Eversource Energy
Lead Application Security Architect (Hybrid)
Eversource Energy, Manchester, New Hampshire, us, 03103
Overview
Lead Application Security Architect (Hybrid) Role and Scope of Position: As the Lead Application Security Architect, and as part of the Cybersecurity Architecture team at Eversource, you will lead a team that works alongside other cybersecurity specialists within the Cybersecurity, Network, and Compliance organization. You’ll have the opportunity to shape Application Security and collaborate across multiple business lines and technical domains. One of your primary tasks will be a focus on security issues involving secure coding and secure design. You will lead a team and assist others in resolving security issues by offering alternative coding solutions and other means. You will also work with project teams and business management to promote a security mindset. The Lead Application Security Architect will interact closely with the technology and business colleagues associated with projects. They will deliver project level planning, design, and implementation of security solutions and controls related to Secure Software Development Life Cycle (SSDLC) (e.g. code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning). You will aid the firm in remaining at the forefront of industry trends, best practices, and technological advances in application cybersecurity. Responsibilities
Lead Application Security for multiple cybersecurity architecture and process implementations across business lines to achieve security objectives. Cultivate security culture with product technology and business colleagues; build a vision around the next level of security maturity for application developers, with inputs from the security organization and security leadership. Serve as an application security thought leader and primary escalation point for AppSec and IT risk; advise leadership on prioritizing initiatives with greatest ROI. Foster a culture of innovation, collaboration, and continuous improvement by developing and maintaining security policies, testing and evaluating security tools and products. Technical Knowledge / Skills / Education / Licenses / Certifications
Technical Knowledge / Skill: 5+ years of senior level Cyber Security experience required. Experience leading mid to large security initiatives and managing small teams within Security. Background performing cybersecurity code analysis; ability to explain vulnerabilities to project teams and serve as escalation point for the AppSec team. Excellent communications and interpersonal skills; ability to convey technical aspects to non-technical audiences. Experience with DevSecOps and Agile methodology. Ability to produce high quality oral and written work for audiences from peers to Sr. Management. Experience with cloud methodology and terminology; experience with cloud-based platforms and applications; Azure preferred. Experience with static and dynamic analysis tools; familiarity with Checkmarx, Burp Suite, or Contrast preferred; penetration testing experience preferred. Experience automating security operations within CI/CD workflows preferred. Experience in coding with a major language; .NET preferred. Familiarity with laws, regulations, standards, and ethical requirements related to information security and privacy. Education:
Bachelor’s Degree in Engineering, Computer Science, Data Science, Information Technology or related field Experience:
10 years related experience that includes 5 years of senior level cyber security experience, and experience in: Cross Domain Solutions; excellent communications; experience in regulated industries with standards such as NIST, ISO, PCI, SOC, CIP; exposure to Agile and DEVSECOPS; leading mid to large security initiatives. Licenses & Certifications:
Cloud technology certification from major provider (e.g., AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect) or ISC2; security certifications such as CISSP, CCSP, Azure certifications, HTB CSTP, or OSCP preferred. Working Conditions
Must be available to work emergency restoration assignments as required. Must be available to travel between MA/CT/NH as necessary. Compensation and Benefits
Eversource offers a competitive total rewards program. Salary is commensurate with experience. This position is eligible for a potential incentive. The annual salary range for this position is $156,260.00-$173,620.00. Other Details
Worker Type: Regular Number of Openings: 1 Emergency Response: Responding to emergency situations to meet customers’ needs is part of every employee’s role. If employed, you may be assigned an Emergency Restoration assignment outside normal responsibilities, hours, or location. EEO Statement: Eversource Energy is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration without regard to age, race, color, sex, sexual orientation, gender identity, national origin, religion, disability status, or protected veteran status. VEVRAA Federal Contractor Competencies: Build trusting relationships; Manage and develop people; Foster teamwork and cross-functional collaboration; Lead change; Communicate strategic vision; Create an engaged workforce; Focus on the customer; Take ownership & accountability. Seniority level: Mid-Senior level Job function: Information Technology Industries: Utilities and Oil and Gas Note: Referrals increase your chances of interview; sign in to set job alerts for related roles.
