Apply on Employer Site

Eversource Energy · 1 week ago

IT Application Security Architect (Hybrid)

Westwood, MA

Full-time

Hybrid

Senior Level

$134K/yr - $149K/yr

5+ years exp

Eversource Energy is a company focused on providing energy solutions, and they are seeking an Application Security Architect to join their Cybersecurity Architecture team. In this role, you will be responsible for planning, designing, and implementing security solutions related to the Secure Software Development Life Cycle, while collaborating with various teams to promote a security culture and address security issues.

DeliveryElectrical DistributionEnergyEnergy EfficiencyNatural ResourcesOil and GasRenewable EnergyStaffing Agency

No H1B

Responsibilities

Assess the current design and codebase to identify areas in need of improvement. Work with members of project teams to resolve security issues

Must work seamlessly with the Eversource developers to ensure the successful adoption of required security approaches and capabilities

Conduct threat modeling for new and existing applications. Perform security testing such as static code analysis, pentesting, and dynamic application security testing

Apply a cybersecurity background to perform code analysis when resolving false positives and provide remediation recommendations

Establish application security requirements based on company standards and industry best practices

Develop and maintain infrastructure as code security policies

Test and evaluate security tools, and products

Qualification

Application SecurityCybersecurity Code AnalysisStaticDynamic AnalysisDevSecOpsCloud MethodologyCICD WorkflowsPenetration TestingCheckmarxBurp SuiteContrastAzure CertificationCISSPCCSPOSCPCommunication SkillsTeam Collaboration

Required

Bachelor's degree in Information Systems or a related technical field or equivalent experience

5+ years applied experience in application security or related position

Must have a background performing cybersecurity code analysis. This includes identifying and resolving false positives, explaining vulnerabilities in simple terms to project teams, and providing remediation recommendations to development teams

Experience with software composition analysis and tools to scan source and binary code for the purpose of identifying dependency vulnerabilities

Experience with implementing and using static and dynamic analysis tools

Experience performing penetration testing is preferred

Experience using and/or maintaining Checkmarx, Burp Suite, or Contrast preferred

Experience with DevSecOps

Experience with automating security operations within CICD workflows preferred

Experience in writing code using a major programming language is preferred. Specifically, .NET

Experience with cloud methodology and terminology

Experience working with cloud-based platforms and applications

Exhibits an exceptional degree of ingenuity, creativity and/or resourcefulness

Produce high quality oral and written work, presenting complex technical matters clearly and concisely with audiences ranging from peers to Sr. Management

Familiarity with current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy