.
Advanced knowledge of cybersecurity principles and practices
Experience with technologies such as firewalls, antivirus software, and intrusion detection systems
Experience with security frameworks and compliance requirements
Proficiency in implementing and managing security controls and technologies
Knowledge of network security protocols and concepts
Familiarity with operating systems and network architectures
In-depth understanding of enterprise-level cybersecurity strategies, frameworks, and technologies
Proficiency in conducting security assessments and audits
Ability to develop and implement security policies and procedures
Experience in managing and responding security incidents
Exceptional problem-solving and troubleshooting skills.
Excellent communication and collaboration skills, with the ability to work effectively with cross-functional teams and stakeholders.
Advanced experience with at least one modern programming language such as Java, Go, Python, Ruby, C++, or C#.
Advanced Proficiency interacting with API's and automating tasks using common scripting languages.
Preferred qualifications (nice to have):
Experience performing offensive application security testing across web, mobile, and APIs, including manual testing techniques and secure design review.
Experience building, operating, or scaling DAST scanning capabilities in an enterprise environment.
Experience providing AppSec oversight for vendor penetration testing, including scoping, quality review of evidence and reporting, and retest validation.
Familiarity with vulnerability disclosure workflows, including triage, validation, and partner communications.
Familiarity working in PCI or other compliance-driven environments where pentesting and evidence requirements are time-bound and auditable.
Certifications such as OSCP, OSWE, GWAPT, GPEN (or equivalent) are a plus.
As a Starbucks partner, you (and your family) will have access to medical, dental, vision, basic and supplemental life insurance, and other voluntary insurance benefits. Partners have access to short-term and long-term disability, paid parental leave, family expansion reimbursement, paid vacation from date of hire*, sick time (accrued at 1 hour for every 25 hours worked), eight paid holidays, and two personal days per year. Starbucks also offers eligible partners participation in a 401(k) retirement plan with employer match, a discounted company stock program (S.I.P.), Starbucks equity program (Bean Stock), incentivized emergency savings, and financial well-being tools. Additionally, Starbucks offers 100% upfront tuition coverage for a first-time bachelor's degree through Arizona State University's online program via the Starbucks College Achievement Plan, student loan management resources, and access to other educational opportunities. You will also have access to backup care and DACA reimbursement. Starbucks will comply with any applicable state and local laws regarding employee leave benefits, including, but not limited to providing time off pursuant to the Colorado Healthy Families and Workplaces Act, and in accordance with its plans and policies. This list is subject to change depending on collective bargaining in locations where partners have a certified bargaining representative. For additional information regarding partner perks and more detailed information about benefits, go to starbucksbenefits.com (file:///C:/Users/rofunk/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/EHRXPAYM/starbucksbenefits.com) .
*If you are working in CA, CO, IL, LA, ME, MA, NE, ND or RI, you will accrue vacation up to a maximum of 120 hours (190 in CA) for roles below director and 200 hours (316 in CA) for roles at director or above. For roles in other states, you will be granted vacation time starting at 120 hours annually for roles below director and 200 hours annually for roles director and above.
The actual base pay offered to the successful candidate will be based on multiple factors, including but not limited to job-related knowledge/skills, experience, geographical location, and internal equity. At Starbucks, it is not typical for an individual to be hired at the high end of the range for their role, and compensation decisions are dependent upon the facts and circumstances of each position and candidate.
We believe we do our best work when we're together, which is why we're onsite four days a week.
Join us and inspire with every cup. Apply today!
Starbucks Coffee Company is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, or protected veteran status, or any other characteristic protected by law.
Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal, state and local ordinances.
Starbucks Coffee Company is committed to offering reasonable accommodations to job applicants with disabilities. If you need assistance or an accommodation due to a disability, please contact us at applicantaccommodation@starbucks.com or 1(888) 611-2258.
