IT Architect, Security (Hybrid) at Eversource Energy

Berlin, Connecticut, United States

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years)Experience Level

Full TimeJob Type

NoVisa

Energy, UtilitiesIndustries

Requirements

Bachelor’s degree in Information Systems or a related technical field or equivalent experience
5+ years applied experience in application security or related position
Background performing cybersecurity code analysis, including identifying and resolving false positives, explaining vulnerabilities in simple terms to project teams, and providing remediation recommendations to development teams
Experience with software composition analysis and tools to scan source and binary code for identifying dependency vulnerabilities
Experience with implementing and using static and dynamic analysis tools
Experience performing pentesting
Authorization to work in the United States (no sponsorship for work visas)
Ability to work hybrid schedule (at least three days in office, including Tuesdays and Wednesdays, up to five days if needed)

Responsibilities

Assess current design and codebase to identify areas in need of improvement and work with project teams to resolve security issues
Work seamlessly with Eversource developers to ensure successful adoption of required security approaches and capabilities
Conduct threat modeling for new and existing applications
Perform security testing such as static code analysis, pentesting, and dynamic application security testing
Apply cybersecurity background to perform code analysis when resolving false positives and provide remediation recommendations
Establish application security requirements based on company standards and industry best practices
Develop and maintain infrastructure as code security policies
Test and evaluate security tools and products
Deliver project level planning, design, and implementation of security solutions and controls related to Secure Software Development Life Cycle (SSDLC), e.g., code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning
Get deeply involved in security issues around secure coding and secure design, assist others in resolving security issues by offering alternative coding solutions
Work with project teams to incorporate security into the design architecture
Promote a security mindset, educate application developers on Eversource security practices, and cultivate a security culture across developers, project teams, and business areas
Interact with technology and business colleagues associated with projects to remain at the forefront of industry trends, best practices, and technological advances in application cybersecurity

Skills

Key technologies and capabilities for this role

SSDLCThreat ModelingStatic Code AnalysisDynamic Application ScanningCode ReviewRisk AssessmentsSecure CodingSecure DesignCybersecurity Architecture

Questions & Answers

Common questions about this position

What is the work arrangement for this role?

This is a hybrid role requiring employees to work at least three days in the office, including Tuesdays and Wednesdays, with the third day set by the employee and supervisor based on department needs. All applicants must be able to work up to five days in the office if needed for emergencies, training, or other business needs.

What are the key skills required for the Application Security Architect role?

Key skills include expertise in Secure Software Development Life Cycle (SSDLC) such as code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning; secure coding and design; conducting threat modeling and security testing like pentesting; and code analysis to resolve issues.

What does the team structure look like for this position?

You will work as part of the Cybersecurity Architecture team within the Cybersecurity, Network, and Compliance organization, alongside other cybersecurity specialists, and collaborate across multiple business lines and technical domains.

What is the company culture like regarding security?

The role involves promoting a security mindset, educating developers on Eversource security practices, and cultivating a security culture through interactions with developers, project teams, and business areas.

What makes a strong candidate for this IT Architect, Security role?

Strong candidates have deep expertise in application security, including SSDLC practices, threat modeling, security testing, and secure coding, and can work seamlessly with developers and project teams to resolve issues and promote security adoption.