Best Buy places the highest importance on the confidentiality, availability and integrity of customer, company and employee information. As a member of Best Buy’s Enterprise Risk and Compliance (ERC) team, you will play a critical role to ensure that customer, company and employee information is secure while enabling technology and business partners throughout Best Buy to innovate and provide superior customer care in our stores, online and through our various contact channels.
This role is hybrid, which means you will work some days at our corporate office in Richfield, Minnesota, and some days virtually from home or another non-Best Buy location. You must be located within a commutable distance of our Richfield, Minnesota headquarters. The specific work arrangements may vary by role and team. The recruiter or hiring manager will provide more details during the hiring process.

BASIC QUALIFICATIONS

• 4 or more years of experience performing application security assessments and/or penetration tests in a corporate environment.
• Experience with intercepting proxies, dynamic analysis tools (DAST), and static analysis tools (SAST).
• Understanding of application security vulnerabilities, testing techniques, and the OWASP framework.
• Familiarity with popular web application languages and platforms such as JavaScript, HTML, Python, .NET, Java or similar.
• Knowledge of secure development of web applications (SDLC), mobile applications or thick client applications.
• General curiosity to learn, ask questions and help others.

PREFERRED QUALIFICATIONS

• Industry relevant certifications (CISSP, OSCP, CISA, GPEN) and/or training.
• Understanding of enterprise network architecture and protocols.
• Previous or current software development experience.
• Experience in Red & Purple Team engagements.

ABOUT US

As part of the Best Buy team, you’ll help us fulfill our purpose to enrich lives through technology. We bring that to life every day by humanizing and personalizing tech solutions for every stage of life — in our stores, online, and in customers’ homes.
Our culture is built on deeply supporting and valuing our amazing employees who make it all possible. We’re committed to being a great place to work, where you can unlock unique career possibilities. Above all, we aim to provide a place where you can bring your full, authentic self to work now and into the future. Tomorrow works here.™
Best Buy is an equal opportunity employer.
Position Type: Full tim

• Perform application security and penetration testing on Best Buy Applications and Systems.
• Assess and report security weaknesses and their risk according to Best Buy’s application penetration testing methodology.
• Document identified security weaknesses in Best Buy systems and provide detailed reports to appropriate development and business teams.
• Develop and share a point of view on risk-based, cost-effective remediation options for identified security weaknesses.
• Work directly with Best Buy development teams to provide remediation guidance for identified security weaknesses and perform fix validations when requested.
• Configure and operate security assessment tools such as BURP Pro and HCL AppScan.
• Perform personal research to stay current on security trends, new vulnerabilities, and technology.
• Provide technical mentorship to other team members, analysts and peers.
• Brief ERC Application Security leadership on assessment results, activities performed, and evaluation of potential risks.
• Identify testing methodology or process improvements and make recommendations to ERC Application Security leadership.