#J-18808-Ljbffr
Lead Application Security Architect (Hybrid) Role and Scope of Position: As the Lead Application Security Architect, and as part of the Cybersecurity Architecture team at Eversource, you will lead a team that works alongside other cybersecurity specialists within the Cybersecurity, Network, and Compliance organization. You’ll have the opportunity to shape Application Security and collaborate across multiple business lines and technical domains. One of your primary tasks will be a focus on security issues involving secure coding and secure design. You will lead a team and assist others in resolving security issues by offering alternative coding solutions and other means. You will also work with project teams and business management to promote a security mindset. The Lead Application Security Architect will interact closely with the technology and business colleagues associated with projects. They will deliver project level planning, design, and implementation of security solutions and controls related to Secure Software Development Life Cycle (SSDLC) (e.g. code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning). You will aid the firm in remaining at the forefront of industry trends, best practices, and technological advances in application cybersecurity. Responsibilities
Lead Application Security for multiple cybersecurity architecture and process implementations across business lines to achieve security objectives. Cultivate security culture with product technology and business colleagues; build a vision around the next level of security maturity for application developers, with inputs from the security organization and security leadership. Serve as an application security thought leader and primary escalation point for AppSec and IT risk; advise leadership on prioritizing initiatives with greatest ROI. Foster a culture of innovation, collaboration, and continuous improvement by developing and maintaining security policies, testing and evaluating security tools and products. Technical Knowledge / Skills / Education / Licenses / Certifications
Technical Knowledge / Skill: 5+ years of senior level Cyber Security experience required. Experience leading mid to large security initiatives and managing small teams within Security. Background performing cybersecurity code analysis; ability to explain vulnerabilities to project teams and serve as escalation point for the AppSec team. Excellent communications and interpersonal skills; ability to convey technical aspects to non-technical audiences. Experience with DevSecOps and Agile methodology. Ability to produce high quality oral and written work for audiences from peers to Sr. Management. Experience with cloud methodology and terminology; experience with cloud-based platforms and applications; Azure preferred. Experience with static and dynamic analysis tools; familiarity with Checkmarx, Burp Suite, or Contrast preferred; penetration testing experience preferred. Experience automating security operations within CI/CD workflows preferred. Experience in coding with a major language; .NET preferred. Familiarity with laws, regulations, standards, and ethical requirements related to information security and privacy. Education:
Bachelor’s Degree in Engineering, Computer Science, Data Science, Information Technology or related field Experience:
10 years related experience that includes 5 years of senior level cyber security experience, and experience in: Cross Domain Solutions; excellent communications; experience in regulated industries with standards such as NIST, ISO, PCI, SOC, CIP; exposure to Agile and DEVSECOPS; leading mid to large security initiatives. Licenses & Certifications:
Cloud technology certification from major provider (e.g., AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect) or ISC2; security certifications such as CISSP, CCSP, Azure certifications, HTB CSTP, or OSCP preferred. Working Conditions
Must be available to work emergency restoration assignments as required. Must be available to travel between MA/CT/NH as necessary. Compensation and Benefits
Eversource offers a competitive total rewards program. Salary is commensurate with experience. This position is eligible for a potential incentive. The annual salary range for this position is $156,260.00-$173,620.00. Other Details
Worker Type: Regular Number of Openings: 1 Emergency Response: Responding to emergency situations to meet customers’ needs is part of every employee’s role. If employed, you may be assigned an Emergency Restoration assignment outside normal responsibilities, hours, or location. EEO Statement: Eversource Energy is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration without regard to age, race, color, sex, sexual orientation, gender identity, national origin, religion, disability status, or protected veteran status. VEVRAA Federal Contractor Competencies: Build trusting relationships; Manage and develop people; Foster teamwork and cross-functional collaboration; Lead change; Communicate strategic vision; Create an engaged workforce; Focus on the customer; Take ownership & accountability. Seniority level: Mid-Senior level Job function: Information Technology Industries: Utilities and Oil and Gas Note: Referrals increase your chances of interview; sign in to set job alerts for related roles.
#J-18808-Ljbffr