Apply on Employer Site

Eversource Energy · 11 hours ago

Lead Application Security Architect (Hybrid)

Berlin, CT

Full-time

Hybrid

Senior Level, Lead/Staff

$156K/yr - $174K/yr

10+ years exp

Eversource Energy is a leading energy company, and they are seeking a Lead Application Security Architect to join their Cybersecurity Architecture team. The role involves leading a team to address security issues, promote a security mindset across business lines, and implement security solutions related to Secure Software Development Life Cycle (SSDLC).

DeliveryElectrical DistributionEnergyEnergy EfficiencyNatural ResourcesOil and GasRenewable EnergyStaffing Agency

No H1B

Responsibilities

Lead Application Security for multiple cybersecurity architecture and process implementations across business lines to achieve security objectives

Cultivate security culture with your product technology and business colleagues

Build a vision around the next level of security maturity for application developers, with inputs from the security organization and work with Cyber Security leadership to deliver on that idea

Serve as an application security thought leader

Be recognized in the enterprise as the clear point of escalation and subject matter expert for Application Security and associated IT Risk

Serve as an appsec cyber risk advisor to the leadership team and help prioritize initiatives with the greatest ROI

Foster a culture of innovation, collaboration, and continuous improvement by developing and maintaining security policies, and testing and evaluating security tools and products

Qualification

Cyber Security experienceApplication SecurityDevSecOpsCloud platformsStaticDynamic analysis toolsCICD workflows.NET programmingAgile methodologySecurity policiesRisk assessmentsThreat modelingPenetration testingSecurity cultureInnovationCommunication skillsInterpersonal skillsTeam leadership

Required

5+ years of senior level Cyber Security experience required

Must have experience leading mid to large security initiatives and managing small teams within Security

Must have a background performing cybersecurity code analysis. This includes identifying and resolving false positives, explaining vulnerabilities in simple terms to project teams, and serving as an escalation point for the appsec team

Must have excellent communications and interpersonal skills and should be able to convey technical aspects to personnel who may not be well-versed in those areas

Must have experience with DevSecOps and Agile methodology

Must be able to produce high quality oral and written work, presenting complex technical matters clearly and concisely with audiences ranging from peers to Sr. Management

Experience with cloud methodology and terminology. Experience working with cloud-based platforms and applications

Experience with implementing and using static and dynamic analysis tools

Bachelor's Degree in Engineering, Computer Science, Data Science, Information Technology or related experience

10 years related experience that includes 5 years of Senior level cyber security experience

Experience in Cross Domain Solutions

Experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice / standards (e.g. NIST, ISO, PCI, SOC, CIP)

Exposure to projects using an Agile methodology and DEVSECOPS environment

Experience leading mid to large security initiatives

Certification in Public Cloud Technology from one of the major Cloud Service Providers (e.g. AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect) or prominent independent organization such as ISC2