Posted in

Lead Application Security Architect

Lead Application Security Architect

CompanyEversource Energy
LocationNew Britain, CT, USA, Norwood, MA, USA
Salary$156260 – $173620
TypeFull-Time
DegreesBachelor’s
Experience LevelSenior, Expert or higher

Requirements

  • Has experience with and is fluent in expressing security concerns within the following languages: VB .Net, Python, YAML, Terraform
  • Formal training or certification on software engineering concepts and 5+ years applied experience.
  • Experience running teams of architects that design cybersecurity solutions operations on cloud-based platforms and applications.
  • Hands-on practical experience delivering enterprise level planning, design, and implementation of enterprise-level security solutions and controls related to: Secure Software Development Life Cycle (SSDLC) (e.g. code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning), Modern Security Engineering/Architecture practices (e.g. micro services, containers, orchestration, continuous integration & delivery pipelines, API first, service delivery & integration, OWASP Top 10), Solution Development & Delivery
  • Hands-on practical experience in cybersecurity architecture that can be applied and repeated across businesses, functions, and systems. Experience reviewing and securing cybersecurity products and solutions for public cloud-based applications and infrastructure, external-facing web-based solutions, and mobile.
  • Experience growing and leading large, cross-functional teams of technologists.
  • Subject matter expertise in multiple security domains (e.g., mobile, application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security, etc.)
  • Demonstrated prior experience influencing across highly matrixed, complex organizations and delivering value at scale.
  • Experience leading complex projects and supporting system design, testing, and operational stability.
  • Experience hiring, developing, and recognizing talent.
  • 10 years related experience that includes 5 years of Senior level cyber security experience.
  • Experience in Cross Domain Solutions
  • Familiarity with Zero-Trust Architecture
  • Must have excellent communications and interpersonal skills and should be able to convey technical aspects to personnel who may not be well-versed in those areas.
  • Experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice / standards (e.g. NIST, ISO, PCI, SOC, CIP).
  • Exposure to projects using an Agile methodology and DEVSECOPS environment.
  • Experience leading mid to large security initiatives and managing small teams.
  • Should have experience scripting and coding.

Responsibilities

  • Cultivate security culture with your product technology and business colleagues. Build a vision around the next level of security maturity for application developers, with inputs from the security organization and work with Cyber Security leadership to deliver on that idea.
  • Serve as an application security thought leader. Learn from your many projects and cybersecurity teams and share best practices in both directions.
  • Act with urgency managing emerging issues. Proactively monitor Key Risk Indicators to ensure issues are identified, quantified, communicated, and managed in a timely manner, including recommendations for resolution, and identifying the root cause/key themes.
  • Enable and partner with application architects and engineering leaders to design secure, scalable, and resilient applications.
  • Leads Application Security for multiple cybersecurity architecture and process implementations across business lines to achieve security objectives.
  • Fosters a culture of innovation, collaboration, and continuous improvement within the Application Security team.
  • Acts as the primary interface with senior leaders, stakeholders, and executives to drive consensus across competing cyber security objectives.

Preferred Qualifications

  • Certification in Public Cloud Technology from one of the major Cloud Service Providers (e.g. AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect) or prominent independent organization such as ISC2.
  • Systems Security Certified Practitioner (SSCP) certification
  • Certified Information Systems Security Professional (CISSP)
  • Bachelor’s Degree in Engineering, Computer Science, Data Science, Information Technology or related experience