Eversource Energy
Lead Application Security Architect (Hybrid)
Eversource Energy, Berlin, Connecticut, United States
Overview
Lead Application Security Architect (Hybrid) at Eversource Energy. This is a hybrid role. The first three months are full-time in the office. Responsibilities
Cultivate security culture with product technology and business colleagues. Build a vision around the next level of security maturity for application developers, with inputs from the security organization and work with Cyber Security leadership to deliver on that idea. This vision must enable business outcomes and continuously raise the security bar. Serve as an application security thought leader. Learn from multiple projects and cybersecurity teams and share best practices. Be recognized as the enterprise point of escalation and subject matter expert for Application Security and IT Risk. Advise leadership on cyber risk and help prioritize initiatives with the greatest ROI. Act with urgency in managing emerging issues. Proactively monitor Key Risk Indicators to identify, quantify, communicate, and manage issues in a timely manner, including recommendations for resolution and root-cause analysis. Enable and partner with application architects and engineering leaders to design secure, scalable, and resilient applications. Lead Application Security for multiple cybersecurity architecture and process implementations across business lines to achieve security objectives. Foster a culture of innovation, collaboration, and continuous improvement within the Application Security team. Act as the primary interface with senior leaders, stakeholders, and executives to drive consensus across competing cybersecurity objectives. Qualifications
Experience with and ability to express security concerns in the following languages: VB .Net, Python, YAML, Terraform. Demonstrates ingenuity, creativity, and resourcefulness. Extensive organizational and project management expertise; knowledge of related disciplines. May be viewed as an expert within a given field. Formal training or certification in software engineering concepts plus 5+ years of applied experience. Experience leading teams of architects that design cybersecurity solutions and operations on cloud-based platforms and applications. Hands-on experience delivering enterprise-level security solutions and controls, including: SSDLC (code review, risk assessments, threat modeling, static/dynamic analysis), modern security engineering/architecture (microservices, containers, orchestration, CI/CD, API-first), and service delivery and integration. Hands-on experience in cybersecurity architecture across multiple businesses, functions, and systems; reviewing and securing cloud-based products and solutions (public cloud, external-facing web, mobile). Experience growing and leading large, cross-functional teams of technologists. Subject matter expertise across multiple security domains (e.g., mobile, application security, vulnerability reduction, data protection, encryption, logging/monitoring, network security). Proven ability to influence across highly matrixed organizations and deliver value at scale. Experience leading complex projects and supporting system design, testing, and operational stability. Experience hiring, developing, and recognizing talent. Experience in Cross Domain Solutions and Zero-Trust Architecture; excellent communication and interpersonal skills for conveying technical concepts to non-technical audiences. Experience in regulated industries with technology standards, frameworks, compliance, and industry practices (e.g., NIST, ISO, PCI, SOC, CIP). Exposure to Agile methodologies and DEVSECOPS environments. Experience leading mid to large security initiatives and managing small teams. Experience scripting and coding. Experience
10 years related experience, including 5 years in senior cybersecurity roles, with exposure to cross-domain solutions and modern security practices. Licenses & Certifications
Cloud certifications from major providers (e.g., AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect) or equivalent (e.g., ISC2). Systems Security Certified Practitioner (SSCP). Certified Information Systems Security Professional (CISSP). Education
Bachelors Degree in Engineering, Computer Science, Data Science, Information Technology, or related field. Compensation and Benefits
Eversource offers a competitive total rewards program. Salary is commensurate with experience. This position is eligible for potential incentives. Other Details
Worker Type: Regular Number of Openings: 1 Emergency Response: You may be required to respond to emergencies outside of normal responsibilities, hours, and location. EEO Statement: Eversource Energy is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to age, race, color, sex, sexual orientation, gender identity, national origin, religion, disability status, or protected veteran status.
#J-18808-Ljbffr
Lead Application Security Architect (Hybrid) at Eversource Energy. This is a hybrid role. The first three months are full-time in the office. Responsibilities
Cultivate security culture with product technology and business colleagues. Build a vision around the next level of security maturity for application developers, with inputs from the security organization and work with Cyber Security leadership to deliver on that idea. This vision must enable business outcomes and continuously raise the security bar. Serve as an application security thought leader. Learn from multiple projects and cybersecurity teams and share best practices. Be recognized as the enterprise point of escalation and subject matter expert for Application Security and IT Risk. Advise leadership on cyber risk and help prioritize initiatives with the greatest ROI. Act with urgency in managing emerging issues. Proactively monitor Key Risk Indicators to identify, quantify, communicate, and manage issues in a timely manner, including recommendations for resolution and root-cause analysis. Enable and partner with application architects and engineering leaders to design secure, scalable, and resilient applications. Lead Application Security for multiple cybersecurity architecture and process implementations across business lines to achieve security objectives. Foster a culture of innovation, collaboration, and continuous improvement within the Application Security team. Act as the primary interface with senior leaders, stakeholders, and executives to drive consensus across competing cybersecurity objectives. Qualifications
Experience with and ability to express security concerns in the following languages: VB .Net, Python, YAML, Terraform. Demonstrates ingenuity, creativity, and resourcefulness. Extensive organizational and project management expertise; knowledge of related disciplines. May be viewed as an expert within a given field. Formal training or certification in software engineering concepts plus 5+ years of applied experience. Experience leading teams of architects that design cybersecurity solutions and operations on cloud-based platforms and applications. Hands-on experience delivering enterprise-level security solutions and controls, including: SSDLC (code review, risk assessments, threat modeling, static/dynamic analysis), modern security engineering/architecture (microservices, containers, orchestration, CI/CD, API-first), and service delivery and integration. Hands-on experience in cybersecurity architecture across multiple businesses, functions, and systems; reviewing and securing cloud-based products and solutions (public cloud, external-facing web, mobile). Experience growing and leading large, cross-functional teams of technologists. Subject matter expertise across multiple security domains (e.g., mobile, application security, vulnerability reduction, data protection, encryption, logging/monitoring, network security). Proven ability to influence across highly matrixed organizations and deliver value at scale. Experience leading complex projects and supporting system design, testing, and operational stability. Experience hiring, developing, and recognizing talent. Experience in Cross Domain Solutions and Zero-Trust Architecture; excellent communication and interpersonal skills for conveying technical concepts to non-technical audiences. Experience in regulated industries with technology standards, frameworks, compliance, and industry practices (e.g., NIST, ISO, PCI, SOC, CIP). Exposure to Agile methodologies and DEVSECOPS environments. Experience leading mid to large security initiatives and managing small teams. Experience scripting and coding. Experience
10 years related experience, including 5 years in senior cybersecurity roles, with exposure to cross-domain solutions and modern security practices. Licenses & Certifications
Cloud certifications from major providers (e.g., AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect) or equivalent (e.g., ISC2). Systems Security Certified Practitioner (SSCP). Certified Information Systems Security Professional (CISSP). Education
Bachelors Degree in Engineering, Computer Science, Data Science, Information Technology, or related field. Compensation and Benefits
Eversource offers a competitive total rewards program. Salary is commensurate with experience. This position is eligible for potential incentives. Other Details
Worker Type: Regular Number of Openings: 1 Emergency Response: You may be required to respond to emergencies outside of normal responsibilities, hours, and location. EEO Statement: Eversource Energy is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to age, race, color, sex, sexual orientation, gender identity, national origin, religion, disability status, or protected veteran status.
#J-18808-Ljbffr